Overview of python misec - 2-2012

Overview of Python

Flying made simple without
the Nyquil hangover

Agenda
• About me
• History of Python
• About Python
• Python’s uses
• Python basics (Python 101)
• CSAW Crypto Redux
• Extra credit
• Resources
• Tips, tricks, observations

About me
Who am I?
• Husband/father/geek/gets distracted by shiny
objects easy
• Career path switched to IT in 1999, professionally an
IT guy since 2001
– Started the infosec career path switch in
2009, officially an infosec professional since
2012(?)
• Vbscript – 2007
• Python – 2011

History of Python
• Conceived in the late 1980’s by Guido van Rossum at CWI.
• Was designed to be a successor to the ABC programming
language
• Benevolent Dictator for Life (BDFL)
• Currently employed by Google where he spends half his time
working on Python development
• Python 2.0 was release on October 16th, 2000
• Contained many major new features
• Full garbage collector (automatic memory management)
• Unicode support
• Biggest change – development process with a shift towards
more transparent and community-backed process
• Python 3.0 was released on December 2008
• Many major features have been back ported to Python 2.6 and
2.7

About Python
• What is Python?
• Python is a general-purpose, high-level programming language whose
design philosophy emphasizes code readability. Python claims to
"[combine] remarkable power with very clear syntax", and
its standard library is large and comprehensive. Its use of indentation
for block delimiters is unique among popular programming languages.
• Why is it called Python?
• When he began implementing Python, Guido van Rossum was also
reading the published scripts from “Monty Python’s Flying Circus”, a
BBC comedy series from the 1970s. Van Rossum thought he needed a
name that was short, unique, and slightly mysterious, so he decided
to call the language Python.
• Fun fact - The built in IDE is named after Eric Idle, a member of
Monty Python.

What is Python good for?
• Python comes with a large standard library that covers areas such as;
• string processing (regular expressions, Unicode, calculating differences between
files)
• Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming)
• software engineering (unit testing, logging, profiling, parsing Python code)
• operating system interfaces (system calls, file systems, TCP/IP sockets)
• Artificial intelligence (because of similarities to Lisp)
• Extensive use in the information security industry, including exploit development.
• Network, debugging and reverse engineering, fuzzing, web, forensics, malware
analysis, PDF, etc.
• Easy to write short scripts for system admin work.
• Python code is easy to understand.
• Once the basic syntax is learned, even the most complicated scripts can make
sense.
• Python is cross platform!!
• It will work on Linux, Windows, Mac and most every other OS.
• Many, many resources and a big, friendly community

Python’s uses
• Applications • GUI frameworks
• BitTorrent • TKInter
• DropBox • PyQt
• Video games • wxPython
• Civilization IV • Embedded as a scripting language
• Battlefield 2 • Amarok
• Eve Online • GIMP
• Vampire: The Masquerade – • Autodesk Maya
Bloodlines • Commercial uses
• Graphics • Google apps
• Industrial Light & Magic • Reddit
• "The Phantom Menace", "The • YouTube
Mummy Returns" and other • Government
productions as ones where • CIA.gov
Python was used. • Python implementations
• Walt Disney Feature Animation • Cpython
• Science • IronPython – Python for .NET
• NASA and Mono platforms
• National Weather Service • Jython – Python coded in Java

Python basics
• Indentation does matter This will work But this won’t
if True: if True:
print "True" print "Answer"
else: print "True"
print "False“ else:
print "Answer"
print "False"

• If, If.. Else, If… Elif (no Then) If Else Elif statement
• Syntax is easy statement statement
if expression: if expression: if expression1:
statement(s) statement(s) statement(s)
else: elif expression2:
statement(s) statement(s)
else:
statement(s)

• All scripts are considered Entire module Partial method
modules import sys from sys import argv
• All functions inside
module can be used or
only certain methods can
be used inside script

Python basics
• Help is built in Help on modules Help on methods
>>> Import sys, hashlib >>> Import sys, hashlib
>>> help(sys) >>> help(sys.argv)
>>> help(hashlib) >>> help(hashlib.sha512)

>>> pydoc sys >>> pydoc sys.argv
>>> pydoc hashlib >>> pydoc hashlib.sha512

• It can be ran interactively Via command Via IDLE or
prompt DreamPie
python • IDLE is built in to Python
installs
Python 2.72 • DreamPie is a Python
Type “help”, “copyright”.. shell (best used on Linux)
>>>

My approach – Post CSAW
crypto challenges
Each challenge
1. Encrypted message inside script –
Output is decrypted
2. Encrypted message can be used as
an argument when calling script –
Output is decrypted
3. Encrypted message can be read
from a file for decrypting

Overall
1. One module for all
decrypting, each decryption style is
a method

My overall scoreboard
Challenge 1- Challenge 2 – Challenge 3 – Challenge 4 – Challenge 5 – Challenge 6 -
Unicode Hex Binary Base64 ROT13

Script option 1 - Done Done Done * Done Done Incomplete
inside script

Script option 2 – Done Done Done* Done Done Incomplete
argument

Script option 3 – Done Done Done* Done Done Incomplete
from file

Script option 4 – n/a n/a n/a n/a n/a Incomplete
from input
(scrapped, 255
character limit)
Overall – module Success Success Success Success Success Incomplete
with methods
(CSAW_Crypto.py)

* Found the code excerpt online

CSAW Crypto Redux
Crypto challenge # 1

Cipher text: 87 101 108 99 111 109 101 32 116 111 32 116 104 101
32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67
84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32
112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108
108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110
100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118
101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104
101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111
114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32
105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46

Answer
Welcome to the 2011 NYU Poly CSAW CTF
event. We have planned many challenges for
you and we hope you have fun solving them
all. The key for this challenge is cryptography.

Wolfgang’s code
private static string AsciiToString(string encodedString)
{
string[] encodedChars = encodedString.Split(' ');
char[] decodedChars = new
char[encodedChars.Length];

for (int i = 0; i < decodedChars.Length; i++)
{
// Convert the number expressed in base-10 to an
integer
int codeNum = Convert.ToInt32(encodedChars[i], 10);

// Convert the integer to a character code
decodedChars[i] = Convert.ToChar(codeNum);
}

return new string(decodedChars);
}

Matt’s code
$string=$null

[int[]]$array = ("87 101 108 99 111 109 101 32 116 111
32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111
108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110
116 46 32 87 101 32 104 97 118 101 32 112 108 97 110
110 101 100 32 109 97 110 121 32 99 104 97 108 108
101 110 103 101 115 32 102 111 114 32 121 111 117 32
97 110 100 32 119 101 32 104 111 112 101 32 121 111
117 32 104 97 118 101 32 102 117 110 32 115 111 108
118 105 110 103 32 116 104 101 109 32 97 108 108 46
32 84 104 101 32 107 101 121 32 102 111 114 32 116
104 105 115 32 99 104 97 108 108 101 110 103 101 32
105 115 32 99 114 121 112 116 111 103 114 97 112 104
121 46").Split(" ")

foreach($l in $array) { $string += [char]$l}

$string

My code
Option # 1 – Encrypted message inside script – Output is decrypted

#!/usr/bin/python

Import sys
code1 =
(87,101,108,99,111,109,101,32,116,111,32,116,104,101
,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83
,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,10
1,32,104,97,118,101,32,112,108,97,110,110,101,100,32,
109,97,110,121,32,99,104,97,108,108,101,110,103,101,
115,32,102,111,114,32,121,111,117,32,97,110,100,32,1
19,101,32,104,111,112,101,32,121,111,117,32,104,97,1
18,101,32,102,117,110,32,115,111,108,118,105,110,103
,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32
,107,101,121,32,102,111,114,32,116,104,105,115,32,99,
104,97,108,108,101,110,103,101,32,105,115,32,99,114,
121,112,116,111,103,114,97,112,104,121,46)

for i in code1:
code1a = int(i)
codefinal = chr(code1a)
sys.stdout.write(codefinal)

My code
Option # 2 – Encrypted message can be used
as an argument when calling script – Output is
decrypted
#!/usr/bin/python

import sys

if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to
decode>n")

code1 = (sys.argv[1])
code_split = code1.split(':')

for i in code_split:
code1a = int(i)

My code
Option # 3 - Encrypted message can be read
from a file for decrypting
#!/usr/bin/python

import binascii, sys

f = open ('unicode.txt', 'r')
file = f.read()

code_split = file.split(':')

for decode in code_split:
decode1 = int(decode)
codefinal = chr(decode1)

f.close ( )

CSAW Crypto Redux

Cipher text:
54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20
:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:
65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:
6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:
65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:
74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6
e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6
f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6
c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:2
0:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:6
9:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:7
4:68:72:6f:77:2e

Answer
Last weeks meeting was a great success. We
seem to be generating a lot of buzz about the
movement. The key for next weeks meeting is
resistance. If there is anyone else you know of
that may be interested in joining bring them to
the meeting this week. It will be held same
time, same place.

Wolfgang’s code
private static string AsciiHexToString(string encodedString)
{
string[] encodedChars = encodedString.Split(':');
char[] decodedChars = new char[encodedChars.Length];

{
// Convert the number expressed in base-16 to an
integer
int codeNum = Convert.ToInt32(encodedChars[i], 16);

}

}

Matt’s code
$string = $null

$text =
"54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:
73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:7
9:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70
:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:5
5:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65
:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:
65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20
:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:6
5:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:
20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:
20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:2
0:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:
68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:
65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72
:74:68:72:6f:77:2e"

$text.Split(':') | ForEach-Object {[Convert]::ToInt32($_,16)} |
ForEach-Object {$string = $string + [Convert]::ToChar($_)}

$string

My code
Option # 1 – Encrypted message inside
script – Output is decrypted

#!/usr/bin/python


hex = '54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:
65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:
20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:
6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:
20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:
65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:
72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:
64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:
69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:
62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:
74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:
65:72:74:68:72:6f:77:2e'
hex_split = hex.split(':')

for decode in hex_split:
hex_decode = binascii.a2b_hex(decode)
sys.stdout.write(hex_decode)

My code
Option # 2 – Encrypted message can be used as an
argument when calling script – Output is decrypted

#!/usr/bin/python

import sys, binascii

if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>n")

code1 = (sys.argv[1])
hex_split = code1.split(':')


My code
Option # 3 - Encrypted message can be
read from a file for decrypting

#!/usr/bin/python


f = open ('hex.txt', 'r')
file = f.read()

hex_split = file.split(':')


f.close ( )

CSAW Crypto Redux
Cipher text:
010011000110000101110011011101000010000001110111011001010110010101101011011100110010000001101101011001010110
010101110100011010010110111001100111001000000111011101100001011100110010000001100001001000000110011101110010
011001010110000101110100001000000111001101110101011000110110001101100101011100110111001100101110001000000101
011101100101001000000111001101100101011001010110110100100000011101000110111100100000011000100110010100100000
011001110110010101101110011001010111001001100001011101000110100101101110011001110010000001100001001000000110
110001101111011101000010000001101111011001100010000001100010011101010111101001111010001000000110000101100010
011011110111010101110100001000000111010001101000011001010010000001101101011011110111011001100101011011010110
010101101110011101000010111000100000010101000110100001100101001000000110101101100101011110010010000001100110
011011110111001000100000011011100110010101111000011101000010000001110111011001010110010101101011011100110010
000001101101011001010110010101110100011010010110111001100111001000000110100101110011001000000111001001100101
011100110110100101110011011101000110000101101110011000110110010100101110001000000100100101100110001000000111
010001101000011001010111001001100101001000000110100101110011001000000110000101101110011110010110111101101110
011001010010000001100101011011000111001101100101001000000111100101101111011101010010000001101011011011100110
111101110111001000000110111101100110001000000111010001101000011000010111010000100000011011010110000101111001
001000000110001001100101001000000110100101101110011101000110010101110010011001010111001101110100011001010110
010000100000011010010110111000100000011010100110111101101001011011100110100101101110011001110010000001100010
011100100110100101101110011001110010000001110100011010000110010101101101001000000111010001101111001000000111
010001101000011001010010000001101101011001010110010101110100011010010110111001100111001000000111010001101000
011010010111001100100000011101110110010101100101011010110010111000100000010010010111010000100000011101110110
100101101100011011000010000001100010011001010010000001101000011001010110110001100100001000000111001101100001
011011010110010100100000011101000110100101101101011001010010110000100000011100110110000101101101011001010010
0000011100000110110001100001011000110110010100101110

Answer
Last weeks meeting was a great success. We
seem to be generating a lot of buzz about the
movement. The key for next weeks meeting is
resistance. If there is anyone else you know of
that may be interested in joining bring them to
the meeting this week. It will be held same time,
same place.

Wolfgang’s code
private static string BinaryToString(string encodedString)
{
char[] decodedChars = new char[encodedString.Length /
8];

{
// Convert the number in binary (base-2) to an integer
int codeNum =
Convert.ToInt32(encodedString.Substring(i *
8, 8), 2);

}

}

$test =
"010011000110000101110011011101000010000001110111011001010110010101101011011100
1100100000011011010110010101100101011101000110100101101110011001110010000001110
Matt’s code
1110110000101110011001000000110000100100000011001110111001001100101011000010111
0100001000000111001101110101011000110110001101100101011100110111001100101110001
0000001010111011001010010000001110011011001010110010101101101001000000111010001
1011110010000001100010011001010010000001100111011001010110111001100101011100100
1100001011101000110100101101110011001110010000001100001001000000110110001101111
0111010000100000011011110110011000100000011000100111010101111010011110100010000
0011000010110001001101111011101010111010000100000011101000110100001100101001000
0001101101011011110111011001100101011011010110010101101110011101000010111000100
0000101010001101000011001010010000001101011011001010111100100100000011001100110
1111011100100010000001101110011001010111100001110100001000000111011101100101011
0010101101011011100110010000001101101011001010110010101110100011010010110111001
1001110010000001101001011100110010000001110010011001010111001101101001011100110
1110100011000010110111001100011011001010010111000100000010010010110011000100000
0111010001101000011001010111001001100101001000000110100101110011001000000110000
1011011100111100101101111011011100110010100100000011001010110110001110011011001
0100100000011110010110111101110101001000000110101101101110011011110111011100100
0000110111101100110001000000111010001101000011000010111010000100000011011010110
0001011110010010000001100010011001010010000001101001011011100111010001100101011
1001001100101011100110111010001100101011001000010000001101001011011100010000001
1010100110111101101001011011100110100101101110011001110010000001100010011100100
1101001011011100110011100100000011101000110100001100101011011010010000001110100
0110111100100000011101000110100001100101001000000110110101100101011001010111010
0011010010110111001100111001000000111010001101000011010010111001100100000011101
1101100101011001010110101100101110001000000100100101110100001000000111011101101
0010110110001101100001000000110001001100101001000000110100001100101011011000110
0100001000000111001101100001011011010110010100100000011101000110100101101101011
0010100101100001000000111001101100001011011010110010100100000011100000110110001
100001011000110110010100101110"
$string = $null
$chars = while ($test.Length) {
$byte = $test.Substring(0,8)
$test = $test.Substring(8)
$([Convert]::ToChar([Convert]::ToByte($byte, 2)))
}
$chars -join ""

#!/usr/bin/python

import math, sys
My code
# v = value to split, l = size of each chunk

f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]

basecode = f ('0100110001100001011100110111010000100000011101110110010101100101
0110101101110011001000000110110101100101011001010111010001101001011011100110011
1001000000111011101100001011100110010000001100001001000000110011101110010011001
0101100001011101000010000001110011011101010110001101100011011001010111001101110
0110010111000100000010101110110010100100000011100110110010101100101011011010010
0000011101000110111100100000011000100110010100100000011001110110010101101110011
0010101110010011000010111010001101001011011100110011100100000011000010010000001
1011000110111101110100001000000110111101100110001000000110001001110101011110100
1111010001000000110000101100010011011110111010101110100001000000111010001101000
0110010100100000011011010110111101110110011001010110110101100101011011100111010
0001011100010000001010100011010000110010100100000011010110110010101111001001000
0001100110011011110111001000100000011011100110010101111000011101000010000001110
1110110010101100101011010110111001100100000011011010110010101100101011101000110
1001011011100110011100100000011010010111001100100000011100100110010101110011011
0100101110011011101000110000101101110011000110110010100101110001000000100100101
1001100010000001110100011010000110010101110010011001010010000001101001011100110
0100000011000010110111001111001011011110110111001100101001000000110010101101100
0111001101100101001000000111100101101111011101010010000001101011011011100110111
1011101110010000001101111011001100010000001110100011010000110000101110100001000
0001101101011000010111100100100000011000100110010100100000011010010110111001110
1000110010101110010011001010111001101110100011001010110010000100000011010010110
1110001000000110101001101111011010010110111001101001011011100110011100100000011
0001001110010011010010110111001100111001000000111010001101000011001010110110100
1000000111010001101111001000000111010001101000011001010010000001101101011001010
1100101011101000110100101101110011001110010000001110100011010000110100101110011
0010000001110111011001010110010101101011001011100010000001001001011101000010000
0011101110110100101101100011011000010000001100010011001010010000001101000011001
0101101100011001000010000001110011011000010110110101100101001000000111010001101
0010110110101100101001011000010000001110011011000010110110101100101001000000111
00000110110001100001011000110110010100101110',8)

for code in basecode:
x = (code)
decodea = int(code,2)
decodeb = chr(decodea)
sys.stdout.write(decodeb) script – Output is decrypted

My code

import sys, math

if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <binary code you wish
to decode>n")

f = lambda v, l: [v[i*l:(i+1)*l] for i in
range(int(math.ceil(len(v)/float(l))))]

basecode = f(sys.argv[1],8)

x = (code)
sys.stdout.write(decodeb)

My code

#!/usr/bin/python

import math, sys

f = open ('binary.txt', 'r')
file = f.read()

f1 = lambda v, l: [v[i*l:(i+1)*l] for i in
range(int(math.ceil(len(v)/float(l))))]

basecode = f1(file,8)

x = (code)

f.close ( )

CSAW Crypto Redux
Cipher text:
VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6
eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd
1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJ
vbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIF
VzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4
dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRo
ZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==

Answer

That meeting was a little crazy. We have
no idea where those guys in the black
suits came from, but we are looking into
it. Use the key infiltration for next week’s
meeting. Stay with the cause and we will
succeed.

Wolfgang’s code
private static string
DecodeBase64ToString(string encodedString)
{
byte[] encodedAsBytes =
System.Convert.FromBase64String(e
ncodedString);
return
System.Text.UTF8Encoding.UTF8
.GetString(encodedAsBytes);
}

Matt’s code
$text =
"VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBj
cmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIH
Rob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXR
zIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29ra
W5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZml
sdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWV
ldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbm
Qgd2Ugd2lsbCBzdWNjZWVkLg==“

$bytes =
[System.Convert]::FromBase64String($text)

$string =
[System.Text.Encoding]::UTF8.GetString($bytes
)

$string

My code
script – Output is decrypted
#!/usr/bin/python

code3 =
("VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZ
SBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdo
ZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrI
HN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZ
SBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga
2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3Z
WVrknMgbWVldGluZy4gU3RheSB3aXRoIHR
oZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZW
VkLg==")
answer=code3.decode('base64','strict')
print answer

My code

#!/usr/bin/python

import sys

if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <Base64
code you wish to decode>n")

basecode = sys.argv[1]

answer=basecode.decode('base64','strict')

print "This is the encoded message : " +
sys.argv[1]
print "This is the decoded message : " +
answer

My code

#!/usr/bin/python

f = open ('base64.txt', 'r')
file = f.read()

answer=file.decode('base64','strict')
print answer

f.close ( )

CSAW Crypto Redux

Cipher text: JR UNIR QVFPBIRERQ GUNG BHE YNFG
GUERR GENAFZVFFVBAF JR'ER RNFVYL
QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL
ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ
HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA
CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE
NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F
XRL VF BOSHFPNGRQ.

Answer
We have discovered that our last three
transmissions we're easily deciphered. We
have taken care of the party responsible for
their encoding and are now using a new
method. Use the information provided at
last week.s meeting to decipher all new
messages. And remember, this week's key is
obfuscated.

Wolfgang’s code (part 1)
private static string RotToString(string
encodedString, int rotation)
{
// Boundary check because this only works
for ROT1 thru ROT26
if (rotation < 0 | rotation > 26) { throw new
Exception("RotToString only supports ROT1
thru ROT26."); }

char[] encodedChars =
encodedString.ToArray();
char[] decodedChars = new
char[encodedChars.Length];

int A = Convert.ToInt32('A'); // 65
int Z = Convert.ToInt32('Z'); // 90
int a = Convert.ToInt32('a'); // 97
int z = Convert.ToInt32('z'); // 122

{
int codeNum = Convert.ToInt32(encodedChars[i]);

// Rotate capital letters A-Z 65-90
if (codeNum >= A && codeNum <= Z)
{
codeNum = codeNum - rotation;
if (codeNum < A) { codeNum = Z - (A - codeNum) + 1; }
}

// Rotate lower-case letters a-z 97-122
if (codeNum >= a && codeNum <= z)
{
codeNum = codeNum - rotation;
if (codeNum < a) { codeNum = z - (a - codeNum) + 1; }
}


}

My code
Option # 1 – Encrypted message inside script –
Output is decrypted

#!/usr/bin/python

rot13 = ('JR UNIR QVFPBIRERQ GUNG BHE
YNFG GUERR GENAFZVFFVBAF JR ER RNFVYL
QRPVCURERQ. JR UNIR GNXRA PNER BS GUR
CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT
NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR
VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F
ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF.
NAQ ERZRZORE, GUVF JRRX.F XRL VF
BOSHFPNGRQ.')

answer=rot13.decode('rot13','strict')
print answer

My code
argument when calling script – Output is
decrypted

#!/usr/bin/python

import sys

if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <ROT13 code you
wish to decode>n")

basecode = sys.argv[1]

answer=basecode.decode('rot13','strict')

print "This is the encoded message : " + sys.argv[1]
print "This is the decoded message : " + answer

My code

#!/usr/bin/python

f = open ('rot13.txt', 'r')
file = f.read()

answer=file.decode('rot13','strict')
print answer

f.close ( )

My final one – Encrypt/decrypt module
#!/usr/bin/python

import sys

def hexdecode(hex_key):
import binascii
hex_split = hex_key.split(':')

def uni_decode(unicode_key):
unicode_split=unicode_key.split(':')
for i in unicode_split:
code1a = int(i)

def base64_decode(base64_key):
answer=base64_key.decode('base64','strict')
print answer

def binary_decode(binary_key):
import math
f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]
basecode = f (binary_key,8)
x = (code)

def rot13_decode(rot13_key):
answer=rot13_key.decode('rot13','strict')
print answer

My final one – Encrypt/decrypt module

Coding for Penetration Testers book Extra credit
Script Function Learned Success?
Webcheck_v1.py Monitor web server – verify it 1. Script arguments Yes
remains up 2. Connect to web server and run a GET request

Webcheck_v2.py Monitor web server – verify it 1. Alternate script arguments method No
remains up (default to port 80)

Subnetcalc.py Calculate subnet mask, broadcast 1. Parse out values programmatically Yes
address, network range, and gateway 2. Math functions with variables
from IP/CIDR 3. Displaying results
4. Using FOR loops
Pass.py Determines if users are using the 1. Use the crypt module No
original default assigned password
Robotparser.py Retrieve the paths from the robot.txt No

root_check.py Checks to see what permissions 1. Using IF and ELIF conditional statements Yes
logged in account has (normal user,
root or system account)

Readshadow.py Checks to see if you have permission 1. Tests permissions on files to see if current Yes
to read /etc/shadow credentials can read file

Network_socket. Connect to website, pull contents 1. Network socket creation Yes
py (hard coded) 2. Spaces will bite you in the ass where you least
expect it.

Coding for Penetration Testers book Extra credit
Script Function Learned Success?
network_socket_argum Connect to website, pull contents 1. Network socket creation Yes
ent.py (site specified by argument) 2. Spaces will bite you in the ass where you
least expect it.
Server_connect.py Once a connection is made, send 1. Network socket creation Yes
back a string 2. Allow incoming connections.
server_shell.py No

receiveICMP.py To receive a file from another 1. Python script using Scapy Yes
system via ICMP (in conjunction
with sendICMP.py)
sendICMP.py To send a file to another system 1. Python script using Scapy Yes
via ICMP (in conjunction with
receiveICMP.py)

All the scripts Extra credit
Category Script
CSAW Crypto
Redux –
Challenge 1 to
5
Extra credit

Coding for
Penetration
Testers – part 1

Coding for
Penetration
Testers – part 2

Coding for
Penetration
Testers – part 3
Extra extra
credit

Coding for Pentesters - Exploitation Extra extra credit

Scapy Extra extra credit

• Packet creation • Classic attacks
• Read PCAP files • Malformed packets
• Create graphical dumps • Ping of death
• Must have appropriate supporting • Nestea attack
tools installed • ARP cache poisoning
• Fuzzing • Scans
• Send and receive packets • SYN scan
• TCP traceroute (can do graphical dump • ACK scan
as well) • XMAS scan
• Sniffing • IP scan
• Send and receive files through • TCP port scan
alternate data channels (ICMP) • IKE scan
• Ping • Advanced traceroute
• ARP ping • TCP SYN traceroute
• ICMP ping • UDP traceroute
• TCP ping • DNS traceroute
• UDP ping • VLAN hopping
• Wireless frame injection • Wireless sniffing
• OS Fingerprinting • Firewalking

Scripts I created Extra extra extra credit
Script Function
URL deobfuscator – To read the
shortened URL website and tell
you the title.
Word list creator

Little gems I found Extra extra credit
Description Function Site
Python-nmap It’s a Python library which helps in http://xael.org/norman/python/python-
using nmap. nmap/
Python API to the VirtualBox Allowing you to control every http://download.virtualbox.org/virtualbox
VM aspect of virtual machine /SDKRef.pdf
configuration and execution
Py2Exe py2exe is http://www.py2exe.org/
a Python Distutils extension
which converts Python scripts
into executable Windows
programs, able to run without
requiring a Python installation.
Chrome Various extensions/applications • https://chrome.google.com/webstore/
extensions/applications found in the Chrome Webstore detail/gdiimmpmdoofmahingpgabiikim
jgcia <-- Python shell (browser button)
• https://chrome.google.com/webstore/
detail/cmlchnlmkdcpelgmkebknjgjgdd
ncelc - Python shell (Chrome
application)
• https://chrome.google.com/webstore/
detail/nckbgikkpbjdliigbhgjfgfcahhona
kp <-- Online Python development
environment

Little gems I found Extra extra credit
Description Function Site
Tweepy It’s the best working Python http://tweepy.github.com/
library to interface with Twitter
(so far)

Tweepy

http://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth

Additional resources
Beginners guides from Python
• http://wiki.python.org/moin/BeginnersGuide/NonProgrammers
• http://wiki.python.org/moin/BeginnersGuide/Programmers
Extra tools
• http://mashable.com/2007/10/02/python-toolbox/

Online exercises
• http://codingbat.com/python
• http://homepage.mac.com/s_lott/books/python.html
• http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html
• http://anh.cs.luc.edu/python/hands-on/
• http://code.google.com/edu/languages/google-python-class/index.html
• http://www.cdf.toronto.edu/~csc148h/winter/
• http://www.cdf.toronto.edu/~csc108h/fall/
• http://projecteuler.net/
• http://www.upriss.org.uk/python/PythonCourse.html
• http://www.pythonchallenge.com/
• http://learnpythonthehardway.org/
• http://www.awaretek.com/tutorials.html
• http://www.checkio.org/
• http://www.pyschools.com/

Additional resources
Free online videos
• http://freevideolectures.com/Course/2512/Python-Programming
• http://showmedo.com/videotutorials/python
• http://www.python.org/doc/av/
Online books
• http://en.wikibooks.org/wiki/Python_Programming
Online interactive tutorial/interpreter
• http://www.trypython.org
• http://www.learnpython.org/
• https://languageshells.appspot.com/
Forums
• http://www.python-forum.org
• http://stackoverflow.com/questions/tagged/python
• http://www.daniweb.com/software-development/python/114
Module/package repositories
• http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python
programming language. There are currently 17409 packages here.
• http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to
learn from and use.
Python tools for penetration testers
• http://www.dirk-loss.de/python-tools.htm

Tips, tricks, etc.
IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments)
• Windows
• PyScripter
• Aptana Studio
• IDLE
• Ninja
• Pycrust (it’s actually a shell)
• Part of wxPython
• Linux
• IDLE
• Geany
• Python Toolkit
• SPE
• ERIC (supposed to have auto-complete of code…)
• Pycrust (it’s actually a shell)
• Part of wxPython
• DreamPie (it’s actually a shell)

Editors (http://wiki.python.org/moin/PythonEditors)
• Windows
• Notepad++
• Linux
• Gedit
• SCiTE

Tips, tricks, etc.
Linux vs. Windows

Linux
• Linux scripts can be ran via terminal
• calling python <script name>
• by putting #!/usr/bin/python at the top (path
to interpreter) and typing ./<script name>
• Common problem on PyScripter
(awesome Windows Python IDE)… extra
code comments are put at the top, then
the #! /usr/bin/python

Windows
• Windows scripts don’t need the #! but need to have
.py associated with Python interepreter.
• Scripts can be double clicked or ran from
command prompt python <script name>
• If the script is double clicked, without
having raw_input("Press ENTER to exit")
you may not see the output of the script.

Portable Python (Windows only)
• Portable Python is a Python® programming
Tips, tricks, etc.
language preconfigured to run directly from any USB
storage device, enabling you to have, at any time, a
portable programming environment. Just download
it, extract to your portable storage device or hard
drive and in 10 minutes you are ready to create your
next Python® application.
• Portable Python 2.7.2.1 package contains
following applications/libraries:
• PyScripter v2.4.1
• NymPy 1.6.0
• SciPy 0.90
• Matplotlib 1.0.1
• PyWin32 216
• Django 1.3
• PIL 1.1.7
• Py2Exe 0.6.9
• wxPython 2.8.12.0
• Portable Python 3.2.1.1 package contains
following applications/libraries (alphabetical
order):
• NetworkX v1.4
• PySerial 2.5
• PyScripter v2.4.1
• PyWin32 v.216
• RPyC-3.0.7

Etc.
Antigravity
• When you open up ModulesDocs and
click on antigravity module or from IDLE
run import antigravity, a web browser
opens to the XKCD cartoon at the
beginning of this slide deck.

Zen of Python
• To start the path of finding Zen of Python,
remember these two key words…
IMPORT THIS .
• From an IDE (IDLE) or a Python shell,
run import this and the Zen of
Python will be revealed.

Questions?

Keith Dixon
@Tazdrumm3r
#misec – Tazdrumm3r
tazdrummer@gmail.com
http://tazdrumm3r.wordpress.com

Overview of python misec - 2-2012

Overview of python misec - 2-2012

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Overview of python misec - 2-2012

Semelhante a Overview of python misec - 2-2012 (20)

Último

Último (20)

Overview of python misec - 2-2012