Đây là bộ sách tiếng anh cho dân công nghệ thông tin chuyên về bảo mật,lập trình.Thích hợp cho những ai đam mê về công nghệ thông tin,tìm hiểu về bảo mật và lập trình.
Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers !-34%2$!-s"/34/.s(%)$%,"%2's,/.$/. .%79/2+s/8&/2$s0!2)3s3!.$)%'/ 3!.&2!.#)3#/s3).'!0/2%s39$.%9s4/+9/ 3YNGRESSISAN)MPRINTOF%LSEVIER TJ. O’Connor Violent Python A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Acquiring Editor: Chris Katsaropoulos Development Editor: Meagan White Project Manager: Priya Kumaraguruparan Designer: Russell Purdy Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA Copyright © 2013 Elsevier, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrange- ments with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this eld are constantly changing. As new research and experi- ence broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 978-1-59749-957-6 Printed in the United States of America 13 14 15 10 9 8 7 6 5 4 3 2 1 For information on all Syngress publications visit our website at www.syngress.com v Trademarks %LSEVIER)NCTHE AUTHORSANDANYPERSONORlRMINVOLVEDINTHEWRITING EDITINGORPRODUCTIONCOLLECTIVELYh-AKERSvOF THISBOOKhTHE7ORKvDO NOTGUARANTEEORWARRANTTHERESULTSTOBEOBTAINEDFROMTHE7ORK 4HEREISNOGUARANTEEOFANYKINDEXPRESSEDORIMPLIEDREGARDINGTHE7ORKOR ITSCONTENTS4HE7ORKISSOLD!3)3AND7)4(/547!22!.499OUMAYHAVE OTHERLEGALRIGHTSWHICHVARYFROMSTATETOSTATE )NNOEVENTWILL-AKERS BELIABLETOYOUFORDAMAGESINCLUDINGANYLOSSOF PROlTSLOSTSAVINGSOROTHERINCIDENTALORCONSEQUENTIALDAMAGESARISINGOUT FROMTHE7ORKORITSCONTENTS"ECAUSESOMESTATESDONOTALLOWTHEEXCLUSION ORLIMITATIONOF LIABILITYFORCONSEQUENTIALORINCIDENTALDAMAGES THEABOVE LIMITATIONMAYNOTAPPLYTOYOU 9OUSHOULDALWAYSUSEREASONABLECAREINCLUDINGBACKUPANDOTHERAPPROPRI- ATEPRECAUTIONSWHENWORKINGWITHCOMPUTERSNETWORKSDATAANDlLES 3YNGRESS -EDIA 3YNGRESS h#AREER !DVANCEMENT 4HROUGH 3KILL %NHANCE- MENTv h!SK THE !UTHOR 50$!4%v AND h(ACK 0ROOlNGv ARE REGISTERED TRADEMARKS OF %LSEVIER )NCh3YNGRESS4HE $ElNITION OF A 3ERIOUS 3ECURITY ,IBRARYv4-h-ISSION#RITICAL4-vANDh4HE/NLY7AYTO3TOPA(ACKERISTO 4HINK,IKE/NE4-vARETRADEMARKSOF%LSEVIER)NC"RANDSANDPRODUCTNAMES MENTIONED IN THIS BOOK ARE TRADEMARKS OR SERVICE MARKS OF THEIR RESPECTIVE COMPANIES ix Dedication For my monkey and my ninja princess: anything is possible if you try hard enough. xvii Lead Author – TJ O’Connor 4*/#ONNORISA$EPARTMENTOF$EFENSEEXPERTONINFORMATIONSECURITYAND A 53 !RMY PARATROOPER 7HILE ASSIGNED AS AN ASSISTANT PROFESSOR AT THE 53 -ILITARY !CADEMY 4* TAUGHT UNDERGRADUATE COURSES ON FORENSICS EXPLOITA- TION AND INFORMATION ASSURANCE (E TWICE COCOACHED THE WINNING TEAM AT THE .ATIONAL 3ECURITY !GENCYSANNUAL #YBER $EFENSE %XERCISE AND WON THE .ATIONAL$EFENSE5NIVERSITYSlRSTANNUAL#YBER#HALLENGE(EHASSERVEDON MULTIPLEREDTEAMSINCLUDINGTWICEONTHE.ORTHEAST2EGIONAL4EAMFORTHE .ATIONAL#OLLEGIATE#YBER$EFENSE#OMPETITION 4*HOLDSA-ASTEROF3CIENCEDEGREEIN#OMPUTER3CIENCEFROM.ORTH#AROLINA 3TATE A -ASTER OF 3CIENCE DEGREE IN )NFORMATION 3ECURITY %NGINEERING FROM THE3!.34ECHNICAL)NSTITUTEANDA"ACHELOROF3CIENCEDEGREEIN#OMPUTER 3CIENCEFROMTHE53-ILITARY!CADEMY(EHASPUBLISHEDTECHNICALRESEARCHAT 53%.)8WORKSHOPS!#-CONFERENCESSECURITYCONFERENCESTHE3!.32EAD- ING2OOMTHE)NTERNET3TORM#ENTERTHEArmy MagazineANDTHEArmed Forces Journal(EHOLDSEXPERT CYBERSECURITYCREDENTIALS INCLUDINGTHEPRESTIGIOUS ')!#3ECURITY%XPERT'3%AND/FFENSIVE3ECURITY#ERTIlED%XPERT/3#% 4*ISAMEMBEROFTHEELITE3!.32EDAND"LUE4EAM#YBER'UARDIANS xix Contributing Author Bio – Rob Frost 2OBERT &ROST GRADUATED FROM THE 5NITED 3TATES -ILITARY !CADEMY IN COMMISSIONINGINTOTHE!RMY3IGNAL#ORPS(EHOLDSA"ACHELOROF3CIENCE DEGREE IN #OMPUTER 3CIENCE WITH HONORSWITHHIS THESIS WORK FOCUSING ON OPENSOURCEINFORMATIONGATHERING2OBWASINDIVIDUALLYRECOGNIZEDASONEOF THETOPTWOMEMBERSOFTHENATIONALCHAMPIONSHIPTEAMFORTHE#YBER $EFENSE%XERCISEDUETOHISABILITYTOCIRCUMVENTRULES2OBHASPARTICIPATEDIN ANDWONSEVERALCYBERSECURITYCOMPETITIONS xxi Technical Editor Bio – Mark Baggett -ARK"AGGETTISA#ERTIlED3!.3)NSTRUCTORANDTEACHESSEVERALCOURSESINTHE 3!.3 PENETRATION TESTING CURRICULUM -ARK IS THE PRIMARY CONSULTANT AND FOUNDER OF )N $EPTH $EFENSE )NC WHICH PROVIDES INCIDENTRESPONSE AND PENETRATIONTESTINGSERVICES4ODAYINHISROLEASTHETECHNICALADVISORTOTHE $EPARTMENTOF$EFENSEFOR3!.3-ARKISFOCUSEDONTHEPRACTICALAPPLICATION OF3!.3RESOURCESINTHEDEVELOPMENTOFMILITARYCAPABILITIES -ARKHASHELDAVARIETYOFPOSITIONSININFORMATIONSECURITYFORLARGEINTERNA- TIONALAND&ORTUNECOMPANIES(EHASBEENASOFTWAREDEVELOPERANET- WORKANDSYSTEMSENGINEERASECURITYMANAGERANDA#)3/!SA#)3/-ARK WASRESPONSIBLEFORPOLICYCOMPLIANCEINCIDENTRESPONSEANDALLOTHERASPECTS OFINFORMATIONSECURITYOPERATIONS-ARKKNOWSlRSTHANDTHECHALLENGESTHAT INFORMATION SECURITY PROFESSIONALS FACE TODAY IN SELLING IMPLEMENTING AND SUPPORTINGINFORMATIONSECURITY-ARKISANACTIVEMEMBEROFTHEINFORMATION SECURITYCOMMUNITYANDTHEFOUNDINGPRESIDENTOFTHE'REATER!UGUSTA)33! (EHOLDSSEVERALCERTIlCATIONSINCLUDING3!.3PRESTIGIOUS'3%-ARKBLOGS ABOUTVARIOUSSECURITYTOPICSATHTTPWWWPAULDOTCOMCOM xxiii Introduction 0YTHONISAHACKERSLANGUAGE 7ITHITSDECREASEDCOMPLEXITYINCREASED EFl- CIENCYLIMITLESSTHIRDPARTYLIBRARIESANDLOWBARTOENTRY0YTHONPROVIDESAN EXCELLENTDEVELOPMENTPLATFORMTOBUILDYOUROWNOFFENSIVETOOLS)FYOUARE RUNNING-AC/38OR,INUXODDSAREITISALREADYINSTALLEDONYOURSYSTEM 7HILEAWEALTHOFOFFENSIVETOOLSALREADYEXISTLEARNING0YTHONCANHELPYOU WITHTHEDIFlCULTCASESWHERETHOSETOOLSFAIL TARGET AUDIENCE %VERYONELEARNSDIFFERENTLY(OWEVERWHETHERYOUAREABEGINNERWHOWANTS TOLEARNHOWTOWRITE0YTHONORANADVANCEDPROGRAMMERWHOWANTSTOLEARN HOWTOAPPLYYOURSKILLSINPENETRATIONTESTINGTHISBOOKISFORYOU ORGANIZATION OF THE BOOK )NWRITINGTHISBOOKWEREALLYSETOUTTOWRITEANEVILCOOKBOOKOFEXAMPLES FOR THE DARKER SIDE OF 0YTHON 4HE FOLLOWING PAGES PROVIDE 0YTHON RECIPES FORPENETRATIONTESTINGWEBANALYSISNETWORKANALYSISFORENSICANALYSISAND EXPLOITINGWIRELESSDEVICES(OPEFULLYTHEEXAMPLESWILLINSPIRETHEREADERTO CREATEHISORHEROWN0YTHONSCRIPTS Chapter 1: Introduction )FYOUHAVENOTPROGRAMMEDIN0YTHONBEFORE#HAPTERPROVIDESBACKGROUND INFORMATION ABOUT THE LANGUAGE VARIABLES DATA TYPES FUNCTIONS ITERATION SELECTIONANDWORKINGWITHMODULESANDMETHODICALLYWALKSTHROUGHWRIT- INGAFEWSIMPLEPROGRAMS&EELFREETOSKIPITIFYOUAREALREADYCOMFORTABLE WITHTHE0YTHONPROGRAMMINGLANGUAGE!FTERTHElRSTCHAPTERTHEFOLLOWING SIXCHAPTERSAREFAIRLYINDEPENDENTFROMONEANOTHERFEELFREETOREADTHEMIN WHICHEVERORDERYOUPLEASEACCORDINGTOWHATSTRIKESYOURCURIOSITY xxiv Introduction Chapter 2: Penetration Testing with Python #HAPTER INTRODUCES THE IDEA OF USING THE 0YTHON PROGRAMMING LANGUAGE TOSCRIPTATTACKSFORPENETRATIONTESTING4HEEXAMPLESINTHECHAPTERINCLUDE BUILDINGAPORTSCANNERCONSTRUCTINGAN33(BOTNETMASSCOMPROMISINGVIA &40REPLICATING#ONlCKERANDWRITINGANEXPLOIT Chapter 3: Forensic Investigations with Python #HAPTERUTILIZES0YTHONFORDIGITALFORENSICINVESTIGATIONS4HISCHAPTERPRO- VIDESEXAMPLESFORGEOLOCATINGINDIVIDUALSRECOVERINGDELETEDITEMSEXTRACT- INGARTIFACTSFROMTHE7INDOWSREGISTRYEXAMININGMETADATAINDOCUMENTSAND IMAGESANDINVESTIGATINGAPPLICATIONANDMOBILEDEVICEARTIFACTS Chapter 4: Network Traffic Analysis with Python #HAPTERUSES0YTHONTOANALYZENETWORKTRAFlC4HESCRIPTSINTHISCHAPTER GEOLOCATE)0ADDRESSESFROMPACKETCAPTURESINVESTIGATEPOPULAR$$O3TOOL- KITSDISCOVERDECOYSCANSANALYZEBOTNETTRAFlCANDFOILINTRUSIONDETECTION SYSTEMS Chapter 5: Wireless Mayhem with Python #HAPTERCREATESMAYHEMFORWIRELESSAND"LUETOOTHDEVICES4HEEXAMPLESIN THISCHAPTERSHOWHOWTOSNIFFANDPARSEWIRELESSTRAFlCBUILDAWIRELESSKEY- LOGGERIDENTIFYHIDDENWIRELESSNETWORKSREMOTELYCOMMAND5!6SIDENTIFY MALICIOUS WIRELESS TOOLKITS IN USE STALK "LUETOOTH RADIOS AND EXPLOIT "LUE- TOOTHVULNERABILITIES Chapter 6: Web Recon With Python #HAPTER EXAMINES USING 0YTHON TO SCRAPE THE WEB FOR INFORMATION 4HE EXAMPLESINTHISCHAPTERINCLUDEANONYMOUSLYBROWSINGTHEWEBVIA0YTHON WORKINGWITHDEVELOPER!0)SSCRAPINGPOPULARSOCIALMEDIASITESANDCREATING ASPEARPHISHINGEMAIL Chapter 7: Antivirus Evasion with Python )NTHE&INALCHAPTER#HAPTERWEBUILDAPIECEOFMALWARETHATEVADESANTIVI- RUSSYSTEMS!DDITIONALLYWEBUILDASCRIPTFORUPLOADINGOURMALWAREAGAINST ANONLINEANTIVIRUSSCANNER Introduction [...]... search through Python repositories to find the package, download it if found, and install it automatically programmer:∼ # easy_install python- nmap Searching for python- nmap Readinghttp://pypi .python. org/simple /python- nmap/ Readinghttp://xael.org/norman /python/ python-nmap/ Best match: python- nmap 0.2.4 Downloadinghttp://xael.org/norman /python/ python-nmap /python- nmap0.2.4.tar.gz Processing python- nmap-0.2.4.tar.gz... issue the command python setup.py install, which installs the python- nmap package Installing most third-party packages will follow the same steps of downloading, uncompressing, and then issuing the command python setup.py install programmer:∼# wget http://xael.org/norman /python/ python-nmap/pythonnmap-0.2.4.tar.gz-On map.tar.gz 2012-04-24 15:51:51 http://xael.org/norman /python/ python-nmap/ python- nmap-0.2.4.tar.gz... package python- bluez Unpacking python- bluez (from /python- bluez_0.18-1_amd64.deb) Setting up bluetooth (4.60-0ubuntu8) Setting up python- bluez (0.18-1) Processing triggers for python- central Additionally, a few examples in Chapter five and seven require a Windows installation of Python For the latest Python Windows Installer, visit http:// www .python. org/getit/ In recent years, the source code for Python. .. time of this book’s publication, BackTrack 5 R2 offered Python 2.6.5 as the stable version of Python programmer# python -V Python 2.6.5 Interpreted Python Versus Interactive Python Similar to other scripting languages, Python is an interpreted language At runtime an interpreter processes the code and executes it To demonstrate the use of the Python interpreter, we write print “Hello World” to a file... .py to init .pyc byte-compiling /usr/local/lib /python2 .6/dist-packages/nmap/example.py to example.pyc byte-compiling /usr/local/lib /python2 .6/dist-packages/nmap/nmap.py to nmap.pyc running install_egg_info Writing /usr/local/lib /python2 .6/dist-packages /python_ nmap-0.2.4.egginfo To make installing Python packages even easier, Python setuptools provides a Python module called easy_install Running the... python- nmap-0.2.4.tar.gz Running python- nmap-0.2.4/setup.py -q bdist_egg dist-dir /tmp/easy_ install-rtyUSS /python- nmap-0.2.4/egg-dist-tmp-EOPENs zip_safe flag not set; analyzing archive contents Adding python- nmap 0.2.4 to easy-install.pth file Installed /usr/local/lib /python2 .6/dist-packages /python_ nmap-0.2.4py2.6.egg Processing dependencies for python- nmap Finished processing dependencies for python- nmap To rapidly... assessment ended and the true penetration test began Violent Python http://dx.doi.org/10.1016/B978-1-59-749957-6.00001-6 Copyright © 2013 Elsevier Inc All rights reserved CONTENTS Introduction: A Penetration Test with Python 1 Setting Up Your Development Environment 2 Installing Third Party Libraries .3 Interpreted Python Versus Interactive Python .5 The Python Language 6 Variables .7 Strings... ENVIRONMENT The Python download site (http://www .python. org/download/) provides a repository of Python installers for Windows, Mac OS X, and Linux Operating Systems If you are running Mac OS X or Linux, odds are the Python interpreter is already installed on your system Downloading an installer provides a programmer with the Python interpreter, the standard library, and several built-in modules The Python standard... /usr/local/lib /python2 .6/dist-packages/nmap copying build/lib.linux-x86_64-2.6/nmap/ init .py -> /usr/local/lib/ python2 .6/dist-packages/nmap copying build/lib.linux-x86_64-2.6/nmap/example.py -> /usr/local/lib/ python2 .6/dist-packages/nmap 3 4 CHAPTER 1: Introduction copying build/lib.linux-x86_64-2.6/nmap/nmap.py -> /usr/local/lib/ python2 .6/dist-packages/nmap byte-compiling /usr/local/lib /python2 .6/dist-packages/nmap/... new script, we invoke the Python interpreter followed by the name of the newly created script programmer# echo print \"Hello World\" > hello.py programmer# python hello.py Hello World Additionally, Python provides interactive capability A programmer can invoke the Python interpreter and interact with the interpreter directly To start the interpreter, the programmer executes python with no arguments . python- nmap Readinghttp://pypi .python. org/simple /python- nmap/ Readinghttp://xael.org/norman /python/ python-nmap/ Best match: python- nmap 0.2.4 Downloadinghttp://xael.org/norman /python/ python-nmap /python- nmap- 0.2.4.tar.gz Processing. BackTrack 5 R2 offered Python 2.6.5 as the stable version of Python. programmer# python -V Python 2.6.5 Interpreted Python Versus Interactive Python Similar to