Overview of python misec - 2-2012

Overview of Python

Flying made simple without the

Nyquil hangover

Agenda• About me• History of Python• About Python• Python’s uses• Python basics (Python 101)• CSAW Crypto Redux• Extra credit• Resources• Tips, tricks, observations

Who am I?

• Husband/father/geek/gets distracted by shiny objects easy

• Career path switched to IT in 1999, professionally an IT guy since 2001– Started the infosec career path switch in 2009,

officially an infosec professional since 2012(?)• Vbscript – 2007• Python – 2011

About me

History of Python• Conceived in the late 1980’s by Guido van Rossum at CWI.

• Was designed to be a successor to the ABC programming language

• Benevolent Dictator for Life (BDFL)• Currently employed by Google where he spends half his time

working on Python development• Python 2.0 was release on October 16th, 2000

• Contained many major new features• Full garbage collector (automatic memory management) • Unicode support• Biggest change – development process with a shift towards

more transparent and community-backed process• Python 3.0 was released on December 2008

• Many major features have been back ported to Python 2.6 and 2.7

About Python• What is Python?

• Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive. Its use of indentation for block delimiters is unique among popular programming languages.

• Why is it called Python?• When he began implementing Python, Guido van Rossum was also

reading the published scripts from “Monty Python’s Flying Circus”, a BBC comedy series from the 1970s. Van Rossum thought he needed a name that was short, unique, and slightly mysterious, so he decided to call the language Python.• Fun fact - The built in IDE is named after Eric Idle, a member of

Monty Python.

What is Python good for?

• Python comes with a large standard library that covers areas such as; • string processing (regular expressions, Unicode, calculating differences between

files)• Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming)• software engineering (unit testing, logging, profiling, parsing Python code)• operating system interfaces (system calls, file systems, TCP/IP sockets)• Artificial intelligence (because of similarities to Lisp)

• Extensive use in the information security industry, including exploit development.

• Network, debugging and reverse engineering, fuzzing, web, forensics, malware analysis, PDF, etc.

• Easy to write short scripts for system admin work.• Python code is easy to understand.

• Once the basic syntax is learned, even the most complicated scripts can make sense.

• Python is cross platform!!• It will work on Linux, Windows, Mac and most every other OS.

• Many, many resources and a big, friendly community

Python’s uses• Website development

• Yahoo Maps• Yahoo Groups• Google• Shopzilla

• Security tools• Scapy - a powerful interactive packet manipulation program. It can replace hping,

arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark.• Scrapy - a fast high-level screen scraping and web crawling framework, used to

crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing.

• SET - specifically designed to perform advanced attacks against the human element.

• Artillery - a honeypot/monitoring/prevention tool used to protect Linux-based systems.

• W3af - a Web Application Attack and Audit Framework.• Pytbull - a python based flexible IDS/IPS testing framework shipped with more

than 300 tests, grouped in 9 modules, covering a large scope of attacks (clientSideAttacks, testRules, badTraffic, fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes, denialOfService, pcapReplay)

Python’s uses• Applications

• BitTorrent• DropBox

• Video games• Civilization IV• Battlefield 2• Eve Online• Vampire: The Masquerade –

Bloodlines• Graphics

• Industrial Light & Magic• "The Phantom Menace", "The

Mummy Returns" and other productions as ones where Python was used.

• Walt Disney Feature Animation• Science

• NASA• National Weather Service

• GUI frameworks• TKInter• PyQt• wxPython

• Embedded as a scripting language• Amarok• GIMP• Autodesk Maya

• Commercial uses• Google apps• Reddit• YouTube

• Government• CIA.gov

• Python implementations• Cpython• IronPython – Python for .NET

and Mono platforms• Jython – Python coded in Java

Python basics• Indentation does matter This will work But this won’t

if True: print "True" else: print "False“

if True: print "Answer" print "True" else: print "Answer" print "False"

• If, If.. Else, If… Elif (no Then)• Syntax is easy

If statement

Else statement

Elif statement

if expression: statement(s)

if expression: statement(s) else: statement(s)

if expression1: statement(s) elif expression2: statement(s) else: statement(s)

• All scripts are considered modules• All functions inside

module can be used or only certain methods can be used inside script

Entire module Partial methodimport sys from sys import argv

Python basics• Help is built in Help on modules Help on methods

>>> Import sys, hashlib>>> help(sys)>>> help(hashlib)

>>> pydoc sys>>> pydoc hashlib

>>> Import sys, hashlib>>> help(sys.argv)>>> help(hashlib.sha512)

>>> pydoc sys.argv>>> pydoc hashlib.sha512

• It can be ran interactively Via command prompt

Via IDLE or DreamPie

python

Python 2.72Type “help”, “copyright”..>>>

• IDLE is built in to Python installs

• DreamPie is a Python shell (best used on Linux)

Inspiration for the idea?

Post CSAW CTF

My approach – Post CSAW crypto challengesEach challenge 1. Encrypted message inside script –

Output is decrypted2. Encrypted message can be used as

an argument when calling script – Output is decrypted

3. Encrypted message can be read from a file for decrypting

Overall 4. One module for all decrypting,

each decryption style is a method

Challenge 1- Unicode

Challenge 2 – Hex

Challenge 3 – Binary

Challenge 4 – Base64

Challenge 5 – ROT13

Challenge 6 -

Script option 1 - inside script

Done Done Done * Done Done Incomplete

Script option 2 – argument

Done Done Done* Done Done Incomplete

Script option 3 – from file

Done Done Done* Done Done Incomplete

Script option 4 – from input (scrapped, 255 character limit)

n/a n/a n/a n/a n/a Incomplete

Overall – module with methods (CSAW_Crypto.py)

Success Success Success Success Success Incomplete

My overall scoreboard

* Found the code excerpt online

CSAW Crypto Redux

Crypto challenge # 1

Cipher text: 87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46

Answer

Welcome to the 2011 NYU Poly CSAW CTF event. We have planned many challenges for you and we hope you have fun solving them all. The key for this challenge is cryptography.

Wolfgang’s code private static string AsciiToString(string encodedString){ string[] encodedChars = encodedString.Split(' '); char[] decodedChars = new char[encodedChars.Length];

for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-10 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 10);

// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); }

return new string(decodedChars);}

Matt’s code$string=$null

[int[]]$array = ("87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46").Split(" ")

foreach($l in $array) { $string += [char]$l}

$string

My code

#!/usr/bin/python

Import syscode1 = (87,101,108,99,111,109,101,32,116,111,32,116,104,101,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,101,32,104,97,118,101,32,112,108,97,110,110,101,100,32,109,97,110,121,32,99,104,97,108,108,101,110,103,101,115,32,102,111,114,32,121,111,117,32,97,110,100,32,119,101,32,104,111,112,101,32,121,111,117,32,104,97,118,101,32,102,117,110,32,115,111,108,118,105,110,103,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32,107,101,121,32,102,111,114,32,116,104,105,115,32,99,104,97,108,108,101,110,103,101,32,105,115,32,99,114,121,112,116,111,103,114,97,112,104,121,46)

for i in code1: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)

Option # 1 – Encrypted message inside script – Output is decrypted

My codeOption # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted

#!/usr/bin/python

import sys

if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>\n")

code1 = (sys.argv[1])code_split = code1.split(':')

for i in code_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)

My code

#!/usr/bin/python

import binascii, sys

f = open ('unicode.txt', 'r')file = f.read()

code_split = file.split(':')

for decode in code_split: decode1 = int(decode) codefinal = chr(decode1) sys.stdout.write(codefinal)

f.close ( )

Option # 3 - Encrypted message can be read from a file for decrypting

CSAW Crypto Redux

Crypto challenge # 2

Cipher text: 54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:74:68:72:6f:77:2e

Answer

Last weeks meeting was a great success. We seem to be generating a lot of buzz about the movement. The key for next weeks meeting is resistance. If there is anyone else you know of that may be interested in joining bring them to the meeting this week. It will be held same time, same place.

Wolfgang’s codeprivate static string AsciiHexToString(string encodedString){ string[] encodedChars = encodedString.Split(':'); char[] decodedChars = new char[encodedChars.Length];

for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-16 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 16);

// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); }

return new string(decodedChars);}

Matt’s code$string = $null

$text = "54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:74:68:72:6f:77:2e"

$text.Split(':') | ForEach-Object {[Convert]::ToInt32($_,16)} | ForEach-Object {$string = $string + [Convert]::ToChar($_)}

$string

My code

#!/usr/bin/python

import binascii, sys

hex = '54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:\65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:\20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:\6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:\20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:\65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:\72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:\64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:\69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:\62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:\74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:\65:72:74:68:72:6f:77:2e'hex_split = hex.split(':')

for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)

Option # 1 – Encrypted message inside script – Output is decrypted

My code

#!/usr/bin/python

import sys, binascii

if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>\n")

code1 = (sys.argv[1])hex_split = code1.split(':')

for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)

Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted

My code

#!/usr/bin/python

import binascii, sys

f = open ('hex.txt', 'r')file = f.read()

hex_split = file.split(':')

for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)

f.close ( )

Option # 3 - Encrypted message can be read from a file for decrypting

CSAW Crypto ReduxCrypto challenge # 3

Cipher text: 0100110001100001011100110111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001110111011000010111001100100000011000010010000001100111011100100110010101100001011101000010000001110011011101010110001101100011011001010111001101110011001011100010000001010111011001010010000001110011011001010110010101101101001000000111010001101111001000000110001001100101001000000110011101100101011011100110010101110010011000010111010001101001011011100110011100100000011000010010000001101100011011110111010000100000011011110110011000100000011000100111010101111010011110100010000001100001011000100110111101110101011101000010000001110100011010000110010100100000011011010110111101110110011001010110110101100101011011100111010000101110001000000101010001101000011001010010000001101011011001010111100100100000011001100110111101110010001000000110111001100101011110000111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001101001011100110010000001110010011001010111001101101001011100110111010001100001011011100110001101100101001011100010000001001001011001100010000001110100011010000110010101110010011001010010000001101001011100110010000001100001011011100111100101101111011011100110010100100000011001010110110001110011011001010010000001111001011011110111010100100000011010110110111001101111011101110010000001101111011001100010000001110100011010000110000101110100001000000110110101100001011110010010000001100010011001010010000001101001011011100111010001100101011100100110010101110011011101000110010101100100001000000110100101101110001000000110101001101111011010010110111001101001011011100110011100100000011000100111001001101001011011100110011100100000011101000110100001100101011011010010000001110100011011110010000001110100011010000110010100100000011011010110010101100101011101000110100101101110011001110010000001110100011010000110100101110011001000000111011101100101011001010110101100101110001000000100100101110100001000000111011101101001011011000110110000100000011000100110010100100000011010000110010101101100011001000010000001110011011000010110110101100101001000000111010001101001011011010110010100101100001000000111001101100001011011010110010100100000011100000110110001100001011000110110010100101110

Answer

Last weeks meeting was a great success. We seem to be generating a lot of buzz about the movement. The key for next weeks meeting is resistance. If there is anyone else you know of that may be interested in joining bring them to the meeting this week. It will be held same time, same place.

Wolfgang’s codeprivate static string BinaryToString(string encodedString){ char[] decodedChars = new char[encodedString.Length / 8];

for (int i = 0; i < decodedChars.Length; i++) { // Convert the number in binary (base-2) to an integer int codeNum =

Convert.ToInt32(encodedString.Substring(i * 8, 8), 2);

// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars);}

Matt’s code$test = "0100110001100001011100110111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001110111011000010111001100100000011000010010000001100111011100100110010101100001011101000010000001110011011101010110001101100011011001010111001101110011001011100010000001010111011001010010000001110011011001010110010101101101001000000111010001101111001000000110001001100101001000000110011101100101011011100110010101110010011000010111010001101001011011100110011100100000011000010010000001101100011011110111010000100000011011110110011000100000011000100111010101111010011110100010000001100001011000100110111101110101011101000010000001110100011010000110010100100000011011010110111101110110011001010110110101100101011011100111010000101110001000000101010001101000011001010010000001101011011001010111100100100000011001100110111101110010001000000110111001100101011110000111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001101001011100110010000001110010011001010111001101101001011100110111010001100001011011100110001101100101001011100010000001001001011001100010000001110100011010000110010101110010011001010010000001101001011100110010000001100001011011100111100101101111011011100110010100100000011001010110110001110011011001010010000001111001011011110111010100100000011010110110111001101111011101110010000001101111011001100010000001110100011010000110000101110100001000000110110101100001011110010010000001100010011001010010000001101001011011100111010001100101011100100110010101110011011101000110010101100100001000000110100101101110001000000110101001101111011010010110111001101001011011100110011100100000011000100111001001101001011011100110011100100000011101000110100001100101011011010010000001110100011011110010000001110100011010000110010100100000011011010110010101100101011101000110100101101110011001110010000001110100011010000110100101110011001000000111011101100101011001010110101100101110001000000100100101110100001000000111011101101001011011000110110000100000011000100110010100100000011010000110010101101100011001000010000001110011011000010110110101100101001000000111010001101001011011010110010100101100001000000111001101100001011011010110010100100000011100000110110001100001011000110110010100101110"$string = $null$chars = while ($test.Length) {

$byte = $test.Substring(0,8)$test = $test.Substring(8)$([Convert]::ToChar([Convert]::ToByte($byte, 2)))

}$chars -join ""

#!/usr/bin/python

import math, sys# v = value to split, l = size of each chunk

f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]

basecode = f ('0100110001100001011100110111010000100000011101110110010101100101\0110101101110011001000000110110101100101011001010111010001101001011011100110011\1001000000111011101100001011100110010000001100001001000000110011101110010011001\0101100001011101000010000001110011011101010110001101100011011001010111001101110\0110010111000100000010101110110010100100000011100110110010101100101011011010010\0000011101000110111100100000011000100110010100100000011001110110010101101110011\0010101110010011000010111010001101001011011100110011100100000011000010010000001\1011000110111101110100001000000110111101100110001000000110001001110101011110100\1111010001000000110000101100010011011110111010101110100001000000111010001101000\0110010100100000011011010110111101110110011001010110110101100101011011100111010\0001011100010000001010100011010000110010100100000011010110110010101111001001000\0001100110011011110111001000100000011011100110010101111000011101000010000001110\1110110010101100101011010110111001100100000011011010110010101100101011101000110\1001011011100110011100100000011010010111001100100000011100100110010101110011011\0100101110011011101000110000101101110011000110110010100101110001000000100100101\1001100010000001110100011010000110010101110010011001010010000001101001011100110\0100000011000010110111001111001011011110110111001100101001000000110010101101100\0111001101100101001000000111100101101111011101010010000001101011011011100110111\1011101110010000001101111011001100010000001110100011010000110000101110100001000\0001101101011000010111100100100000011000100110010100100000011010010110111001110\1000110010101110010011001010111001101110100011001010110010000100000011010010110\1110001000000110101001101111011010010110111001101001011011100110011100100000011\0001001110010011010010110111001100111001000000111010001101000011001010110110100\1000000111010001101111001000000111010001101000011001010010000001101101011001010\1100101011101000110100101101110011001110010000001110100011010000110100101110011\0010000001110111011001010110010101101011001011100010000001001001011101000010000\0011101110110100101101100011011000010000001100010011001010010000001101000011001\0101101100011001000010000001110011011000010110110101100101001000000111010001101\0010110110101100101001011000010000001110011011000010110110101100101001000000111\00000110110001100001011000110110010100101110',8)

for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)

Option # 1 – Encrypted message inside script – Output is decrypted

My code

import sys, math

if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <binary code you wish to decode>\n")

f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]

basecode = f(sys.argv[1],8)

for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)

My codeOption # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted

#!/usr/bin/python

import math, sys

f = open ('binary.txt', 'r')file = f.read()

f1 = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]

basecode = f1(file,8)

for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)

f.close ( )

My codeOption # 3 - Encrypted message can be read from a file for decrypting

CSAW Crypto Redux

Crypto challenge # 4

Cipher text: VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==

Answer

That meeting was a little crazy. We have no idea where those guys in the black suits came from, but we are looking into it. Use the key infiltration for next week’s meeting. Stay with the cause and we will succeed.

Wolfgang’s code

private static string DecodeBase64ToString(string encodedString){ byte[] encodedAsBytes =

System.Convert.FromBase64String(encodedString); return

System.Text.UTF8Encoding.UTF8 .GetString(encodedAsBytes);

}

Matt’s code$text = "VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==“

$bytes = [System.Convert]::FromBase64String($text)

$string = [System.Text.Encoding]::UTF8.GetString($bytes)

$string

My code

#!/usr/bin/python

code3 = ("VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==")answer=code3.decode('base64','strict')print answer

Option # 1 – Encrypted message inside script – Output is decrypted

My code

#!/usr/bin/python

import sys

if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Base64 code you wish to decode>\n")

basecode = sys.argv[1]

answer=basecode.decode('base64','strict')

print "This is the encoded message : " + sys.argv[1]print "This is the decoded message : " + answer

Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted

My code

#!/usr/bin/python

f = open ('base64.txt', 'r')file = f.read()

answer=file.decode('base64','strict')print answer

f.close ( )

Option # 3 - Encrypted message can be read from a file for decrypting

CSAW Crypto Redux

Crypto challenge # 5

Cipher text: JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF JR'ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ.

We have discovered that our last three transmissions we're easily deciphered. We have taken care of the party responsible for their encoding and are now using a new method. Use the information provided at last week.s meeting to decipher all new messages. And remember, this week's key is obfuscated.

Answer

Wolfgang’s code (part 1)private static string RotToString(string encodedString, int rotation){ // Boundary check because this only works for ROT1 thru ROT26 if (rotation < 0 | rotation > 26) { throw new Exception("RotToString only supports ROT1 thru ROT26."); }

char[] encodedChars = encodedString.ToArray(); char[] decodedChars = new char[encodedChars.Length];

int A = Convert.ToInt32('A'); // 65 int Z = Convert.ToInt32('Z'); // 90 int a = Convert.ToInt32('a'); // 97 int z = Convert.ToInt32('z'); // 122

Wolfgang’s code (part 2)for (int i = 0; i < decodedChars.Length; i++) { int codeNum = Convert.ToInt32(encodedChars[i]);

// Rotate capital letters A-Z 65-90 if (codeNum >= A && codeNum <= Z) { codeNum = codeNum - rotation; if (codeNum < A) { codeNum = Z - (A - codeNum) + 1; } }

// Rotate lower-case letters a-z 97-122 if (codeNum >= a && codeNum <= z) { codeNum = codeNum - rotation; if (codeNum < a) { codeNum = z - (a - codeNum) + 1; } }

// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum);

Wolfgang’s code (part 3)return new string(decodedChars);}

Matt’s code

My code

#!/usr/bin/python

rot13 = ('JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF JR ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ.')

answer=rot13.decode('rot13','strict')print answer

Option # 1 – Encrypted message inside script – Output is decrypted

My code

#!/usr/bin/python

import sys

if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <ROT13 code you wish to decode>\n")

basecode = sys.argv[1]

answer=basecode.decode('rot13','strict')

print "This is the encoded message : " + sys.argv[1]print "This is the decoded message : " + answer

Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted

My code

#!/usr/bin/python

f = open ('rot13.txt', 'r')file = f.read()

answer=file.decode('rot13','strict')print answer

f.close ( )

Option # 3 - Encrypted message can be read from a file for decrypting

My final one – Encrypt/decrypt module#!/usr/bin/python

import sys

def hexdecode(hex_key): import binascii hex_split = hex_key.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)

def uni_decode(unicode_key): unicode_split=unicode_key.split(':') for i in unicode_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)

def base64_decode(base64_key): answer=base64_key.decode('base64','strict') print answer

def binary_decode(binary_key): import math f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f (binary_key,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)

def rot13_decode(rot13_key): answer=rot13_key.decode('rot13','strict') print answer

My final one – Encrypt/decrypt module

My final one – Encrypt/decrypt module

Extra credit

Script Function Learned Success?Webcheck_v1.py Monitor web server – verify it

remains up1. Script arguments2. Connect to web server and run a GET request

Yes

Webcheck_v2.py Monitor web server – verify it remains up (default to port 80)

1. Alternate script arguments method No

Subnetcalc.py Calculate subnet mask, broadcast address, network range, and gateway from IP/CIDR

1. Parse out values programmatically2. Math functions with variables3. Displaying results4. Using FOR loops

Yes

Pass.py Determines if users are using the original default assigned password

1. Use the crypt module No

Robotparser.py Retrieve the paths from the robot.txt No

root_check.py Checks to see what permissions logged in account has (normal user, root or system account)

1. Using IF and ELIF conditional statements Yes

Readshadow.py Checks to see if you have permission to read /etc/shadow

1. Tests permissions on files to see if current credentials can read file

Yes

Network_socket.py

Connect to website, pull contents (hard coded)

1. Network socket creation2. Spaces will bite you in the ass where you least

expect it.

Yes

Extra creditCoding for Penetration Testers book

Script Function Learned Success?

network_socket_argument.py

Connect to website, pull contents (site specified by argument)

1. Network socket creation2. Spaces will bite you in the ass where you

least expect it.

Yes

Server_connect.py Once a connection is made, send back a string

1. Network socket creation2. Allow incoming connections.

Yes

server_shell.py No

receiveICMP.py To receive a file from another system via ICMP (in conjunction with sendICMP.py)

1. Python script using Scapy Yes

sendICMP.py To send a file to another system via ICMP (in conjunction with receiveICMP.py)

1. Python script using Scapy Yes

Extra creditCoding for Penetration Testers book

Extra credit

Category Script

CSAW Crypto Redux – Challenge 1 to 5

Extra credit

Coding for Penetration Testers – part 1

Coding for Penetration Testers – part 2

Coding for Penetration Testers – part 3

Extra extra credit

Challenge 5 - ROT13

Challenge 4 - Base64

Challenge 3 - Binary

Network socket

SubnetcalcWebcheck_v1

All the scripts

root_check

Readshadow network_socket_argument

server_connect_scan

Server_connect

Challenge 2 - Hex

server_shell receiveICMP sendICMP scapy file send

CSAW_Crypto

Challenge 1 - Chr code

pass.py Robotparser

twitter_status Twitter_account_connect

Extra extra creditCoding for Pentesters - Exploitation

INCOMPLETE*

* IT WILL BE POSTED ON MY BLOG WHEN I CAN GET IT DONE.

Scapy

Extra extra credit• Packet creation

• Read PCAP files• Create graphical dumps

• Must have appropriate supporting tools installed

• Fuzzing• Send and receive packets• TCP traceroute (can do graphical dump

as well)• Sniffing• Send and receive files through

alternate data channels (ICMP)• Ping

• ARP ping• ICMP ping• TCP ping• UDP ping

• Wireless frame injection• OS Fingerprinting

• Classic attacks• Malformed packets• Ping of death• Nestea attack

• ARP cache poisoning• Scans

• SYN scan• ACK scan• XMAS scan • IP scan• TCP port scan• IKE scan

• Advanced traceroute• TCP SYN traceroute• UDP traceroute• DNS traceroute

• VLAN hopping• Wireless sniffing• Firewalking

Script Function

URL deobfuscator – To read the shortened URL website and tell you the title. Word list creator

Extra extra extra creditScripts I created

Description Function Site

Python-nmap It’s a Python library which helps in using nmap.

http://xael.org/norman/python/python-nmap/

Python API to the VirtualBox VM

Allowing you to control every aspect of virtual machine configuration and execution

http://download.virtualbox.org/virtualbox/SDKRef.pdf

Py2Exe py2exe is a Python Distutils extension which converts Python scripts into executable Windows programs, able to run without requiring a Python installation.

http://www.py2exe.org/

Chrome extensions/applications

Various extensions/applications found in the Chrome Webstore

• https://chrome.google.com/webstore/detail/gdiimmpmdoofmahingpgabiikimjgcia <-- Python shell (browser button)

• https://chrome.google.com/webstore/detail/cmlchnlmkdcpelgmkebknjgjgddncelc - Python shell (Chrome application)

• https://chrome.google.com/webstore/detail/nckbgikkpbjdliigbhgjfgfcahhonakp <-- Online Python development environment

Extra extra creditLittle gems I found

Description Function Site

Tweepy It’s the best working Python library to interface with Twitter (so far)

http://tweepy.github.com/

Extra extra creditLittle gems I found

Tweepy

http://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth

Beginners guides from Python• http://wiki.python.org/moin/BeginnersGuide/NonProgrammers• http://wiki.python.org/moin/BeginnersGuide/Programmers

Extra tools• http://mashable.com/2007/10/02/python-toolbox/

Online exercises• http://codingbat.com/python• http://homepage.mac.com/s_lott/books/python.html• http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html• http://anh.cs.luc.edu/python/hands-on/• http://code.google.com/edu/languages/google-python-class/index.html• http://www.cdf.toronto.edu/~csc148h/winter/• http://www.cdf.toronto.edu/~csc108h/fall/• http://projecteuler.net/• http://www.upriss.org.uk/python/PythonCourse.html• http://www.pythonchallenge.com/• http://learnpythonthehardway.org/• http://www.awaretek.com/tutorials.html• http://www.checkio.org/• http://www.pyschools.com/

Additional resources

Free online videos• http://freevideolectures.com/Course/2512/Python-Programming• http://showmedo.com/videotutorials/python• http://www.python.org/doc/av/

Online books• http://en.wikibooks.org/wiki/Python_Programming

Online interactive tutorial/interpreter• http://www.trypython.org• http://www.learnpython.org/• https://languageshells.appspot.com/

Forums• http://www.python-forum.org• http://stackoverflow.com/questions/tagged/python• http://www.daniweb.com/software-development/python/114

Module/package repositories• http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python

programming language. There are currently 17409 packages here.• http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to

learn from and use.

Python tools for penetration testers• http://www.dirk-loss.de/python-tools.htm

Additional resources

Additional resources

Tips, tricks, etc.IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments) • Windows

• PyScripter• Aptana Studio• IDLE• Ninja• Pycrust (it’s actually a shell)

• Part of wxPython• Linux

• IDLE• Geany• Python Toolkit• SPE• ERIC (supposed to have auto-complete of code…)• Pycrust (it’s actually a shell)

• Part of wxPython• DreamPie (it’s actually a shell)

Editors (http://wiki.python.org/moin/PythonEditors)• Windows

• Notepad++• Linux

• Gedit• SCiTE

Tips, tricks, etc.Linux vs. Windows

Linux

• Linux scripts can be ran via terminal • calling python <script name> • by putting #!/usr/bin/python at the top (path

to interpreter) and typing ./<script name>• Common problem on PyScripter

(awesome Windows Python IDE)… extra code comments are put at the top, then the #! /usr/bin/python

Windows

• Windows scripts don’t need the #! but need to have .py associated with Python interepreter. • Scripts can be double clicked or ran from

command prompt python <script name>• If the script is double clicked, without

having raw_input("Press ENTER to exit") you may not see the output of the script.

Tips, tricks, etc.Portable Python (Windows only)• Portable Python is a Python® programming

language preconfigured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment. Just download it, extract to your portable storage device or hard drive and in 10 minutes you are ready to create your next Python® application.• Portable Python 2.7.2.1 package contains

following applications/libraries:• PyScripter v2.4.1• NymPy 1.6.0• SciPy 0.90• Matplotlib 1.0.1 • PyWin32 216• Django 1.3• PIL 1.1.7• Py2Exe 0.6.9• wxPython 2.8.12.0

• Portable Python 3.2.1.1 package contains following applications/libraries (alphabetical order):• NetworkX v1.4• PySerial 2.5• PyScripter v2.4.1• PyWin32 v.216• RPyC-3.0.7

Antigravity• When you open up ModulesDocs and

click on antigravity module or from IDLE run import antigravity, a web browser opens to the XKCD cartoon at the beginning of this slide deck.

Zen of Python• To start the path of finding Zen of Python,

remember these two key words… IMPORT THIS .• From an IDE (IDLE) or a Python shell,

run import this and the Zen of Python will be revealed.

Etc.

Etc.

Final thoughts

Up next?

Questions?

Keith Dixon@Tazdrumm3r#misec – [email protected]://tazdrumm3r.wordpress.com

InfosecVillage.com