9781597499576

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers

by
  • ISBN13:

    9781597499576

  • ISBN10:

    1597499579

  • Format: Paperback
  • Copyright: 11/8/2012
  • Publisher: Elsevier Science Ltd
  • Purchase Benefits
  • Free Shipping On Orders Over $59!
    Your order must be $59 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $49.95 Save up to $7.49
  • Buy New
    $42.46

    USUALLY SHIPS IN 3-5 BUSINESS DAYS

Supplemental Materials

What is included with this book?

  • The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
  • The eBook copy of this book is not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Summary

Violent Python shows you how to move from a theoretical understanding of offensive computing to a practical implementation of offensive computing. The book focuses specifically on penetration testing, nefarious web activities, forensic, wireless and network analysis using the python programming language. You'll learn how to create software that attacks various computer systems, forensically analyzes digital evidence, and create programs that target wireless and mobile devices. Specific hands-on examples include, using the radio on a mobile phone, automating the process of breaking into several computers simultaneously, and data mining on social networking sites. Reading this book, you'll discover how to use Python to exploit systems and build effective pen testing tools to defend your system from attackers. *Takes difficult concepts involved in offensive computing and shows you how to implement them using a minimal amount of code. *Demonstrates how to write Python programs to defend against incursions by hackers *Includes case studies and hands-on programming with Python that simulate actual attacks

Author Biography

TJO'Connor is a Department of Defense expert on information security and a US Army paratrooper. While assigned as an assistant professor at the US Military Academy, TJ taught undergraduate courses on forensics, exploitation and information assurance. He twice co-coached the winning team at the National Security Agency's annual Cyber Defense Exercise and won the National Defense University's first annual Cyber Challenge. He has served on multiple red teams, including twice on the Northeast Regional Team for the National Collegiate Cyber Defense Competition. He holds expert cyber security credentials, including the prestigious GIAC Security Expert (GSE) and Offensive Security Certified Expert (OSCE). TJ is a member of the elite SANS Red and Blue Team Cyber Guardians.

Table of Contents

Trademarksp. v
Acknowledgementsp. vii
Dedicationp. ix
Lead Authorp. xvii
Contributing Author Biop. xix
Technical Editor Biop. xxi
Introductionp. xxiii
Introductionp. 1
Introduction: A Penetration Test with Pythonp. 1
Setting Up Your Development Environmentp. 2
Installing Third Party Librariesp. 3
Interpreted Python Versus Interactive Pythonp. 5
The Python Languagep. 6
Variablesp. 7
Stringsp. 7
Listsp. 8
Dictionariesp. 9
Networkingp. 9
Selectionp. 10
Exception Handlingp. 10
Functionsp. 12
Iterationp. 14
File I/Op. 16
Sys Modulep. 17
OS Modulep. 18
Your First Python Programsp. 20
Setting the Stage for Your First Python Program: The Cuckoo's Eggp. 20
Your First Program, a UNIX Password Crackerp. 21
Setting the Stage for Your Second Program: Using Evil for Goodp. 24
Your Second Program, a Zip-File Password Crackerp. 24
Chapter Wrap-Upp. 29
Referencesp. 29
Penetration Testing with Pythonp. 31
Introduction: The Morris Worm-Would it Work Today?p. 31
Building a Port Scannerp. 32
TCP Full Connect Scanp. 33
Application Banner Grabbingp. 35
Threading the Scanp. 37
Integrating the Nmap Port Scannerp. 39
Building an SSH BotNet with Pythonp. 41
Interacting with SSH Through Pexpectp. 42
Brute Forcing SSH Passwords with Pxsshp. 45
Exploiting SSH Through Weak Private Keysp. 48
Constructing the SSH Botnetp. 53
Mass Compromise by Bridging FTP and Webp. 56
Building an Anonymous FTP Scanner with Pythonp. 57
Using Ftplib to Brute Force FTP User Credentialsp. 57
Searching for Web Pages on the FTP Serverp. 59
Adding a Malicious Inject to Web Pagesp. 60
Bringing the Entire Attack Togetherp. 62
Conficker, Why Trying Hard is Always Good Enoughp. 66
Attacking the Windows SMB Service with Metasploitp. 67
Writing Python to Interact with Metasploitp. 69
Remote Process Execution Brute Forcep. 71
Putting it Back Together to Build Our Own Confickerp. 71
Writing Your Own Zero-Day Proof of Concept Codep. 74
Stack-Based Buffer Overflow Attacksp. 75
Adding the Key Elements of the Attackp. 75
Sending the Exploitp. 76
Assembling the Entire Exploit Scriptp. 77
Chapter Wrap Upp. 79
Referencesp. 80
Forensic Investigations with Pythonp. 81
Introduction: How Forensics Solved the BTK Murdersp. 81
Where Have You Been?-Analysis of Wireless Access Points in the Registryp. 82
Using WinReg to Read the Windows Registryp. 83
Using Mechanize to Submit the MAC Address to Wiglep. 85
Using Python to Recover Deleted Items in the Recycle Binp. 89
Using the OS Module to Find Deleted Itemsp. 90
Python to Correlate SID to Userp. 90
Metadatap. 93
Using PyPDF to Parse PDF Metadatap. 93
Understanding Exif Metadatap. 95
Downloading Images with BeautifulSoupp. 96
Reading Exif Metadata from Images with the Python Imaging Libraryp. 97
Investigating Application Artifacts with Pythonp. 100
Understanding the Skype Sqlite3 Databasep. 100
Using Python and Sqlite3 to Automate Skype Database Queriesp. 102
Parsing Firefox Sqlite3 Databases with Pythonp. 108
Investigating iTunes Mobile Backups with Pythonp. 116
Chapter Wrap-Upp. 122
Referencesp. 122
Network Traffic Analysis with Pythonp. 125
Introduction: Operation Aurora and How the Obvious was Missedp. 125
Where is that IP Traffic Headed?-A Python Answerp. 126
Using PyGeoIP to Correlate IP to Physical Locationsp. 127
Using Dpkt to Parse Packetsp. 128
Using Python to Build a Google Mapp. 132
Is Anonymous Really Anonymous? Analyzing LOIC Trafficp. 135
Using Dpkt to Find the LOIC Downloadp. 135
Parsing IRC Commands to the Hivep. 137
Identifying the DDoS Attack in Progressp. 138
How H.D. Moore Solved the Pentagon's Dilemmap. 143
Understanding the TTL Fieldp. 144
Parsing TTL Fields with Scapyp. 146
Storm's Fast-Flux and Conficker's Domain-Fluxp. 149
Does Your DNS Know Something You Don't?p. 150
Using Scapy to Parse DNS Trafficp. 151
Detecting Fast Flux Traffic with Scapyp. 152
Detecting Domain Flux Traffic with Scapyp. 153
Kevin Mitnick and TCP Sequence Predictionp. 154
Your Very Own TCP Sequence Predictionp. 155
Crafting a SYN Flood with Scapyp. 156
Calculating TCP Sequence Numbersp. 157
Spoofing the TCP Connectionp. 159
Foiling Intrusion Detection Systems with Scapyp. 162
Chapter Wrap Upp. 168
Referencesp. 168
Wireless Mayhem with Pythonp. 171
Introduction: Wireless (IN) Security and the Icemanp. 171
Setting up Your Wireless Attack Environmentp. 172
Testing Wireless Capture with Scapyp. 172
Installing Python Bluetooth Packagesp. 173
The Wall of Sheep-Passively Listening to Wireless Secretsp. 174
Using Python Regular Expressions to Sniff Credit Cardsp. 175
Sniffing Hotel Guestsp. 178
Building a Wireless Google Key Loggerp. 181
Sniffing FTP Credentialsp. 184
Where Has Your Laptop Been? Python Answersp. 186
Listening for 802.11 Probe Requestsp. 186
Finding Hidden Network 802.11 Beaconsp. 187
De-cloaking Hidden 802.11 Networksp. 188
Intercepting and Spying on UAVs with Pythonp. 189
Intercepting the Traffic, Dissecting the Protocolp. 189
Crafting 802.11 Frames with Scapyp. 192
Finalizing the Attack, Emergency Landing the UAVp. 195
Detecting FireSheepp. 196
Understanding Wordpress Session Cookiesp. 198
Herd the Sheep-Catching Wordpress Cookie Reusep. 199
Stalking with Bluetooth and Pythonp. 201
Intercepting Wireless Traffic to Find Bluetooth Addressesp. 203
Scanning Bluetooth RFCOMM Channelsp. 205
Using the Bluetooth Service Discovery Protocolp. 206
Taking Over a Printer with Python ObexFTPp. 207
Blue Bugging a Phone with Pythonp. 208
Chapter Wrap Upp. 209
Referencesp. 210
Web Recon with Pythonp. 211
Introduction: Social Engineering Todayp. 211
Recon Prior to Attackp. 212
Using the Mechanize Library to Browse the Internetp. 212
Anonymity - Adding Proxies, User-Agents, Cookiesp. 214
Finalizing Our AnonBrowser into a Python Classp. 217
Scraping Web Pages with AnonBrowserp. 219
Parsing HREF Links with Beautiful Soupp. 219
Mirroring Images with Beautiful Soupp. 222
Research, Investigate, Discoveryp. 223
Interacting with the Google API in Pythonp. 223
Parsing Tweets with Pythonp. 227
Pulling Location Data Out of Tweetsp. 229
Parsing Interests from Twitter Using Regular Expressionsp. 231
Anonymous Emailp. 236
Mass Social Engineeringp. 237
Using Smtplib to Email Targetsp. 237
Spear Phishing with Smtplibp. 239
Chapter Wrap-Upp. 242
Referencesp. 242
Antivirus Evasion with Pythonp. 245
Introduction: Flame On!p. 245
Evading Antivirus Programsp. 246
Verifying Evasionp. 250
Wrap Upp. 255
Referencesp. 256
Indexp. 257
Table of Contents provided by Ingram. All Rights Reserved.

Rewards Program

Write a Review