Violent Python : a cookbook for hackers, forensic analysts, penetration testers, and security engineers

Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates h...

Full description

Saved in:
Bibliographic Details
Main Author: O'Connor, T. J.
Format: eBook Book
Language:English
Published: Amsterdam Elsevier 2013
Waltham, Mass Syngress
Elsevier Science & Technology Books
Edition:1
Subjects:
Penetration testing (Computer security)
Python (Computer program language)
ISBN:1597499579, 9781597499576
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • Kevin Mitnick and TCP Sequence Prediction -- Your Very Own TCP Sequence Prediction -- Crafting a SYN Flood with Scapy -- Calculating TCP Sequence Numbers -- Spoofing the TCP Connection -- Foiling Intrusion Detection Systems with Scapy -- Chapter Wrap-Up -- References -- Chapter 5 Wireless Mayhem with Python -- Introduction: Wireless (IN)Security and the Iceman -- Setting up Your Wireless Attack Environment -- Testing Wireless Capture with Scapy -- Installing Python Bluetooth Packages -- The Wall of Sheep-Passively Listening to Wireless Secrets -- Using Python Regular Expressions to Sniff Credit Cards -- Sniffing Hotel Guests -- Building a Wireless Google Key Logger -- Sniffing FTP Credentials -- Where Has Your Laptop Been? Python Answers -- Listening for 802.11 Probe Requests -- Finding Hidden Network 802.11 Beacons -- De-Cloaking Hidden 802.11 Networks -- Intercepting and Spying on UAVS with Python -- Intercepting the Traffic, Dissecting the Protcol -- Crafting 802.11 Frames with Scapy -- Finalizing the Attack, Emergency Landing the UAV -- Detecting Firesheep -- Understanding Wordpress Session Cookies -- Herd the Sheep-Catching Wordpress Cookie Reuse -- Stalking with Bluetooth and Python -- Intercepting Wireless Traffic to Find Bluetooth Addresses -- Scanning Bluetooth RFCOMM Channels -- Using the Bluetooth Service Discovery Protocol -- Taking over a Printer with Python ObexFTP -- Bluebugging a Phone with Python -- Chapter Wrap-Up -- References -- Chapter 6 Web Recon with Python -- Introduction: Social Engineering Today -- Recon Prior to Attack -- Using the Mechanize Library to Browse the Internet -- Anonymity-Adding Proxies, User-Agents, Cookies -- Finalizing Our AnonBrowser into a Python Class -- Scraping Web Pages with anonBrowser -- Parsing HREF Links with a Beautiful Soup -- Mirroring Images with Beautiful Soup
  • Research, Investigate, Discovery -- Interacting with the Google API in Python -- Parsing Tweets with Python -- Pulling Location Data out of Tweets -- Parsing Interests from Twitter Using Regular Expressions -- Anonymous Email -- Mass Social Engineering -- Using Smtplib to Email Targets -- Spear Phishing with Smtplib -- Chapter Wrap-Up -- References -- Chapter 7 Antivirus Evasion with Python -- Introduction: Flame On! -- Evading Antivirus Programs -- Verifying Evasion -- Wrap Up -- References -- Index
  • Intro -- Trademarks -- Acknowledgements -- Dedication -- Contents -- Lead Author - TJ O'Connor -- Contributing Author Bio - Rob Frost -- Technical Editor Bio - Mark Baggett -- Introduction -- Chapter 1 Introduction -- Introduction: A Penetration Test with Python -- Setting up Your Development Environment -- Installing Third Party Libraries -- Interpreted Python Versus Interactive Python -- The Python Lanuage -- Variables -- Strings -- Lists -- Dictionaries -- Networking -- Selection -- Exception Handling -- Functions -- Iteration -- File I/O -- Sys Module -- OS Module -- Your First Python Programs -- Setting the Stage for Your First Python Program: The Cuckoo's Egg -- Your First Program, a UNIX Password Cracker -- Setting the Stage for Your Second Program: Using Evil for Good -- Your Second Program, a Zip-File Password Cracker -- Chapter Wrap-Up -- References -- Chapter 2 Penetration Testing with Python -- Introduction: The Morris Worm-Would it Work Today? -- Building a Port Scanner -- TCP Full Connect Scan -- Application Banner Grabbing -- Threading the Scan -- Integrating the Nmap Scanner -- Building an SSH Botnet with Python -- Interacting with SSH Through Pexpect -- Brute Forcing SSH Passwords with Pxssh -- Exploting SSH Through Weak Private Keys -- Constructing the SSH Botnet -- Mass Compromise by Bridging FTP and WEB -- Building an Anonymous FTP Scanner with Python -- Using Ftplib to Brute Force FTP User Credentials -- Searching the Web Pages on FTP Server -- Adding a Malicious Inject to Web Pages -- Bringing the Entire Attack Together -- Conficker, Why Trying Hard is Always Good Enough -- Attacking the Windows SMB Service with Metasploit -- Writing Python to Interact with Metasploit -- Remote Process Execution Brute Force -- Putting it Back Together to Build Our Own Conficker -- Writing Your Own Zero-Day Proof of Concept Code
  • Stack-Based Buffer Overflow Attacks -- Adding the Key Elements of the Attack -- Sending the Exploit -- Asembling the Entire Exploit Script -- Chapter Wrap-Up -- References -- Chapter 3 Forensic Investigations with Python -- Introduction: How Forensics Solved the BTK Murders -- Where Have You Been?-Analysis of Wireless Access Points in the Registry -- Using WinReg to Read the Windows Registry -- Using Mechanize to Submit the MAC Address to Wigle -- Using Python to Recover Deleted Items in the Recycle Bin -- Using the OS Module to Find Deleted Items -- Python to Correlate SID to User -- Metadata -- Using PyPDF to Parse PDF Metadata -- Understanding Exif Metadata -- Downloading Images with BeautifulSoup -- Reading Exif Metadata from Images with the Python Imaging Library -- Investigating Applicaton Artifacts with Python -- Understanding the Skype Sqlite3 Database -- Using Python and Sqlite3 to Automate Skype Database Queries -- Parsing Firefox Sqlite3 Databases with Python -- Investigating iTunes Mobile Backups with Python -- Chapter Wrap-Up -- References -- Chapter 4 Network Traffic Analysis with Python -- Introduction: Operation Aurora and How the Obvious Was Missed -- Where is that IP Traffic Headed?-A Python Answer -- Using PyGeoIP to Correlate IP to Physical Locations -- Using Dpkt to Parse Packets -- Using Python to Build a Google Map -- Is Anonymous Really Anonymous? Analyzing Loic Traffic -- Using Dpkt to Find the LOIC Download -- Parsing IRC Commands to the Hive -- Identifying the DDoS Attack in Progress -- How H.D. Moore Solved the Pentagon's Dilemma -- Understanding the TTL Field -- Parsing TTL Fields with Scapy -- Storm's Fast-Flux and Conficker's Domain-Flux -- Does Your DNS Know Something you Don't? -- Using Scapy to Parse DNS Traffic -- Detecting Fast Flux Traffic with Scapy -- Detecting Domain Flux Traffic with Scapy