Utilize Python scripting to execute effective and efficient penetration tests
ABOUT THIS BOOK
* Understand how and where Python scripts meet the need for penetration testing
* Familiarise yourself with the process of highlighting a specific methodology to exploit an environment to fetch critical data
* Develop your Python and penetration testing skills with real-world examples
WHO more » THIS BOOK IS FOR
If you are a security professional or researcher, with knowledge of different operating systems and a conceptual idea of penetration testing, and you would like to grow your knowledge in Python, then this book is ideal for you.
WHAT YOU WILL LEARN
* Familiarise yourself with the generation of Metasploit resource files
* Use the Metasploit Remote Procedure Call (MSFRPC) to automate exploit generation and execution
* Use Python's Scrapy, network, socket, office, Nmap libraries, and custom modules
* Parse Microsoft Office spreadsheets and eXtensible Markup Language (XML) data files
* Write buffer overflows and reverse Metasploit modules to expand capabilities
* Exploit Remote File Inclusion (RFI) to gain administrative access to systems with Python and other scripting languages
* Crack an organization's Internet perimeter
* Chain exploits to gain deeper access to an organization's resources
* Interact with web services with Python
Python is a powerful new-age scripting platform that allows you to build exploits, evaluate services, automate, and link solutions with ease. Python is a multi-paradigm programming language well suited to both object-oriented application development as well as functional design patterns. Because of the power and flexibility offered by it, Python has become one of the most popular languages used for penetration testing.
This book highlights how you can evaluate an organization methodically and realistically. Specific tradecraft and techniques are covered that show you exactly when and where industry tools can and should be used and when Python fits a need that proprietary and open source solutions do not.
Initial methodology, and Python fundamentals are established and then built on. Specific examples are created with vulnerable system images, which are available to the community to test scripts, techniques, and exploits. This book walks you through real-world penetration testing challenges and how Python can help.
From start to finish, the book takes you through how to create Python scripts that meet relative needs that can be adapted to particular situations. As chapters progress, the script examples explain new concepts to enhance your foundational knowledge, culminating with you being able to build multi-threaded security tools, link security tools together, automate reports, create custom exploits, and expand Metasploit modules.
STYLE AND APPROACH
This book is a practical guide that will help you become better penetration testers and/or Python security tool developers. Each chapter builds on concepts and tradecraft using detailed examples in test environments that you can simulate. « less
Master the Nmap Scripting Engine and the art of developing NSE scripts
Nmap is a well-known security tool used by penetration testers and system administrators for many different networking tasks. The Nmap Scripting Engine (NSE) was introduced during Google's Summer of Code 2006 and has added the ability to perform additional tasks on target hosts, such as advanced fingerprinting more » and service discovery and information gathering.
This book will teach you everything you need to know to master the art of developing NSE scripts. The book starts by covering the fundamental concepts of Lua programming and reviews the syntax and structure of NSE scripts. After that, it covers the most important features of NSE. It jumps right into coding practical scripts and explains how to use the Nmap API and the available NSE libraries to produce robust scripts. Finally, the book covers output formatting, string handling, network I/O, parallelism, and vulnerability exploitation.
***** Who This Book Is For *****
If you want to learn to write your own scripts for the Nmap Scripting Engine, this is the book for you. It is perfect for network administrators, information security professionals, and even Internet enthusiasts who are familiar with Nmap. « less
This book is not for professional hackers. Instead, this book is made for beginners who have programming experience and are interested in hacking.
Here, hacking techniques that can be easily understood have been described.
If you only have a home PC, you can test all the examples more » provided here.
I have included many figures that are intuitively understandable rather than a litany of explanations.
Therefore, it is possible to gain some practical experience while hacking, since I have only used examples that can actually be implemented.
This book is therefore necessary for ordinary people who have a curiosity of hackers and are interested in computers.
ORGANIZATION OF THE BOOK
A beginner is naturally expected to become a hacker while reading this book.
Briefly introduce the basic Python syntax that is necessary for hacking.
A variety of tools and the Python language can be combined to support network hacking and to introduce the network hacking technique.
Briefly, we introduce NMap with the Wireshark tool, and hacking techniques such as Port Scanning, Packet Sniffing, TCP SYN Flood, Slowris Attack are introduced.
Python Application Hacking Essentials
Basic Concept for a Windows Application
Message Hooking Utilizing ctypes
API hook utilizing pydbg module
Image File Hacking
Python Web Hacking Essentials
Overview of Web Hacking
Configure Test Environment
Password Cracking Attack
Web Shell Attack
Python Network Hacking Essentials
Network Hacking Introduction
Configure a Test Environment
Vulnerability Analysis via Port Scanning
Stealing Credentials Using Packet Sniffing
Overview of a DoS Attack
DoS - Ping of Death
DoS - TCP SYN Flood
DoS - Slowloris Attack
Python System Hacking Essentials
System Hacking Overview
Stack-Based Buffer Overflow
SEH Based Buffer Overflow
Python Hacking Essentials
Contains All Contents Above « less
Tools and Techniques to Attack the Web
The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. more » This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities.
The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.
With Dr. Pauli’s approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.
* Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user
* Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more!
* Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University « less