HACKING
WITH PYTHON
The Complete Beginner's Course to Learn Ethical Hacking With Python in 7 Clear-Cut Lessons - Including Dozens of Practical Examples & Exercises
By Alphy Books
Copyright 2016
All rights reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in reviews and certain noncommercial uses permitted by copyright law.
Trademarked names appear throughout this book. Rather than use a trademark symbol with every occurrence of a trademark name, names are used in an editorial fashion, with no intention of infringement of the respective owner's trademark.
The information in this book is distributed on an "as is" basis, exclusively for educational purposes, without warranty. Neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this book.
Table of Contents
I would love to change the world, but they won't give me the source code
Unknown Author
Chapter 1
Introduction
These days, it normally goes without saying that digital security is extremely important. And, most users, most of the time, take for granted that their information is safe in the hands of the people who manage their sensitive digital activities: e-banking sites, online stores, private messages, social networks, and so on. And, of course, there is no reason to worry about the information that remains safely on our own computers. But every few months, there will be a new rash of reminders about how important digital security really is and how careful we should always be with our data.
The reason why something that normally goes without saying is so often actually said is that, even though we all understand that the security of our computer systems is crucial, we have reached a point where most of us tend to expect that the security we need has already been built into the systems we use by people who know what they are doing. This would not be a problem if it were not for the fact that, even for people who know what they are doing, implementing strong security systems is a very difficult task. For one, it is nearly, if not entirely, impossible to predict all of the possible means that unauthorized individuals could use to try to break into a system. For every exploitable feature that is identified and fixed, a dozen more may be introduced without anyone realizing it. More fundamentally, though, strong security is difficultand perfect security is impossiblebecause, in order for a system to be useful, there needs to be some way for authorized users to get in. A building with no doors or windows is perfectly secure; it is also completely worthless as a building. Sometimes, just having a front door is all that it takes to give the wrong people a way inside. More concretely, any computer system, be it an operating system, a web app, or anything else, is all but guaranteed to have features that can be leveraged to do things that the creators of the system did not intend. The people who know how to search for and exploit these vulnerabilities are called hackers.
To put a very simple, concrete definition to the term, hacking is the act of gaining access to computer systems that you are not supposed to have access to. And, whether your intention is to become a hacker yourself or to develop methods to keep hackers out of your own systems, you are going to need to learn how to think like a hacker. This book is designed to help you do that.
To clarify some terminology that you are likely to encounter as you learn more about this subject, I am going to take a moment to talk about hats. You will hear people describe others (or even self-identify) as white hat , black hat , or gray hat hackers. This distinction is a reference to the early days of cinemawesterns, in particularwhen the audience could easily tell which characters were the good guys and which were the bad guys simply by the color of the hats they were wearingthe good guys always wore white, the bad guys always wore black. In the context of hacking, this provides a reasonably useful way to broadly categorize the huge variety of activities that could all be considered to be forms of hacking.
First of all, black hat hacking is the type that is most often talked about, and it is what most people think of when they hear the term hacker . You probably already have a decent idea of what this can includestealing financial and personal information, taking down web servers, and so onbut, in general, black hat hacking can be characterized as any kind of hacking that breaks rules and generally leaves their targets worse off than they were before. White hat hacking, on the other hand, is done with good intentions. Most often, this means penetration testing (often shortened to pentesting ) in which a hacker is hired or volunteers to attempt to break into a clients systems in order to locate potential security flaws. It is not uncommon for large software companies to offer rewards to hackers who warn them of vulnerabilities in their products as a supplement to their own internal security testing. Finally, gray hat hacking encompasses anything that does not fit comfortably into either of the other hats. This could be taken to mean just about anything, but most commonly refers to things like reverse-engineering and software cracking, which are often seen as ethically questionable but not detrimental to the target in the same way that a black hat hack, like stealing a servers worth of customers personal data, might be. If you are trying to learn more about a subject, narrowing it down to one of those categories is a decent way to start your search.
Goals of this Book
This book aims to provide all of the information that an intermediate or advanced Python programmer will need to get started in the world of hacking and pentesting. As such, it mostly assumes a solid understanding of the Python language and of basic programming principles. The material may also be accessible to more novice programmers, but I would recommend that they read through the code examples much more carefully (and keep a copy of the Python documentation handy) to make sure that they understand exactly what is going on in each line.
Hacking, more than most sub-fields of programming, demands a strong grasp of the fundamentals and underlying concepts that various strategies employ. This is because almost as soon as an approach is developed to break into a system, the security experts on the other side of that system are working on a way to fix it. And they normally succeed fairly quickly. The result is that the examples of truly exciting exploits that you can find online and in books are basically all already obsolete. So, the value of understanding and learning from existing examples is not (for the most part) to gain recipes that you will be able to apply to your own real-world circumstances, but rather to provide insight into how the target systems work at a deeper level and to give you ideas of the kinds of exploits that developers may have inadvertently left open in their programs. The result of this is that there will need to be some areas of this book that primarily focus on concepts, with relatively few code examples. Obviously, this material will not be as interesting as the actual code, so I will try to keep it to the bare minimum required to understand the practical material that it supports. In case there are aspects of this support material that might be covered too quickly for some readers, I will attempt to provide all of the foundation and vocabulary that you will need to seek further material on these topics from other sources.
Next page