O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Python for Offensive PenTest

Book Description

Your one-stop guide to using Python, creating your own hacking tools, and making the most out of resources available for this programming language

About This Book
  • Comprehensive information on building a web application penetration testing framework using Python
  • Master web application penetration testing using the multi-paradigm programming language Python
  • Detect vulnerabilities in a system or application by writing your own Python scripts
Who This Book Is For

This book is for ethical hackers; penetration testers; students preparing for OSCP, OSCE, GPEN, GXPN, and CEH; information security professionals; cybersecurity consultants; system and network security administrators; and programmers who are keen on learning all about penetration testing.

What You Will Learn
  • Code your own reverse shell (TCP and HTTP)
  • Create your own anonymous shell by interacting with Twitter, Google Forms, and SourceForge
  • Replicate Metasploit features and build an advanced shell
  • Hack passwords using multiple techniques (API hooking, keyloggers, and clipboard hijacking)
  • Exfiltrate data from your target
  • Add encryption (AES, RSA, and XOR) to your shell to learn how cryptography is being abused by malware
  • Discover privilege escalation on Windows with practical examples
  • Countermeasures against most attacks
In Detail

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script.

This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment.

By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.

Style and approach

This book follows a practical approach that takes a gradual learning curve, building up your knowledge about ethical hacking, right from scratch. The focus is less on theory and more on practical examples through a step-by-step approach.

Downloading the example code for this book You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Python for Offensive PenTest
  3. Packt Upsell
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the author
    2. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Download the color images
      3. Conventions used
    4. Get in touch
      1. Reviews
  6. Warming up – Your First Antivirus-Free Persistence Shell
    1. Preparing the attacker machine
      1. Setting up internet access
    2. Preparing the target machine
    3. TCP reverse shell
      1. Coding a TCP reverse shell
        1. Server side
        2. Client side
      2. Data exfiltration – TCP
        1. Server side
        2. Client side
      3. Exporting to EXE
    4. HTTP reverse shell
      1. Coding the HTTP reverse shell
        1. Server side
        2. Client side
      2. Data exfiltration – HTTP
        1. Client side
        2. Server side
      3. Exporting to EXE
    5. Persistence
      1. Making putty.exe persistent
      2. Making a persistent HTTP reverse shell
    6. Tuning the connection attempts
    7. Tips for preventing a shell breakdown
    8. Countermeasures
    9. Summary
  7. Advanced Scriptable Shell
    1. Dynamic DNS
      1. DNS aware shell
    2. Interacting with Twitter
      1. Parsing a tweet in three lines
      2. Countermeasures
    3. Replicating Metasploit's screen capturing
    4. Replicating Metasploit searching for content
      1. Target directory navigation
    5. Integrating low-level port scanner
    6. Summary
  8. Password Hacking
    1. Antivirus free keylogger
      1. Installing pyHook and pywin
      2. Adding code to keylogger
    2. Hijacking KeePass password manager
    3. Man in the browser
      1. Firefox process
    4. Firefox API hooking with Immunity Debugger
    5. Python in Firefox proof of concept (PoC)
    6. Python in Firefox EXE
    7. Dumping saved passwords out of Google Chrome
      1. Acquiring the password remotely
    8. Submitting the recovered password over HTTP session
      1. Testing the file against antivirus
    9. Password phishing – DNS poisoning
      1. Using Python script
    10. Facebook password phishing
    11. Countermeasures
      1. Securing the online account
      2. Securing your computer
      3. Securing your network
      4. Keeping a watch on any suspicious activity
    12. Summary
  9. Catch Me If You Can!
    1. Bypassing host-based firewalls
      1. Hijacking IE
    2. Bypassing reputation filtering in next generation firewalls
      1. Interacting with SourceForge
      2. Interacting with Google Forms
    3. Bypassing botnet filtering
      1. Bypassing IPS with handmade XOR encryption
    4. Summary
  10. Miscellaneous Fun in Windows
    1. Privilege escalation – weak service file
    2. Privilege escalation – preparing vulnerable software
    3. Privilege escalation – backdooring legitimate windows service
    4. Privilege escalation – creating a new admin account and covering the tracks
    5. Summary
  11. Abuse of Cryptography by Malware
    1. Introduction to encryption algorithms
    2. Protecting your tunnel with AES – stream mode
      1. Cipher Block Chaining (CBC) mode encryption
      2. Counter (CTR) mode encryption 
    3. Protecting your tunnel with RSA
    4. Hybrid encryption key
    5. Summary
  12. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think