Overview of Python Flying made simple without the Nyquil hangover
May 06, 2015
Overview of Python
Flying made simple without the
Nyquil hangover
Agenda• About me• History of Python• About Python• Python’s uses• Python basics (Python 101)• CSAW Crypto Redux• Extra credit• Resources• Tips, tricks, observations
Who am I?
• Husband/father/geek/gets distracted by shiny objects easy
• Career path switched to IT in 1999, professionally an IT guy since 2001– Started the infosec career path switch in 2009,
officially an infosec professional since 2012(?)• Vbscript – 2007• Python – 2011
About me
History of Python• Conceived in the late 1980’s by Guido van Rossum at CWI.
• Was designed to be a successor to the ABC programming language
• Benevolent Dictator for Life (BDFL)• Currently employed by Google where he spends half his time
working on Python development• Python 2.0 was release on October 16th, 2000
• Contained many major new features• Full garbage collector (automatic memory management) • Unicode support• Biggest change – development process with a shift towards
more transparent and community-backed process• Python 3.0 was released on December 2008
• Many major features have been back ported to Python 2.6 and 2.7
About Python• What is Python?
• Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive. Its use of indentation for block delimiters is unique among popular programming languages.
• Why is it called Python?• When he began implementing Python, Guido van Rossum was also
reading the published scripts from “Monty Python’s Flying Circus”, a BBC comedy series from the 1970s. Van Rossum thought he needed a name that was short, unique, and slightly mysterious, so he decided to call the language Python.• Fun fact - The built in IDE is named after Eric Idle, a member of
Monty Python.
What is Python good for?
• Python comes with a large standard library that covers areas such as; • string processing (regular expressions, Unicode, calculating differences between
files)• Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming)• software engineering (unit testing, logging, profiling, parsing Python code)• operating system interfaces (system calls, file systems, TCP/IP sockets)• Artificial intelligence (because of similarities to Lisp)
• Extensive use in the information security industry, including exploit development.
• Network, debugging and reverse engineering, fuzzing, web, forensics, malware analysis, PDF, etc.
• Easy to write short scripts for system admin work.• Python code is easy to understand.
• Once the basic syntax is learned, even the most complicated scripts can make sense.
• Python is cross platform!!• It will work on Linux, Windows, Mac and most every other OS.
• Many, many resources and a big, friendly community
Python’s uses• Website development
• Yahoo Maps• Yahoo Groups• Google• Shopzilla
• Security tools• Scapy - a powerful interactive packet manipulation program. It can replace hping,
arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark.• Scrapy - a fast high-level screen scraping and web crawling framework, used to
crawl websites and extract structured data from their pages. It can be used for a wide range of purposes, from data mining to monitoring and automated testing.
• SET - specifically designed to perform advanced attacks against the human element.
• Artillery - a honeypot/monitoring/prevention tool used to protect Linux-based systems.
• W3af - a Web Application Attack and Audit Framework.• Pytbull - a python based flexible IDS/IPS testing framework shipped with more
than 300 tests, grouped in 9 modules, covering a large scope of attacks (clientSideAttacks, testRules, badTraffic, fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes, denialOfService, pcapReplay)
Python’s uses• Applications
• BitTorrent• DropBox
• Video games• Civilization IV• Battlefield 2• Eve Online• Vampire: The Masquerade –
Bloodlines• Graphics
• Industrial Light & Magic• "The Phantom Menace", "The
Mummy Returns" and other productions as ones where Python was used.
• Walt Disney Feature Animation• Science
• NASA• National Weather Service
• GUI frameworks• TKInter• PyQt• wxPython
• Embedded as a scripting language• Amarok• GIMP• Autodesk Maya
• Commercial uses• Google apps• Reddit• YouTube
• Government• CIA.gov
• Python implementations• Cpython• IronPython – Python for .NET
and Mono platforms• Jython – Python coded in Java
Python basics• Indentation does matter This will work But this won’t
if True: print "True" else: print "False“
if True: print "Answer" print "True" else: print "Answer" print "False"
• If, If.. Else, If… Elif (no Then)• Syntax is easy
If statement
Else statement
Elif statement
if expression: statement(s)
if expression: statement(s) else: statement(s)
if expression1: statement(s) elif expression2: statement(s) else: statement(s)
• All scripts are considered modules• All functions inside
module can be used or only certain methods can be used inside script
Entire module Partial methodimport sys from sys import argv
Python basics• Help is built in Help on modules Help on methods
>>> Import sys, hashlib>>> help(sys)>>> help(hashlib)
>>> pydoc sys>>> pydoc hashlib
>>> Import sys, hashlib>>> help(sys.argv)>>> help(hashlib.sha512)
>>> pydoc sys.argv>>> pydoc hashlib.sha512
• It can be ran interactively Via command prompt
Via IDLE or DreamPie
python
Python 2.72Type “help”, “copyright”..>>>
• IDLE is built in to Python installs
• DreamPie is a Python shell (best used on Linux)
Inspiration for the idea?
Post CSAW CTF
My approach – Post CSAW crypto challengesEach challenge 1. Encrypted message inside script –
Output is decrypted2. Encrypted message can be used as
an argument when calling script – Output is decrypted
3. Encrypted message can be read from a file for decrypting
Overall 4. One module for all decrypting,
each decryption style is a method
Challenge 1- Unicode
Challenge 2 – Hex
Challenge 3 – Binary
Challenge 4 – Base64
Challenge 5 – ROT13
Challenge 6 -
Script option 1 - inside script
Done Done Done * Done Done Incomplete
Script option 2 – argument
Done Done Done* Done Done Incomplete
Script option 3 – from file
Done Done Done* Done Done Incomplete
Script option 4 – from input (scrapped, 255 character limit)
n/a n/a n/a n/a n/a Incomplete
Overall – module with methods (CSAW_Crypto.py)
Success Success Success Success Success Incomplete
My overall scoreboard
* Found the code excerpt online
CSAW Crypto Redux
Crypto challenge # 1
Cipher text: 87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46
Answer
Welcome to the 2011 NYU Poly CSAW CTF event. We have planned many challenges for you and we hope you have fun solving them all. The key for this challenge is cryptography.
Wolfgang’s code private static string AsciiToString(string encodedString){ string[] encodedChars = encodedString.Split(' '); char[] decodedChars = new char[encodedChars.Length];
for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-10 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 10);
// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); }
return new string(decodedChars);}
Matt’s code$string=$null
[int[]]$array = ("87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46").Split(" ")
foreach($l in $array) { $string += [char]$l}
$string
My code
#!/usr/bin/python
Import syscode1 = (87,101,108,99,111,109,101,32,116,111,32,116,104,101,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,101,32,104,97,118,101,32,112,108,97,110,110,101,100,32,109,97,110,121,32,99,104,97,108,108,101,110,103,101,115,32,102,111,114,32,121,111,117,32,97,110,100,32,119,101,32,104,111,112,101,32,121,111,117,32,104,97,118,101,32,102,117,110,32,115,111,108,118,105,110,103,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32,107,101,121,32,102,111,114,32,116,104,105,115,32,99,104,97,108,108,101,110,103,101,32,105,115,32,99,114,121,112,116,111,103,114,97,112,104,121,46)
for i in code1: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)
Option # 1 – Encrypted message inside script – Output is decrypted
My codeOption # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted
#!/usr/bin/python
import sys
if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>\n")
code1 = (sys.argv[1])code_split = code1.split(':')
for i in code_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)
My code
#!/usr/bin/python
import binascii, sys
f = open ('unicode.txt', 'r')file = f.read()
code_split = file.split(':')
for decode in code_split: decode1 = int(decode) codefinal = chr(decode1) sys.stdout.write(codefinal)
f.close ( )
Option # 3 - Encrypted message can be read from a file for decrypting
CSAW Crypto Redux
Crypto challenge # 2
Cipher text: 54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:74:68:72:6f:77:2e
Answer
Last weeks meeting was a great success. We seem to be generating a lot of buzz about the movement. The key for next weeks meeting is resistance. If there is anyone else you know of that may be interested in joining bring them to the meeting this week. It will be held same time, same place.
Wolfgang’s codeprivate static string AsciiHexToString(string encodedString){ string[] encodedChars = encodedString.Split(':'); char[] decodedChars = new char[encodedChars.Length];
for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-16 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 16);
// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); }
return new string(decodedChars);}
Matt’s code$string = $null
$text = "54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:74:68:72:6f:77:2e"
$text.Split(':') | ForEach-Object {[Convert]::ToInt32($_,16)} | ForEach-Object {$string = $string + [Convert]::ToChar($_)}
$string
My code
#!/usr/bin/python
import binascii, sys
hex = '54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:\65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:\20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:\6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:\20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:\65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:\72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:\64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:\69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:\62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:\74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:\65:72:74:68:72:6f:77:2e'hex_split = hex.split(':')
for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)
Option # 1 – Encrypted message inside script – Output is decrypted
My code
#!/usr/bin/python
import sys, binascii
if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>\n")
code1 = (sys.argv[1])hex_split = code1.split(':')
for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)
Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted
My code
#!/usr/bin/python
import binascii, sys
f = open ('hex.txt', 'r')file = f.read()
hex_split = file.split(':')
for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)
f.close ( )
Option # 3 - Encrypted message can be read from a file for decrypting
CSAW Crypto ReduxCrypto challenge # 3
Cipher text: 0100110001100001011100110111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001110111011000010111001100100000011000010010000001100111011100100110010101100001011101000010000001110011011101010110001101100011011001010111001101110011001011100010000001010111011001010010000001110011011001010110010101101101001000000111010001101111001000000110001001100101001000000110011101100101011011100110010101110010011000010111010001101001011011100110011100100000011000010010000001101100011011110111010000100000011011110110011000100000011000100111010101111010011110100010000001100001011000100110111101110101011101000010000001110100011010000110010100100000011011010110111101110110011001010110110101100101011011100111010000101110001000000101010001101000011001010010000001101011011001010111100100100000011001100110111101110010001000000110111001100101011110000111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001101001011100110010000001110010011001010111001101101001011100110111010001100001011011100110001101100101001011100010000001001001011001100010000001110100011010000110010101110010011001010010000001101001011100110010000001100001011011100111100101101111011011100110010100100000011001010110110001110011011001010010000001111001011011110111010100100000011010110110111001101111011101110010000001101111011001100010000001110100011010000110000101110100001000000110110101100001011110010010000001100010011001010010000001101001011011100111010001100101011100100110010101110011011101000110010101100100001000000110100101101110001000000110101001101111011010010110111001101001011011100110011100100000011000100111001001101001011011100110011100100000011101000110100001100101011011010010000001110100011011110010000001110100011010000110010100100000011011010110010101100101011101000110100101101110011001110010000001110100011010000110100101110011001000000111011101100101011001010110101100101110001000000100100101110100001000000111011101101001011011000110110000100000011000100110010100100000011010000110010101101100011001000010000001110011011000010110110101100101001000000111010001101001011011010110010100101100001000000111001101100001011011010110010100100000011100000110110001100001011000110110010100101110
Answer
Last weeks meeting was a great success. We seem to be generating a lot of buzz about the movement. The key for next weeks meeting is resistance. If there is anyone else you know of that may be interested in joining bring them to the meeting this week. It will be held same time, same place.
Wolfgang’s codeprivate static string BinaryToString(string encodedString){ char[] decodedChars = new char[encodedString.Length / 8];
for (int i = 0; i < decodedChars.Length; i++) { // Convert the number in binary (base-2) to an integer int codeNum =
Convert.ToInt32(encodedString.Substring(i * 8, 8), 2);
// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars);}
Matt’s code$test = "0100110001100001011100110111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001110111011000010111001100100000011000010010000001100111011100100110010101100001011101000010000001110011011101010110001101100011011001010111001101110011001011100010000001010111011001010010000001110011011001010110010101101101001000000111010001101111001000000110001001100101001000000110011101100101011011100110010101110010011000010111010001101001011011100110011100100000011000010010000001101100011011110111010000100000011011110110011000100000011000100111010101111010011110100010000001100001011000100110111101110101011101000010000001110100011010000110010100100000011011010110111101110110011001010110110101100101011011100111010000101110001000000101010001101000011001010010000001101011011001010111100100100000011001100110111101110010001000000110111001100101011110000111010000100000011101110110010101100101011010110111001100100000011011010110010101100101011101000110100101101110011001110010000001101001011100110010000001110010011001010111001101101001011100110111010001100001011011100110001101100101001011100010000001001001011001100010000001110100011010000110010101110010011001010010000001101001011100110010000001100001011011100111100101101111011011100110010100100000011001010110110001110011011001010010000001111001011011110111010100100000011010110110111001101111011101110010000001101111011001100010000001110100011010000110000101110100001000000110110101100001011110010010000001100010011001010010000001101001011011100111010001100101011100100110010101110011011101000110010101100100001000000110100101101110001000000110101001101111011010010110111001101001011011100110011100100000011000100111001001101001011011100110011100100000011101000110100001100101011011010010000001110100011011110010000001110100011010000110010100100000011011010110010101100101011101000110100101101110011001110010000001110100011010000110100101110011001000000111011101100101011001010110101100101110001000000100100101110100001000000111011101101001011011000110110000100000011000100110010100100000011010000110010101101100011001000010000001110011011000010110110101100101001000000111010001101001011011010110010100101100001000000111001101100001011011010110010100100000011100000110110001100001011000110110010100101110"$string = $null$chars = while ($test.Length) {
$byte = $test.Substring(0,8)$test = $test.Substring(8)$([Convert]::ToChar([Convert]::ToByte($byte, 2)))
}$chars -join ""
#!/usr/bin/python
import math, sys# v = value to split, l = size of each chunk
f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]
basecode = f ('0100110001100001011100110111010000100000011101110110010101100101\0110101101110011001000000110110101100101011001010111010001101001011011100110011\1001000000111011101100001011100110010000001100001001000000110011101110010011001\0101100001011101000010000001110011011101010110001101100011011001010111001101110\0110010111000100000010101110110010100100000011100110110010101100101011011010010\0000011101000110111100100000011000100110010100100000011001110110010101101110011\0010101110010011000010111010001101001011011100110011100100000011000010010000001\1011000110111101110100001000000110111101100110001000000110001001110101011110100\1111010001000000110000101100010011011110111010101110100001000000111010001101000\0110010100100000011011010110111101110110011001010110110101100101011011100111010\0001011100010000001010100011010000110010100100000011010110110010101111001001000\0001100110011011110111001000100000011011100110010101111000011101000010000001110\1110110010101100101011010110111001100100000011011010110010101100101011101000110\1001011011100110011100100000011010010111001100100000011100100110010101110011011\0100101110011011101000110000101101110011000110110010100101110001000000100100101\1001100010000001110100011010000110010101110010011001010010000001101001011100110\0100000011000010110111001111001011011110110111001100101001000000110010101101100\0111001101100101001000000111100101101111011101010010000001101011011011100110111\1011101110010000001101111011001100010000001110100011010000110000101110100001000\0001101101011000010111100100100000011000100110010100100000011010010110111001110\1000110010101110010011001010111001101110100011001010110010000100000011010010110\1110001000000110101001101111011010010110111001101001011011100110011100100000011\0001001110010011010010110111001100111001000000111010001101000011001010110110100\1000000111010001101111001000000111010001101000011001010010000001101101011001010\1100101011101000110100101101110011001110010000001110100011010000110100101110011\0010000001110111011001010110010101101011001011100010000001001001011101000010000\0011101110110100101101100011011000010000001100010011001010010000001101000011001\0101101100011001000010000001110011011000010110110101100101001000000111010001101\0010110110101100101001011000010000001110011011000010110110101100101001000000111\00000110110001100001011000110110010100101110',8)
for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)
Option # 1 – Encrypted message inside script – Output is decrypted
My code
import sys, math
if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <binary code you wish to decode>\n")
f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]
basecode = f(sys.argv[1],8)
for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)
My codeOption # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted
#!/usr/bin/python
import math, sys
f = open ('binary.txt', 'r')file = f.read()
f1 = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]
basecode = f1(file,8)
for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)
f.close ( )
My codeOption # 3 - Encrypted message can be read from a file for decrypting
CSAW Crypto Redux
Crypto challenge # 4
Cipher text: VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==
Answer
That meeting was a little crazy. We have no idea where those guys in the black suits came from, but we are looking into it. Use the key infiltration for next week’s meeting. Stay with the cause and we will succeed.
Wolfgang’s code
private static string DecodeBase64ToString(string encodedString){ byte[] encodedAsBytes =
System.Convert.FromBase64String(encodedString); return
System.Text.UTF8Encoding.UTF8 .GetString(encodedAsBytes);
}
Matt’s code$text = "VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==“
$bytes = [System.Convert]::FromBase64String($text)
$string = [System.Text.Encoding]::UTF8.GetString($bytes)
$string
My code
#!/usr/bin/python
code3 = ("VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==")answer=code3.decode('base64','strict')print answer
Option # 1 – Encrypted message inside script – Output is decrypted
My code
#!/usr/bin/python
import sys
if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Base64 code you wish to decode>\n")
basecode = sys.argv[1]
answer=basecode.decode('base64','strict')
print "This is the encoded message : " + sys.argv[1]print "This is the decoded message : " + answer
Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted
My code
#!/usr/bin/python
f = open ('base64.txt', 'r')file = f.read()
answer=file.decode('base64','strict')print answer
f.close ( )
Option # 3 - Encrypted message can be read from a file for decrypting
CSAW Crypto Redux
Crypto challenge # 5
Cipher text: JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF JR'ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ.
We have discovered that our last three transmissions we're easily deciphered. We have taken care of the party responsible for their encoding and are now using a new method. Use the information provided at last week.s meeting to decipher all new messages. And remember, this week's key is obfuscated.
Answer
Wolfgang’s code (part 1)private static string RotToString(string encodedString, int rotation){ // Boundary check because this only works for ROT1 thru ROT26 if (rotation < 0 | rotation > 26) { throw new Exception("RotToString only supports ROT1 thru ROT26."); }
char[] encodedChars = encodedString.ToArray(); char[] decodedChars = new char[encodedChars.Length];
int A = Convert.ToInt32('A'); // 65 int Z = Convert.ToInt32('Z'); // 90 int a = Convert.ToInt32('a'); // 97 int z = Convert.ToInt32('z'); // 122
Wolfgang’s code (part 2)for (int i = 0; i < decodedChars.Length; i++) { int codeNum = Convert.ToInt32(encodedChars[i]);
// Rotate capital letters A-Z 65-90 if (codeNum >= A && codeNum <= Z) { codeNum = codeNum - rotation; if (codeNum < A) { codeNum = Z - (A - codeNum) + 1; } }
// Rotate lower-case letters a-z 97-122 if (codeNum >= a && codeNum <= z) { codeNum = codeNum - rotation; if (codeNum < a) { codeNum = z - (a - codeNum) + 1; } }
// Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum);
Wolfgang’s code (part 3)return new string(decodedChars);}
Matt’s code
My code
#!/usr/bin/python
rot13 = ('JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF JR ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ.')
answer=rot13.decode('rot13','strict')print answer
Option # 1 – Encrypted message inside script – Output is decrypted
My code
#!/usr/bin/python
import sys
if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <ROT13 code you wish to decode>\n")
basecode = sys.argv[1]
answer=basecode.decode('rot13','strict')
print "This is the encoded message : " + sys.argv[1]print "This is the decoded message : " + answer
Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted
My code
#!/usr/bin/python
f = open ('rot13.txt', 'r')file = f.read()
answer=file.decode('rot13','strict')print answer
f.close ( )
Option # 3 - Encrypted message can be read from a file for decrypting
My final one – Encrypt/decrypt module#!/usr/bin/python
import sys
def hexdecode(hex_key): import binascii hex_split = hex_key.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode)
def uni_decode(unicode_key): unicode_split=unicode_key.split(':') for i in unicode_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal)
def base64_decode(base64_key): answer=base64_key.decode('base64','strict') print answer
def binary_decode(binary_key): import math f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f (binary_key,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb)
def rot13_decode(rot13_key): answer=rot13_key.decode('rot13','strict') print answer
My final one – Encrypt/decrypt module
My final one – Encrypt/decrypt module
Extra credit
Script Function Learned Success?Webcheck_v1.py Monitor web server – verify it
remains up1. Script arguments2. Connect to web server and run a GET request
Yes
Webcheck_v2.py Monitor web server – verify it remains up (default to port 80)
1. Alternate script arguments method No
Subnetcalc.py Calculate subnet mask, broadcast address, network range, and gateway from IP/CIDR
1. Parse out values programmatically2. Math functions with variables3. Displaying results4. Using FOR loops
Yes
Pass.py Determines if users are using the original default assigned password
1. Use the crypt module No
Robotparser.py Retrieve the paths from the robot.txt No
root_check.py Checks to see what permissions logged in account has (normal user, root or system account)
1. Using IF and ELIF conditional statements Yes
Readshadow.py Checks to see if you have permission to read /etc/shadow
1. Tests permissions on files to see if current credentials can read file
Yes
Network_socket.py
Connect to website, pull contents (hard coded)
1. Network socket creation2. Spaces will bite you in the ass where you least
expect it.
Yes
Extra creditCoding for Penetration Testers book
Script Function Learned Success?
network_socket_argument.py
Connect to website, pull contents (site specified by argument)
1. Network socket creation2. Spaces will bite you in the ass where you
least expect it.
Yes
Server_connect.py Once a connection is made, send back a string
1. Network socket creation2. Allow incoming connections.
Yes
server_shell.py No
receiveICMP.py To receive a file from another system via ICMP (in conjunction with sendICMP.py)
1. Python script using Scapy Yes
sendICMP.py To send a file to another system via ICMP (in conjunction with receiveICMP.py)
1. Python script using Scapy Yes
Extra creditCoding for Penetration Testers book
Extra credit
Category Script
CSAW Crypto Redux – Challenge 1 to 5
Extra credit
Coding for Penetration Testers – part 1
Coding for Penetration Testers – part 2
Coding for Penetration Testers – part 3
Extra extra credit
Challenge 5 - ROT13
Challenge 4 - Base64
Challenge 3 - Binary
Network socket
SubnetcalcWebcheck_v1
All the scripts
root_check
Readshadow network_socket_argument
server_connect_scan
Server_connect
Challenge 2 - Hex
server_shell receiveICMP sendICMP scapy file send
CSAW_Crypto
Challenge 1 - Chr code
pass.py Robotparser
twitter_status Twitter_account_connect
Extra extra creditCoding for Pentesters - Exploitation
INCOMPLETE*
* IT WILL BE POSTED ON MY BLOG WHEN I CAN GET IT DONE.
Scapy
Extra extra credit• Packet creation
• Read PCAP files• Create graphical dumps
• Must have appropriate supporting tools installed
• Fuzzing• Send and receive packets• TCP traceroute (can do graphical dump
as well)• Sniffing• Send and receive files through
alternate data channels (ICMP)• Ping
• ARP ping• ICMP ping• TCP ping• UDP ping
• Wireless frame injection• OS Fingerprinting
• Classic attacks• Malformed packets• Ping of death• Nestea attack
• ARP cache poisoning• Scans
• SYN scan• ACK scan• XMAS scan • IP scan• TCP port scan• IKE scan
• Advanced traceroute• TCP SYN traceroute• UDP traceroute• DNS traceroute
• VLAN hopping• Wireless sniffing• Firewalking
Script Function
URL deobfuscator – To read the shortened URL website and tell you the title. Word list creator
Extra extra extra creditScripts I created
Description Function Site
Python-nmap It’s a Python library which helps in using nmap.
http://xael.org/norman/python/python-nmap/
Python API to the VirtualBox VM
Allowing you to control every aspect of virtual machine configuration and execution
http://download.virtualbox.org/virtualbox/SDKRef.pdf
Py2Exe py2exe is a Python Distutils extension which converts Python scripts into executable Windows programs, able to run without requiring a Python installation.
http://www.py2exe.org/
Chrome extensions/applications
Various extensions/applications found in the Chrome Webstore
• https://chrome.google.com/webstore/detail/gdiimmpmdoofmahingpgabiikimjgcia <-- Python shell (browser button)
• https://chrome.google.com/webstore/detail/cmlchnlmkdcpelgmkebknjgjgddncelc - Python shell (Chrome application)
• https://chrome.google.com/webstore/detail/nckbgikkpbjdliigbhgjfgfcahhonakp <-- Online Python development environment
Extra extra creditLittle gems I found
Description Function Site
Tweepy It’s the best working Python library to interface with Twitter (so far)
http://tweepy.github.com/
Extra extra creditLittle gems I found
Tweepy
http://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth
Beginners guides from Python• http://wiki.python.org/moin/BeginnersGuide/NonProgrammers• http://wiki.python.org/moin/BeginnersGuide/Programmers
Extra tools• http://mashable.com/2007/10/02/python-toolbox/
Online exercises• http://codingbat.com/python• http://homepage.mac.com/s_lott/books/python.html• http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html• http://anh.cs.luc.edu/python/hands-on/• http://code.google.com/edu/languages/google-python-class/index.html• http://www.cdf.toronto.edu/~csc148h/winter/• http://www.cdf.toronto.edu/~csc108h/fall/• http://projecteuler.net/• http://www.upriss.org.uk/python/PythonCourse.html• http://www.pythonchallenge.com/• http://learnpythonthehardway.org/• http://www.awaretek.com/tutorials.html• http://www.checkio.org/• http://www.pyschools.com/
Additional resources
Free online videos• http://freevideolectures.com/Course/2512/Python-Programming• http://showmedo.com/videotutorials/python• http://www.python.org/doc/av/
Online books• http://en.wikibooks.org/wiki/Python_Programming
Online interactive tutorial/interpreter• http://www.trypython.org• http://www.learnpython.org/• https://languageshells.appspot.com/
Forums• http://www.python-forum.org• http://stackoverflow.com/questions/tagged/python• http://www.daniweb.com/software-development/python/114
Module/package repositories• http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python
programming language. There are currently 17409 packages here.• http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to
learn from and use.
Python tools for penetration testers• http://www.dirk-loss.de/python-tools.htm
Additional resources
Additional resources
Tips, tricks, etc.IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments) • Windows
• PyScripter• Aptana Studio• IDLE• Ninja• Pycrust (it’s actually a shell)
• Part of wxPython• Linux
• IDLE• Geany• Python Toolkit• SPE• ERIC (supposed to have auto-complete of code…)• Pycrust (it’s actually a shell)
• Part of wxPython• DreamPie (it’s actually a shell)
Editors (http://wiki.python.org/moin/PythonEditors)• Windows
• Notepad++• Linux
• Gedit• SCiTE
Tips, tricks, etc.Linux vs. Windows
Linux
• Linux scripts can be ran via terminal • calling python <script name> • by putting #!/usr/bin/python at the top (path
to interpreter) and typing ./<script name>• Common problem on PyScripter
(awesome Windows Python IDE)… extra code comments are put at the top, then the #! /usr/bin/python
Windows
• Windows scripts don’t need the #! but need to have .py associated with Python interepreter. • Scripts can be double clicked or ran from
command prompt python <script name>• If the script is double clicked, without
having raw_input("Press ENTER to exit") you may not see the output of the script.
Tips, tricks, etc.Portable Python (Windows only)• Portable Python is a Python® programming
language preconfigured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment. Just download it, extract to your portable storage device or hard drive and in 10 minutes you are ready to create your next Python® application.• Portable Python 2.7.2.1 package contains
following applications/libraries:• PyScripter v2.4.1• NymPy 1.6.0• SciPy 0.90• Matplotlib 1.0.1 • PyWin32 216• Django 1.3• PIL 1.1.7• Py2Exe 0.6.9• wxPython 2.8.12.0
• Portable Python 3.2.1.1 package contains following applications/libraries (alphabetical order):• NetworkX v1.4• PySerial 2.5• PyScripter v2.4.1• PyWin32 v.216• RPyC-3.0.7
Antigravity• When you open up ModulesDocs and
click on antigravity module or from IDLE run import antigravity, a web browser opens to the XKCD cartoon at the beginning of this slide deck.
Zen of Python• To start the path of finding Zen of Python,
remember these two key words… IMPORT THIS .• From an IDE (IDLE) or a Python shell,
run import this and the Zen of Python will be revealed.
Etc.
Etc.
Final thoughts
Up next?
Questions?
Keith Dixon@Tazdrumm3r#misec – [email protected]://tazdrumm3r.wordpress.com
InfosecVillage.com