Python for Offensive PenTest
A practical guide to ethical hacking and penetration testing using Python
Hussam Khrais
BIRMINGHAM - MUMBAI
Python for Offensive PenTest
Copyright 2018 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Commissioning Editor: David Barnes
Acquisition Editor: Namrata Patil
Content Development Editor: Dattatraya More
Technical Editors: Nirbhaya Shaji and Sayali Thanekar
Copy Editor: Laxmi Subramanian
Project Coordinator: Shweta H Birwatkar
Proofreader: Safis Editing
Indexer: Pratik Shirodkar
Graphics: Jisha Chirayil
Production Coordinator: Arvindkumar Gupta
First published: April 2018
Production reference: 1250418
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78883-897-9
www.packtpub.com
mapt.io
Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
Why subscribe?
Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals
Improve your learning with Skill Plans built especially for you
Get a free eBook or video every month
Mapt is fully searchable
Copy and paste, print, and bookmark content
PacktPub.com
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.
At www.PacktPub.com , you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors
About the author
Hussam Khrais is a senior security engineer, GPEN, and CEHHI with over 7 years of experience in penetration testing, Python scripting, and network security. He spends countless hours forging custom hacking tools in Python. He currently holds the following certificates in information security:
- GIAC Penetration Testing (GPEN)
- Certified Ethical Hacker (CEH)
- Cisco Certified Network Professional - Security (CCNP Security)
Packt is searching for authors like you
If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.
Table of Contents
Preface
Python is an easy-to-learn cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python and can be easily integrated within your script. This book is divided into clear bite-size chunks, so you can learn at your own pace and focus on the areas that are of most interest to you. You will learn how to code your own scripts and master ethical hacking from scratch.
Who this book is for
This book is for ethical hackers; penetration testers; students preparing for OSCP, OSCE, GPEN, GXPN, and CEH; information security professionals; cyber security consultants; system and network security administrators; and programmers who are keen on learning all about penetration testing.
What this book covers
, Warming up Your First Antivirus-Free Persistence Shell , prepares our Kali Linux as the attacker machine. It also prepares out a target and gives a quick overview of the TCP reverse shell, the HTTP reverse shell, and how to assemble those.
, Advanced Scriptable Shell , covers evaluating dynamic DNS, interacting with Twitter, and the use of countermeasures to protect ourselves from attacks.
, Password Hacking , explains the usage of antivirus free loggers, hijacking the KeePass password manager, Firefox API hooking, and password phishing.
, Catch Me If You Can! , explains how to bypass a host-based firewall outline, hijack Internet Explorer, and bypass reputation filtering. We also interact with source forge and Google forms.
, Miscellaneous Fun in Windows , focus on exploiting vulnerable software in Windows and different techniques within privilege escalation. We'll also look into creating backdoors and covering our tracks.
, Abuse of Cryptography by Malware , provides a quick introduction to encryption algorithms, protecting your tunnel with AES and RSA, and developing hybrid-encryption keys.
To get the most out of this book
You'll need an understanding of Kali Linux and the OSI model. Also, basic knowledge of penetration testing and ethical hacking would be beneficial.
You will also need a 64-bit Kali Linux and a 32-bit Windows 7 machine with Python installed, on Oracle VirtualBox. A system having a minimum of 8 GB RAM is recommended.
Download the example code files
You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.
You can download the code files by following these steps:
- Log in or register at www.packtpub.com.
- Select the SUPPORT tab.
- Click on Code Downloads & Errata .
- Enter the name of the book in the Search box and follow the onscreen instructions.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
- WinRAR/7-Zip for Windows
- Zipeg/iZip/UnRarX for Mac
- 7-Zip/PeaZip for Linux
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Python-for-Offensive-PenTest . In case there's an update to the code, it will be updated on the existing GitHub repository.