Penetration testing using python
Download as PPTX, PDF•1 like•775 views
This document provides an overview of Python pen-testing techniques. It discusses why Python is useful for pen testing due to its ease of use, large library of modules, and multiplatform support. A brief history of Python and examples of common data types, code snippets, libraries like urllib2 and win32com, and techniques like fuzzing, encoding, password cracking, and WMI are also presented.
![Data Types
Data types:
Strings - “Hello”
Numbers – 123
Lists – [‘hello’,’2’,’1’]
Tuples - (‘1’,’2’,’3’) (immutable)
Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}](https://image.slidesharecdn.com/pentestusingpython-150111234148-conversion-gate01/85/Penetration-testing-using-python-6-320.jpg)
Penetration testing using python
- 1. P U R N A C H A N D E R Pen-Test Techniques using Python
- 2. Why? Easy ( Install, learn, Code) Tons of Libraries Code is easy to understand Multiplatform Good for Prototyping Free
- 3. History Conceived in late 80´s and first implementation in 1989 Created by Guido Van Rossum Actually there are two branches 2.x and 3.0
- 4. Python Interpreted language Object oriented Indentation is significant in Python, block delimiter. Usual control structures (if, while, etc) Multiple levels of organization (function, classes, modules, packages)
- 5. Who is using Python? Canvas W3AF Sqlmap Impacket Google ImmunityDebugger Peach Sulley Paimei Scapy Spike Proxy Core Impact
- 6. Data Types Data types: Strings - “Hello” Numbers – 123 Lists – [‘hello’,’2’,’1’] Tuples - (‘1’,’2’,’3’) (immutable) Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}
- 7. Basic Code bits import sys ofile = ”names.txt” fil = open(ofile,'w’) x = fil.readlines() for y in x: print y
- 8. Urllib2 Library to deal with HTTP import urllib2 response = urllib2.urlopen('http://python.org/') html = response.read() print html
- 9. Basic fuzzer import sys, urllib2 ofile = ”dirs.txt” fil = open(ofile,'w') dirs = fil.readlines() for x in dirs: response = urllib2.urlopen('http://python.org/’+x) html = response.read()
- 10. Encoding import base64 string=“TEST” base64.standard_b64encode(string) 'VEVTVA==' import hashlib m=hashlib.new('md5’) m.update(string) res = m.hexdigest() print res 033bd94b1168d7e4f0d644c3c95e35bf
- 11. 7 Zip Cracker import os, sys, pas = open('passwords.txt', 'rb') password=pas.readlines() for x in password: try: fp = open('test.7z', 'rb') archive = Archive7z(fp, password=x) print ”The password is" + x sys.exit() except Exception, e: fp.close()
- 12. Win32Com Library that allows us to access COM objects in Win32 systems We can automate Word, Excel, Powerpoint, access WMI and etc..
- 13. Excel Processing from win32com.client import Dispatch xlApp = Dispatch("Excel.Application") xlApp.Visible = 1 xlApp.Workbooks.open("test.xls") for x in range(1,100): nombre=str(xlApp.ActiveSheet.Cells(x,5)) print nombre xlApp.Quit()
- 14. WMI import wmi c = wmi.WMI () for process in c.Win32_Process (): print process.ProcessId, process.Name
- 15. THANK YOU Q & A