5 3995 9 781593 271923 ISBN: 978-1-59327-192-3 6 89145 71921 5 PYTHON PROGRAMMING FOR HACKERS AND REVERSE ENGINEERS Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it’s easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore. Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools — and how to build your own when the pre-built ones won’t cut it. You’ll learn how to: > Automate tedious reversing and security tasks > Design and program your own debugger > Learn how to fuzz Windows drivers and create powerful fuzzers from scratch > Have fun with code and library injection, soft and hard hooking techniques, and other software trickery > Sniff secure trafc out of an encrypted web browser session > Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more The world’s best hackers are using Python to do their handiwork. Shouldn’t you? JUSTIN SEITZ is a Senior Security Researcher for Immunity, Inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python. THE FINEST IN GEEK ENTERTAINMENT™ w w w.no sta rch.co m “I LAY FLAT.” This book uses RepKover — a durable binding that won’t snap shut. GRAY HAT PYTHON MASTER THE PROFESSIONAL HACKER’S PYTHON TOOLKIT $39.95 ($49.95 CDN) SHELVE IN: COMPUTERS/SECURiTy SEITZ JUSTIN SEITZ GRAY HAT PYTHON GRAY HAT PYTHON GRAY HAT PYTHON Python Programming for Hackers and Reverse Engineers by Justin Seitz San Francisco GRAY HAT PYTHON. Copyright © 2009 by Justin Seitz. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 13 12 11 10 09 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-192-1 ISBN-13: 978-1-59327-192-3 Publisher: William Pollock Production Editor: Megan Dunchak Cover Design: Octopod Studios Developmental Editor: Tyler Ortman Technical Reviewer: Dave Aitel Copyeditor: Linda Recktenwald Compositors: Riley Hoffman and Kathleen Mish Proofreader: Rachel Kai Indexer: Fred Brown, Allegro Technical Indexing For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 555 De Haro Street, Suite 250, San Francisco, CA 94107 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data: Seitz, Justin. Gray hat Python : Python programming for hackers and reverse engineers / Justin Seitz. p. cm. ISBN-13: 978-1-59327-192-3 ISBN-10: 1-59327-192-1 1. Computer security. 2. Python (Computer program language) I. Title. QA76.9.A25S457 2009 005.8 dc22 2009009107 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. Mom, If there’s one thing I wish for you to remember, it’s that I love you very much. Alzheimer Society of Canada—www.alzheimers.ca BRIEF CONTENTS Foreword by Dave Aitel xiii Acknowledgments xvii Introduction xix Chapter 1: Setting Up Your Development Environment 1 Chapter 2: Debuggers and Debugger Design 13 Chapter 3: Building a Windows Debugger 25 Chapter 4: PyDbg—A Pure Python Windows Debugger 57 Chapter 5: Immunity Debugger—The Best of Both Worlds 69 Chapter 6: Hooking 85 Chapter 7: DLL and Code Injection 97 Chapter 8: Fuzzing 111 Chapter 9: Sulley 123 Chapter 10: Fuzzing Windows Drivers 137 Chapter 11: IDAPython—Scripting IDA Pro 153 Chapter 12: PyEmu—The Scriptable Emulator 163 Index 183 [...]... wget http:/ /python. org/ftp /python/ 2.5.1 /Python- 2.5.1.tgz tar –zxvf Python- 2.5.1.tgz mv Python- 2.5.1 Python2 5 cd Python2 5 You have now downloaded and unzipped the source code into /usr/local/ Python2 5 The next step is to compile the source code and make sure the Python interpreter works: # /configure –-prefix=/usr/local /Python2 5 # make && make install # pwd /usr/local /Python2 5 # python Python 2.5.1... Installing Python 2.5 The Python installation is quick and painless on both Linux and Windows Windows users are blessed with an installer that takes care of all of the setup for you; however, on Linux you will be building the installation from source code 1.2.1 Installing Python on Windows Windows users can obtain the installer from the main Python site: http:// python. org/ftp /python/ 2.5.1 /python- 2.5.1.msi... Click Next to continue 3 Name the project Gray Hat Python Click Finish New Project You will notice that your Eclipse screen will rearrange itself, and you should see your Gray Hat Python project in the upper left of the screen Now right-click the src folder, and select New PyDev Module In the Name field, enter chapter1-test, and click Finish You will notice that your project pane has been updated, and... Installing Python for Linux To install Python 2.5 for Linux, you will be downloading and compiling from source This gives you full control over the installation while preserving the existing Python installation that is present on a Red Hat based system The installation assumes that you will be executing all of the following commands as the root user The first step is to download and unzip the Python 2.5... learn not only how to use Python- based tools but how to build tools in Python But be forewarned, this is not an exhaustive reference! There are many, many infosec (information security) tools written in Python that I did not cover However, this book will allow you to translate a lot of the same skills across applications so that you can use, debug, extend, and customize any Python tool of your choice... version of your script: # python /root/chapter1-printf.py Testing: Hello world! # It is that easy to be able to call into a dynamic library and use a function that is exported You will be using this technique many times throughout the book, so it is important that you understand how it works 1.3.3 Constructing C Datatypes Creating a C datatype in Python is just downright sexy, in that nerdy, weird way Having... ensure that your user environment knows where to find the Python interpreter automatically, you must edit the /root/.bashrc file I personally use nano to do all of my text editing, but feel free to use whatever editor you are comfortable with Open the /root/.bashrc file, and at the bottom of the file add the following line: export PATH=/usr/local /Python2 5/:$PATH This line tells the Linux environment that... the Linux environment that the root user can access the Python interpreter without having to use its full path If you log out and log Set ti ng U p Y our De vel opm en t En vi ron m en t 3 back in as root, when you type python at any point in your command shell you will be prompted by the Python interpreter Now that you have a fully operational Python interpreter on both Windows and Linux, it’s time... will be posted to http://www.nostarch.com/ ghpython.htm for your downloading pleasure Now let’s get coding! xx In t rod uc ti on 1 SETTING UP YOUR DEVELOPMENT ENVIRONMENT Before you can experience the art of gray hat Python programming, you must work through the least exciting portion of this book, setting up your development environment It is essential that you have a solid development environment,... folks, too I spent a great deal of time hunting around for a language that was well suited for hacking and reverse engineering, and a few years ago it became very apparent that Python was becoming the natural leader in the hacking-programminglanguage department The tricky part was the fact that there was no real manual on how to use Python for a variety of hacking tasks You had to dig through forum posts . THE PROFESSIONAL HACKER’S PYTHON TOOLKIT $39.95 ($49.95 CDN) SHELVE IN: COMPUTERS/SECURiTy SEITZ JUSTIN SEITZ GRAY HAT PYTHON GRAY HAT PYTHON GRAY HAT PYTHON Python Programming for Hackers. exploits, and coding Python. THE FINEST IN GEEK ENTERTAINMENT™ w w w.no sta rch.co m “I LAY FLAT.” This book uses RepKover — a durable binding that won’t snap shut. GRAY HAT PYTHON MASTER THE PROFESSIONAL. Justin. Gray hat Python : Python programming for hackers and reverse engineers / Justin Seitz. p. cm. ISBN-13: 978-1-59327-192-3 ISBN-10: 1-59327-192-1 1. Computer security. 2. Python (Computer