Violent Python
by O'Connor, T. J.Edition: 1st
Format: Paperback
Pub. Date: 2012-11-08
Publisher(s): Syngress Media Inc
Other versions by this Author
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
-
Complimentary 7-Day eTextbook Access - Read more
When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $52.45
Buy New
Arriving Soon. Will ship when available.
$49.95
Rent Book
Select for Price
Digital
$26.98
Used Book
We're Sorry
Sold Out
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Violent Python shows you how to move from a theoretical understanding of offensive computing to a practical implementation of offensive computing. The book focuses specifically on penetration testing, nefarious web activities, forensic, wireless and network analysis using the python programming language. You'll learn how to create software that attacks various computer systems, forensically analyzes digital evidence, and create programs that target wireless and mobile devices. Specific hands-on examples include, using the radio on a mobile phone, automating the process of breaking into several computers simultaneously, and data mining on social networking sites. Reading this book, you'll discover how to use Python to exploit systems and build effective pen testing tools to defend your system from attackers. *Takes difficult concepts involved in offensive computing and shows you how to implement them using a minimal amount of code. *Demonstrates how to write Python programs to defend against incursions by hackers *Includes case studies and hands-on programming with Python that simulate actual attacks
Author Biography
TJO'Connor is a Department of Defense expert on information security and a US Army paratrooper. While assigned as an assistant professor at the US Military Academy, TJ taught undergraduate courses on forensics, exploitation and information assurance. He twice co-coached the winning team at the National Security Agency's annual Cyber Defense Exercise and won the National Defense University's first annual Cyber Challenge. He has served on multiple red teams, including twice on the Northeast Regional Team for the National Collegiate Cyber Defense Competition. He holds expert cyber security credentials, including the prestigious GIAC Security Expert (GSE) and Offensive Security Certified Expert (OSCE). TJ is a member of the elite SANS Red and Blue Team Cyber Guardians.
Table of Contents
| Trademarks | p. v |
| Acknowledgements | p. vii |
| Dedication | p. ix |
| Lead Author | p. xvii |
| Contributing Author Bio | p. xix |
| Technical Editor Bio | p. xxi |
| Introduction | p. xxiii |
| Introduction | p. 1 |
| Introduction: A Penetration Test with Python | p. 1 |
| Setting Up Your Development Environment | p. 2 |
| Installing Third Party Libraries | p. 3 |
| Interpreted Python Versus Interactive Python | p. 5 |
| The Python Language | p. 6 |
| Variables | p. 7 |
| Strings | p. 7 |
| Lists | p. 8 |
| Dictionaries | p. 9 |
| Networking | p. 9 |
| Selection | p. 10 |
| Exception Handling | p. 10 |
| Functions | p. 12 |
| Iteration | p. 14 |
| File I/O | p. 16 |
| Sys Module | p. 17 |
| OS Module | p. 18 |
| Your First Python Programs | p. 20 |
| Setting the Stage for Your First Python Program: The Cuckoo's Egg | p. 20 |
| Your First Program, a UNIX Password Cracker | p. 21 |
| Setting the Stage for Your Second Program: Using Evil for Good | p. 24 |
| Your Second Program, a Zip-File Password Cracker | p. 24 |
| Chapter Wrap-Up | p. 29 |
| References | p. 29 |
| Penetration Testing with Python | p. 31 |
| Introduction: The Morris Worm-Would it Work Today? | p. 31 |
| Building a Port Scanner | p. 32 |
| TCP Full Connect Scan | p. 33 |
| Application Banner Grabbing | p. 35 |
| Threading the Scan | p. 37 |
| Integrating the Nmap Port Scanner | p. 39 |
| Building an SSH BotNet with Python | p. 41 |
| Interacting with SSH Through Pexpect | p. 42 |
| Brute Forcing SSH Passwords with Pxssh | p. 45 |
| Exploiting SSH Through Weak Private Keys | p. 48 |
| Constructing the SSH Botnet | p. 53 |
| Mass Compromise by Bridging FTP and Web | p. 56 |
| Building an Anonymous FTP Scanner with Python | p. 57 |
| Using Ftplib to Brute Force FTP User Credentials | p. 57 |
| Searching for Web Pages on the FTP Server | p. 59 |
| Adding a Malicious Inject to Web Pages | p. 60 |
| Bringing the Entire Attack Together | p. 62 |
| Conficker, Why Trying Hard is Always Good Enough | p. 66 |
| Attacking the Windows SMB Service with Metasploit | p. 67 |
| Writing Python to Interact with Metasploit | p. 69 |
| Remote Process Execution Brute Force | p. 71 |
| Putting it Back Together to Build Our Own Conficker | p. 71 |
| Writing Your Own Zero-Day Proof of Concept Code | p. 74 |
| Stack-Based Buffer Overflow Attacks | p. 75 |
| Adding the Key Elements of the Attack | p. 75 |
| Sending the Exploit | p. 76 |
| Assembling the Entire Exploit Script | p. 77 |
| Chapter Wrap Up | p. 79 |
| References | p. 80 |
| Forensic Investigations with Python | p. 81 |
| Introduction: How Forensics Solved the BTK Murders | p. 81 |
| Where Have You Been?-Analysis of Wireless Access Points in the Registry | p. 82 |
| Using WinReg to Read the Windows Registry | p. 83 |
| Using Mechanize to Submit the MAC Address to Wigle | p. 85 |
| Using Python to Recover Deleted Items in the Recycle Bin | p. 89 |
| Using the OS Module to Find Deleted Items | p. 90 |
| Python to Correlate SID to User | p. 90 |
| Metadata | p. 93 |
| Using PyPDF to Parse PDF Metadata | p. 93 |
| Understanding Exif Metadata | p. 95 |
| Downloading Images with BeautifulSoup | p. 96 |
| Reading Exif Metadata from Images with the Python Imaging Library | p. 97 |
| Investigating Application Artifacts with Python | p. 100 |
| Understanding the Skype Sqlite3 Database | p. 100 |
| Using Python and Sqlite3 to Automate Skype Database Queries | p. 102 |
| Parsing Firefox Sqlite3 Databases with Python | p. 108 |
| Investigating iTunes Mobile Backups with Python | p. 116 |
| Chapter Wrap-Up | p. 122 |
| References | p. 122 |
| Network Traffic Analysis with Python | p. 125 |
| Introduction: Operation Aurora and How the Obvious was Missed | p. 125 |
| Where is that IP Traffic Headed?-A Python Answer | p. 126 |
| Using PyGeoIP to Correlate IP to Physical Locations | p. 127 |
| Using Dpkt to Parse Packets | p. 128 |
| Using Python to Build a Google Map | p. 132 |
| Is Anonymous Really Anonymous? Analyzing LOIC Traffic | p. 135 |
| Using Dpkt to Find the LOIC Download | p. 135 |
| Parsing IRC Commands to the Hive | p. 137 |
| Identifying the DDoS Attack in Progress | p. 138 |
| How H.D. Moore Solved the Pentagon's Dilemma | p. 143 |
| Understanding the TTL Field | p. 144 |
| Parsing TTL Fields with Scapy | p. 146 |
| Storm's Fast-Flux and Conficker's Domain-Flux | p. 149 |
| Does Your DNS Know Something You Don't? | p. 150 |
| Using Scapy to Parse DNS Traffic | p. 151 |
| Detecting Fast Flux Traffic with Scapy | p. 152 |
| Detecting Domain Flux Traffic with Scapy | p. 153 |
| Kevin Mitnick and TCP Sequence Prediction | p. 154 |
| Your Very Own TCP Sequence Prediction | p. 155 |
| Crafting a SYN Flood with Scapy | p. 156 |
| Calculating TCP Sequence Numbers | p. 157 |
| Spoofing the TCP Connection | p. 159 |
| Foiling Intrusion Detection Systems with Scapy | p. 162 |
| Chapter Wrap Up | p. 168 |
| References | p. 168 |
| Wireless Mayhem with Python | p. 171 |
| Introduction: Wireless (IN) Security and the Iceman | p. 171 |
| Setting up Your Wireless Attack Environment | p. 172 |
| Testing Wireless Capture with Scapy | p. 172 |
| Installing Python Bluetooth Packages | p. 173 |
| The Wall of Sheep-Passively Listening to Wireless Secrets | p. 174 |
| Using Python Regular Expressions to Sniff Credit Cards | p. 175 |
| Sniffing Hotel Guests | p. 178 |
| Building a Wireless Google Key Logger | p. 181 |
| Sniffing FTP Credentials | p. 184 |
| Where Has Your Laptop Been? Python Answers | p. 186 |
| Listening for 802.11 Probe Requests | p. 186 |
| Finding Hidden Network 802.11 Beacons | p. 187 |
| De-cloaking Hidden 802.11 Networks | p. 188 |
| Intercepting and Spying on UAVs with Python | p. 189 |
| Intercepting the Traffic, Dissecting the Protocol | p. 189 |
| Crafting 802.11 Frames with Scapy | p. 192 |
| Finalizing the Attack, Emergency Landing the UAV | p. 195 |
| Detecting FireSheep | p. 196 |
| Understanding Wordpress Session Cookies | p. 198 |
| Herd the Sheep-Catching Wordpress Cookie Reuse | p. 199 |
| Stalking with Bluetooth and Python | p. 201 |
| Intercepting Wireless Traffic to Find Bluetooth Addresses | p. 203 |
| Scanning Bluetooth RFCOMM Channels | p. 205 |
| Using the Bluetooth Service Discovery Protocol | p. 206 |
| Taking Over a Printer with Python ObexFTP | p. 207 |
| Blue Bugging a Phone with Python | p. 208 |
| Chapter Wrap Up | p. 209 |
| References | p. 210 |
| Web Recon with Python | p. 211 |
| Introduction: Social Engineering Today | p. 211 |
| Recon Prior to Attack | p. 212 |
| Using the Mechanize Library to Browse the Internet | p. 212 |
| Anonymity - Adding Proxies, User-Agents, Cookies | p. 214 |
| Finalizing Our AnonBrowser into a Python Class | p. 217 |
| Scraping Web Pages with AnonBrowser | p. 219 |
| Parsing HREF Links with Beautiful Soup | p. 219 |
| Mirroring Images with Beautiful Soup | p. 222 |
| Research, Investigate, Discovery | p. 223 |
| Interacting with the Google API in Python | p. 223 |
| Parsing Tweets with Python | p. 227 |
| Pulling Location Data Out of Tweets | p. 229 |
| Parsing Interests from Twitter Using Regular Expressions | p. 231 |
| Anonymous Email | p. 236 |
| Mass Social Engineering | p. 237 |
| Using Smtplib to Email Targets | p. 237 |
| Spear Phishing with Smtplib | p. 239 |
| Chapter Wrap-Up | p. 242 |
| References | p. 242 |
| Antivirus Evasion with Python | p. 245 |
| Introduction: Flame On! | p. 245 |
| Evading Antivirus Programs | p. 246 |
| Verifying Evasion | p. 250 |
| Wrap Up | p. 255 |
| References | p. 256 |
| Index | p. 257 |
| Table of Contents provided by Ingram. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.