Overview of Python – Final – scripts inside
advertisement
Overview of Python
Flying made simple without
the Nyquil hangover
Agenda
•
•
•
•
•
•
•
•
•
About me
History of Python
About Python
Python’s uses
Python basics (Python 101)
CSAW Crypto Redux
Extra credit
Resources
Tips, tricks, observations
About me
Who am I?
• Husband/father/geek/gets distracted by shiny
objects easy
• Career path switched to IT in 1999, professionally an
IT guy since 2001
– Started the infosec career path switch in 2009,
officially an infosec professional since 2012(?)
• Vbscript – 2007
• Python – 2011
History of Python
• Conceived in the late 1980’s by Guido van Rossum at CWI.
• Was designed to be a successor to the ABC programming
language
• Benevolent Dictator for Life (BDFL)
• Currently employed by Google where he spends half his time
working on Python development
• Python 2.0 was release on October 16th, 2000
• Contained many major new features
• Full garbage collector (automatic memory management)
• Unicode support
• Biggest change – development process with a shift towards
more transparent and community-backed process
• Python 3.0 was released on December 2008
• Many major features have been back ported to Python 2.6 and
2.7
About Python
• What is Python?
• Python is a general-purpose, high-level programming language whose
design philosophy emphasizes code readability. Python claims to
"[combine] remarkable power with very clear syntax", and
its standard library is large and comprehensive. Its use of indentation
for block delimiters is unique among popular programming languages.
• Why is it called Python?
• When he began implementing Python, Guido van Rossum was also
reading the published scripts from “Monty Python’s Flying Circus”, a
BBC comedy series from the 1970s. Van Rossum thought he needed a
name that was short, unique, and slightly mysterious, so he decided
to call the language Python.
• Fun fact - The built in IDE is named after Eric Idle, a member of
Monty Python.
What is Python good for?
•
•
•
•
•
•
Python comes with a large standard library that covers areas such as;
• string processing (regular expressions, Unicode, calculating differences between
files)
• Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming)
• software engineering (unit testing, logging, profiling, parsing Python code)
• operating system interfaces (system calls, file systems, TCP/IP sockets)
• Artificial intelligence (because of similarities to Lisp)
Extensive use in the information security industry, including exploit development.
• Network, debugging and reverse engineering, fuzzing, web, forensics, malware
analysis, PDF, etc.
Easy to write short scripts for system admin work.
Python code is easy to understand.
• Once the basic syntax is learned, even the most complicated scripts can make
sense.
Python is cross platform!!
• It will work on Linux, Windows, Mac and most every other OS.
Many, many resources and a big, friendly community
Python’s uses
Python’s uses
• Applications
• BitTorrent
• DropBox
• Video games
• Civilization IV
• Battlefield 2
• Eve Online
• Vampire: The Masquerade –
Bloodlines
• Graphics
• Industrial Light & Magic
• "The Phantom Menace", "The
Mummy Returns" and other
productions as ones where
Python was used.
• Walt Disney Feature Animation
• Science
• NASA
• National Weather Service
• GUI frameworks
• TKInter
• PyQt
• wxPython
• Embedded as a scripting language
• Amarok
• GIMP
• Autodesk Maya
• Commercial uses
• Google apps
• Reddit
• YouTube
• Government
• CIA.gov
• Python implementations
• Cpython
• IronPython – Python for .NET
and Mono platforms
• Jython – Python coded in Java
Python basics
• Indentation does matter
• If, If.. Else, If… Elif (no Then)
• Syntax is easy
• All scripts are considered
modules
• All functions inside
module can be used or
only certain methods can
be used inside script
This will work
But this won’t
if True:
print "True"
else:
print "False“
if True:
print "Answer"
print "True"
else:
print "Answer"
print "False"
If
statement
Else
statement
Elif statement
if expression:
statement(s)
if expression:
statement(s)
else:
statement(s)
if expression1:
statement(s)
elif expression2:
statement(s)
else:
statement(s)
Entire module
Partial method
import sys
from sys import argv
Python basics
• Help is built in
• It can be ran interactively
Help on modules
Help on methods
>>> Import sys, hashlib
>>> help(sys)
>>> help(hashlib)
>>> Import sys, hashlib
>>> help(sys.argv)
>>> help(hashlib.sha512)
>>> pydoc sys
>>> pydoc hashlib
>>> pydoc sys.argv
>>> pydoc hashlib.sha512
Via command
prompt
Via IDLE or
DreamPie
python
• IDLE is built in to Python
installs
• DreamPie is a Python
shell (best used on Linux)
Python 2.72
Type “help”, “copyright”..
>>>
Inspiration for the idea?
Post CSAW CTF
My approach – Post CSAW
crypto challenges
Each challenge
1. Encrypted message inside script –
Output is decrypted
2. Encrypted message can be used as
an argument when calling script –
Output is decrypted
3. Encrypted message can be read
from a file for decrypting
Overall
1. One module for all decrypting,
each decryption style is a method
My overall scoreboard
Challenge 1Unicode
Challenge 2 –
Hex
Challenge 3 –
Binary
Challenge 4 –
Base64
Challenge 5 –
ROT13
Challenge 6 -
Script option 1 inside script
Done
Done
Done *
Done
Done
Incomplete
Script option 2 –
argument
Done
Done
Done*
Done
Done
Incomplete
Script option 3 –
from file
Done
Done
Done*
Done
Done
Incomplete
Script option 4 –
from input
(scrapped, 255
character limit)
n/a
n/a
n/a
n/a
n/a
Incomplete
Overall – module
with methods
(CSAW_Crypto.py)
Success
Success
Success
Success
Success
Incomplete
* Found the code excerpt online
CSAW Crypto Redux
Crypto challenge # 1
Cipher text: 87 101 108 99 111 109 101 32 116 111 32 116 104 101
32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67
84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32
112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108
108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110
100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118
101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104
101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111
114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32
105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46
Answer
Welcome to the 2011 NYU Poly CSAW CTF
event. We have planned many challenges for
you and we hope you have fun solving them
all. The key for this challenge is cryptography.
Wolfgang’s code
private static string AsciiToString(string encodedString)
{
string[] encodedChars = encodedString.Split(' ');
char[] decodedChars = new
char[encodedChars.Length];
for (int i = 0; i < decodedChars.Length; i++)
{
// Convert the number expressed in base-10 to an
integer
int codeNum = Convert.ToInt32(encodedChars[i], 10);
// Convert the integer to a character code
decodedChars[i] = Convert.ToChar(codeNum);
}
return new string(decodedChars);
}
Matt’s code
$string=$null
[int[]]$array = ("87 101 108 99 111 109 101 32 116 111
32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111
108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110
116 46 32 87 101 32 104 97 118 101 32 112 108 97 110
110 101 100 32 109 97 110 121 32 99 104 97 108 108
101 110 103 101 115 32 102 111 114 32 121 111 117 32
97 110 100 32 119 101 32 104 111 112 101 32 121 111
117 32 104 97 118 101 32 102 117 110 32 115 111 108
118 105 110 103 32 116 104 101 109 32 97 108 108 46
32 84 104 101 32 107 101 121 32 102 111 114 32 116
104 105 115 32 99 104 97 108 108 101 110 103 101 32
105 115 32 99 114 121 112 116 111 103 114 97 112 104
121 46").Split(" ")
foreach($l in $array) { $string += [char]$l}
$string
My code
Option # 1 – Encrypted message inside script – Output is decrypted
#!/usr/bin/python
Import sys
code1 =
(87,101,108,99,111,109,101,32,116,111,32,116,104,101
,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83
,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,10
1,32,104,97,118,101,32,112,108,97,110,110,101,100,32,
109,97,110,121,32,99,104,97,108,108,101,110,103,101,
115,32,102,111,114,32,121,111,117,32,97,110,100,32,1
19,101,32,104,111,112,101,32,121,111,117,32,104,97,1
18,101,32,102,117,110,32,115,111,108,118,105,110,103
,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32
,107,101,121,32,102,111,114,32,116,104,105,115,32,99,
104,97,108,108,101,110,103,101,32,105,115,32,99,114,
121,112,116,111,103,114,97,112,104,121,46)
for i in code1:
code1a = int(i)
codefinal = chr(code1a)
sys.stdout.write(codefinal)
My code
Option # 2 – Encrypted message can be used
as an argument when calling script – Output is
decrypted
#!/usr/bin/python
import sys
if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to
decode>\n")
code1 = (sys.argv[1])
code_split = code1.split(':')
for i in code_split:
code1a = int(i)
codefinal = chr(code1a)
sys.stdout.write(codefinal)
My code
Option # 3 - Encrypted message can be read
from a file for decrypting
#!/usr/bin/python
import binascii, sys
f = open ('unicode.txt', 'r')
file = f.read()
code_split = file.split(':')
for decode in code_split:
decode1 = int(decode)
codefinal = chr(decode1)
sys.stdout.write(codefinal)
f.close ( )
CSAW Crypto Redux
Crypto challenge # 2
Cipher text:
54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20
:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c:
65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:
6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64:
65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63:
74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6
e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6
f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6
c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:2
0:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:6
9:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:7
4:68:72:6f:77:2e
Answer
Last weeks meeting was a great success. We
seem to be generating a lot of buzz about the
movement. The key for next weeks meeting is
resistance. If there is anyone else you know of
that may be interested in joining bring them to
the meeting this week. It will be held same
time, same place.
Wolfgang’s code
private static string AsciiHexToString(string encodedString)
{
string[] encodedChars = encodedString.Split(':');
char[] decodedChars = new char[encodedChars.Length];
for (int i = 0; i < decodedChars.Length; i++)
{
// Convert the number expressed in base-16 to an
integer
int codeNum = Convert.ToInt32(encodedChars[i], 16);
// Convert the integer to a character code
decodedChars[i] = Convert.ToChar(codeNum);
}
return new string(decodedChars);
}
$string = $null
$text =
"54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:
73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:7
9:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70
:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:5
5:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65
:20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:
65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20
:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:6
5:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e:
20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:
20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:2
0:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74:
68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65:
65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72
:74:68:72:6f:77:2e"
$text.Split(':') | ForEach-Object {[Convert]::ToInt32($_,16)} |
ForEach-Object {$string = $string + [Convert]::ToChar($_)}
$string
Matt’s code
My code
Option # 1 – Encrypted message inside
script – Output is decrypted
#!/usr/bin/python
import binascii, sys
hex = '54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:\
65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:\
20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:\
6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:\
20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:\
65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:\
72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:\
64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:\
69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:\
62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:\
74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:\
65:72:74:68:72:6f:77:2e'
hex_split = hex.split(':')
for decode in hex_split:
hex_decode = binascii.a2b_hex(decode)
sys.stdout.write(hex_decode)
My code
Option # 2 – Encrypted message can be used as an
argument when calling script – Output is decrypted
#!/usr/bin/python
import sys, binascii
if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>\n")
code1 = (sys.argv[1])
hex_split = code1.split(':')
for decode in hex_split:
hex_decode = binascii.a2b_hex(decode)
sys.stdout.write(hex_decode)
My code
Option # 3 - Encrypted message can be
read from a file for decrypting
#!/usr/bin/python
import binascii, sys
f = open ('hex.txt', 'r')
file = f.read()
hex_split = file.split(':')
for decode in hex_split:
hex_decode = binascii.a2b_hex(decode)
sys.stdout.write(hex_decode)
f.close ( )
CSAW Crypto Redux
Crypto challenge # 3
Cipher text:
010011000110000101110011011101000010000001110111011001010110010101101011011100110010000001101101011001010110
010101110100011010010110111001100111001000000111011101100001011100110010000001100001001000000110011101110010
011001010110000101110100001000000111001101110101011000110110001101100101011100110111001100101110001000000101
011101100101001000000111001101100101011001010110110100100000011101000110111100100000011000100110010100100000
011001110110010101101110011001010111001001100001011101000110100101101110011001110010000001100001001000000110
110001101111011101000010000001101111011001100010000001100010011101010111101001111010001000000110000101100010
011011110111010101110100001000000111010001101000011001010010000001101101011011110111011001100101011011010110
010101101110011101000010111000100000010101000110100001100101001000000110101101100101011110010010000001100110
011011110111001000100000011011100110010101111000011101000010000001110111011001010110010101101011011100110010
000001101101011001010110010101110100011010010110111001100111001000000110100101110011001000000111001001100101
011100110110100101110011011101000110000101101110011000110110010100101110001000000100100101100110001000000111
010001101000011001010111001001100101001000000110100101110011001000000110000101101110011110010110111101101110
011001010010000001100101011011000111001101100101001000000111100101101111011101010010000001101011011011100110
111101110111001000000110111101100110001000000111010001101000011000010111010000100000011011010110000101111001
001000000110001001100101001000000110100101101110011101000110010101110010011001010111001101110100011001010110
010000100000011010010110111000100000011010100110111101101001011011100110100101101110011001110010000001100010
011100100110100101101110011001110010000001110100011010000110010101101101001000000111010001101111001000000111
010001101000011001010010000001101101011001010110010101110100011010010110111001100111001000000111010001101000
011010010111001100100000011101110110010101100101011010110010111000100000010010010111010000100000011101110110
100101101100011011000010000001100010011001010010000001101000011001010110110001100100001000000111001101100001
011011010110010100100000011101000110100101101101011001010010110000100000011100110110000101101101011001010010
0000011100000110110001100001011000110110010100101110
Answer
Last weeks meeting was a great success. We
seem to be generating a lot of buzz about the
movement. The key for next weeks meeting is
resistance. If there is anyone else you know of
that may be interested in joining bring them to
the meeting this week. It will be held same time,
same place.
Wolfgang’s code
private static string BinaryToString(string encodedString)
{
char[] decodedChars = new char[encodedString.Length /
8];
for (int i = 0; i < decodedChars.Length; i++)
{
// Convert the number in binary (base-2) to an integer
int codeNum =
Convert.ToInt32(encodedString.Substring(i * 8,
8), 2);
// Convert the integer to a character code
decodedChars[i] = Convert.ToChar(codeNum);
}
return new string(decodedChars);
}
$test =
"010011000110000101110011011101000010000001110111011001010110010101101011011100
1100100000011011010110010101100101011101000110100101101110011001110010000001110
1110110000101110011001000000110000100100000011001110111001001100101011000010111
0100001000000111001101110101011000110110001101100101011100110111001100101110001
0000001010111011001010010000001110011011001010110010101101101001000000111010001
1011110010000001100010011001010010000001100111011001010110111001100101011100100
1100001011101000110100101101110011001110010000001100001001000000110110001101111
0111010000100000011011110110011000100000011000100111010101111010011110100010000
0011000010110001001101111011101010111010000100000011101000110100001100101001000
0001101101011011110111011001100101011011010110010101101110011101000010111000100
0000101010001101000011001010010000001101011011001010111100100100000011001100110
1111011100100010000001101110011001010111100001110100001000000111011101100101011
0010101101011011100110010000001101101011001010110010101110100011010010110111001
1001110010000001101001011100110010000001110010011001010111001101101001011100110
1110100011000010110111001100011011001010010111000100000010010010110011000100000
0111010001101000011001010111001001100101001000000110100101110011001000000110000
1011011100111100101101111011011100110010100100000011001010110110001110011011001
0100100000011110010110111101110101001000000110101101101110011011110111011100100
0000110111101100110001000000111010001101000011000010111010000100000011011010110
0001011110010010000001100010011001010010000001101001011011100111010001100101011
1001001100101011100110111010001100101011001000010000001101001011011100010000001
1010100110111101101001011011100110100101101110011001110010000001100010011100100
1101001011011100110011100100000011101000110100001100101011011010010000001110100
0110111100100000011101000110100001100101001000000110110101100101011001010111010
0011010010110111001100111001000000111010001101000011010010111001100100000011101
1101100101011001010110101100101110001000000100100101110100001000000111011101101
0010110110001101100001000000110001001100101001000000110100001100101011011000110
0100001000000111001101100001011011010110010100100000011101000110100101101101011
0010100101100001000000111001101100001011011010110010100100000011100000110110001
100001011000110110010100101110"
$string = $null
$chars = while ($test.Length) {
$byte = $test.Substring(0,8)
$test = $test.Substring(8)
$([Convert]::ToChar([Convert]::ToByte($byte, 2)))
}
$chars -join ""
Matt’s code
#!/usr/bin/python
import math, sys
# v = value to split, l = size of each chunk
My code
f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]
basecode = f ('0100110001100001011100110111010000100000011101110110010101100101\
0110101101110011001000000110110101100101011001010111010001101001011011100110011\
1001000000111011101100001011100110010000001100001001000000110011101110010011001\
0101100001011101000010000001110011011101010110001101100011011001010111001101110\
0110010111000100000010101110110010100100000011100110110010101100101011011010010\
0000011101000110111100100000011000100110010100100000011001110110010101101110011\
0010101110010011000010111010001101001011011100110011100100000011000010010000001\
1011000110111101110100001000000110111101100110001000000110001001110101011110100\
1111010001000000110000101100010011011110111010101110100001000000111010001101000\
0110010100100000011011010110111101110110011001010110110101100101011011100111010\
0001011100010000001010100011010000110010100100000011010110110010101111001001000\
0001100110011011110111001000100000011011100110010101111000011101000010000001110\
1110110010101100101011010110111001100100000011011010110010101100101011101000110\
1001011011100110011100100000011010010111001100100000011100100110010101110011011\
0100101110011011101000110000101101110011000110110010100101110001000000100100101\
1001100010000001110100011010000110010101110010011001010010000001101001011100110\
0100000011000010110111001111001011011110110111001100101001000000110010101101100\
0111001101100101001000000111100101101111011101010010000001101011011011100110111\
1011101110010000001101111011001100010000001110100011010000110000101110100001000\
0001101101011000010111100100100000011000100110010100100000011010010110111001110\
1000110010101110010011001010111001101110100011001010110010000100000011010010110\
1110001000000110101001101111011010010110111001101001011011100110011100100000011\
0001001110010011010010110111001100111001000000111010001101000011001010110110100\
1000000111010001101111001000000111010001101000011001010010000001101101011001010\
1100101011101000110100101101110011001110010000001110100011010000110100101110011\
0010000001110111011001010110010101101011001011100010000001001001011101000010000\
0011101110110100101101100011011000010000001100010011001010010000001101000011001\
0101101100011001000010000001110011011000010110110101100101001000000111010001101\
0010110110101100101001011000010000001110011011000010110110101100101001000000111\
00000110110001100001011000110110010100101110',8)
for code in basecode:
x = (code)
decodea = int(code,2)
decodeb = chr(decodea)
sys.stdout.write(decodeb)
Option # 1 – Encrypted message inside
script – Output is decrypted
My code
Option # 2 – Encrypted message can be used as an
argument when calling script – Output is decrypted
import sys, math
if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <binary code you wish
to decode>\n")
f = lambda v, l: [v[i*l:(i+1)*l] for i in
range(int(math.ceil(len(v)/float(l))))]
basecode = f(sys.argv[1],8)
for code in basecode:
x = (code)
decodea = int(code,2)
decodeb = chr(decodea)
sys.stdout.write(decodeb)
My code
Option # 3 - Encrypted message can be
read from a file for decrypting
#!/usr/bin/python
import math, sys
f = open ('binary.txt', 'r')
file = f.read()
f1 = lambda v, l: [v[i*l:(i+1)*l] for i in
range(int(math.ceil(len(v)/float(l))))]
basecode = f1(file,8)
for code in basecode:
x = (code)
decodea = int(code,2)
decodeb = chr(decodea)
sys.stdout.write(decodeb)
f.close ( )
CSAW Crypto Redux
Crypto challenge # 4
Cipher text:
VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6
eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd
1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJ
vbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIF
VzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4
dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRo
ZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg==
Answer
That meeting was a little crazy. We have
no idea where those guys in the black
suits came from, but we are looking into
it. Use the key infiltration for next week’s
meeting. Stay with the cause and we will
succeed.
Wolfgang’s code
private static string
DecodeBase64ToString(string encodedString)
{
byte[] encodedAsBytes =
System.Convert.FromBase64String(e
ncodedString);
return
System.Text.UTF8Encoding.UTF8
.GetString(encodedAsBytes);
}
Matt’s code
$text =
"VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBj
cmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIH
Rob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXR
zIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29ra
W5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZml
sdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWV
ldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbm
Qgd2Ugd2lsbCBzdWNjZWVkLg==“
$bytes =
[System.Convert]::FromBase64String($text)
$string =
[System.Text.Encoding]::UTF8.GetString($bytes
)
$string
My code
Option # 1 – Encrypted message inside
script – Output is decrypted
#!/usr/bin/python
code3 =
("VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZ
SBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdo
ZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrI
HN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZ
SBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga
2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3Z
WVrknMgbWVldGluZy4gU3RheSB3aXRoIHR
oZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZW
VkLg==")
answer=code3.decode('base64','strict')
print answer
My code
Option # 2 – Encrypted message can be used as an
argument when calling script – Output is decrypted
#!/usr/bin/python
import sys
if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <Base64
code you wish to decode>\n")
basecode = sys.argv[1]
answer=basecode.decode('base64','strict')
print "This is the encoded message : " +
sys.argv[1]
print "This is the decoded message : " +
answer
My code
Option # 3 - Encrypted message can be
read from a file for decrypting
#!/usr/bin/python
f = open ('base64.txt', 'r')
file = f.read()
answer=file.decode('base64','strict')
print answer
f.close ( )
CSAW Crypto Redux
Crypto challenge # 5
Cipher text: JR UNIR QVFPBIRERQ GUNG BHE YNFG
GUERR GENAFZVFFVBAF JR'ER RNFVYL
QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL
ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ
HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA
CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE
NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F
XRL VF BOSHFPNGRQ.
Answer
We have discovered that our last three
transmissions we're easily deciphered. We
have taken care of the party responsible for
their encoding and are now using a new
method. Use the information provided at
last week.s meeting to decipher all new
messages. And remember, this week's key is
obfuscated.
Wolfgang’s code (part 1)
private static string RotToString(string
encodedString, int rotation)
{
// Boundary check because this only works
for ROT1 thru ROT26
if (rotation < 0 | rotation > 26) { throw new
Exception("RotToString only supports ROT1
thru ROT26."); }
char[] encodedChars =
encodedString.ToArray();
char[] decodedChars = new
char[encodedChars.Length];
int A = Convert.ToInt32('A'); // 65
int Z = Convert.ToInt32('Z'); // 90
int a = Convert.ToInt32('a'); // 97
int z = Convert.ToInt32('z'); // 122
Wolfgang’s code (part 2)
for (int i = 0; i < decodedChars.Length; i++)
{
int codeNum = Convert.ToInt32(encodedChars[i]);
// Rotate capital letters A-Z 65-90
if (codeNum >= A && codeNum <= Z)
{
codeNum = codeNum - rotation;
if (codeNum < A) { codeNum = Z - (A - codeNum) + 1; }
}
// Rotate lower-case letters a-z 97-122
if (codeNum >= a && codeNum <= z)
{
codeNum = codeNum - rotation;
if (codeNum < a) { codeNum = z - (a - codeNum) + 1; }
}
// Convert the integer to a character code
decodedChars[i] = Convert.ToChar(codeNum);
Wolfgang’s code (part 3)
return new string(decodedChars);
}
Matt’s code
My code
Option # 1 – Encrypted message inside script –
Output is decrypted
#!/usr/bin/python
rot13 = ('JR UNIR QVFPBIRERQ GUNG BHE
YNFG GUERR GENAFZVFFVBAF JR ER RNFVYL
QRPVCURERQ. JR UNIR GNXRA PNER BS GUR
CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT
NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR
VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F
ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF.
NAQ ERZRZORE, GUVF JRRX.F XRL VF
BOSHFPNGRQ.')
answer=rot13.decode('rot13','strict')
print answer
My code
Option # 2 – Encrypted message can be used as an
argument when calling script – Output is
decrypted
#!/usr/bin/python
import sys
if len(sys.argv)<2:
sys.exit("Usage " + sys.argv[0] + " <ROT13 code you
wish to decode>\n")
basecode = sys.argv[1]
answer=basecode.decode('rot13','strict')
print "This is the encoded message : " + sys.argv[1]
print "This is the decoded message : " + answer
My code
Option # 3 - Encrypted message can be
read from a file for decrypting
#!/usr/bin/python
f = open ('rot13.txt', 'r')
file = f.read()
answer=file.decode('rot13','strict')
print answer
f.close ( )
My final one – Encrypt/decrypt module
#!/usr/bin/python
import sys
def hexdecode(hex_key):
import binascii
hex_split = hex_key.split(':')
for decode in hex_split:
hex_decode = binascii.a2b_hex(decode)
sys.stdout.write(hex_decode)
def uni_decode(unicode_key):
unicode_split=unicode_key.split(':')
for i in unicode_split:
code1a = int(i)
codefinal = chr(code1a)
sys.stdout.write(codefinal)
def base64_decode(base64_key):
answer=base64_key.decode('base64','strict')
print answer
def binary_decode(binary_key):
import math
f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))]
basecode = f (binary_key,8)
for code in basecode:
x = (code)
decodea = int(code,2)
decodeb = chr(decodea)
sys.stdout.write(decodeb)
def rot13_decode(rot13_key):
answer=rot13_key.decode('rot13','strict')
print answer
My final one – Encrypt/decrypt module
My final one – Encrypt/decrypt module
Extra credit
Coding for Penetration Testers book
Extra credit
Script
Function
Learned
Success?
Webcheck_v1.py
Monitor web server – verify it
remains up
1.
2.
Script arguments
Connect to web server and run a GET request
Yes
Webcheck_v2.py
Monitor web server – verify it
remains up (default to port 80)
1.
Alternate script arguments method
No
Subnetcalc.py
Calculate subnet mask, broadcast
address, network range, and gateway
from IP/CIDR
1.
2.
3.
4.
Parse out values programmatically
Math functions with variables
Displaying results
Using FOR loops
Yes
Pass.py
Determines if users are using the
original default assigned password
1. Use the crypt module
Robotparser.py
Retrieve the paths from the robot.txt
root_check.py
Checks to see what permissions
logged in account has (normal user,
root or system account)
1.
Using IF and ELIF conditional statements
Yes
Readshadow.py
Checks to see if you have permission
to read /etc/shadow
1.
Tests permissions on files to see if current
credentials can read file
Yes
Network_socket.
py
Connect to website, pull contents
(hard coded)
1.
2.
Network socket creation
Spaces will bite you in the ass where you least
expect it.
Yes
No
No
Coding for Penetration Testers book
Extra credit
Script
Function
Learned
Success?
network_socket_argum
ent.py
Connect to website, pull contents
(site specified by argument)
1.
2.
Yes
Server_connect.py
Once a connection is made, send
back a string
1. Network socket creation
2. Allow incoming connections.
Network socket creation
Spaces will bite you in the ass where you
least expect it.
server_shell.py
Yes
No
receiveICMP.py
To receive a file from another
system via ICMP (in conjunction
with sendICMP.py)
1.
Python script using Scapy
Yes
sendICMP.py
To send a file to another system
via ICMP (in conjunction with
receiveICMP.py)
1.
Python script using Scapy
Yes
All the scripts
Category
CSAW Crypto
Redux –
Challenge 1 to
5
Extra credit
Coding for
Penetration
Testers – part 1
Coding for
Penetration
Testers – part 2
Coding for
Penetration
Testers – part 3
Extra extra
credit
Script
Extra credit
Coding for Pentesters - Exploitation
Extra extra credit
Scapy
• Packet creation
• Read PCAP files
• Create graphical dumps
• Must have appropriate supporting
tools installed
• Fuzzing
• Send and receive packets
• TCP traceroute (can do graphical dump
as well)
• Sniffing
• Send and receive files through
alternate data channels (ICMP)
• Ping
• ARP ping
• ICMP ping
• TCP ping
• UDP ping
• Wireless frame injection
• OS Fingerprinting
Extra extra credit
• Classic attacks
• Malformed packets
• Ping of death
• Nestea attack
• ARP cache poisoning
• Scans
• SYN scan
• ACK scan
• XMAS scan
• IP scan
• TCP port scan
• IKE scan
• Advanced traceroute
• TCP SYN traceroute
• UDP traceroute
• DNS traceroute
• VLAN hopping
• Wireless sniffing
• Firewalking
Scripts I created
Script
Extra extra extra credit
Function
URL deobfuscator – To read the
shortened URL website and tell
you the title.
Word list creator
Little gems I found
Extra extra credit
Description
Function
Site
Python-nmap
It’s a Python library which helps in
using nmap.
http://xael.org/norman/python/pythonnmap/
Python API to the VirtualBox
VM
Allowing you to control every
aspect of virtual machine
configuration and execution
http://download.virtualbox.org/virtualbox
/SDKRef.pdf
Py2Exe
py2exe is
a Python Distutils extension
which converts Python scripts
into executable Windows
programs, able to run without
requiring a Python installation.
http://www.py2exe.org/
Chrome
extensions/applications
Various extensions/applications
found in the Chrome Webstore
•
•
•
https://chrome.google.com/webstore/
detail/gdiimmpmdoofmahingpgabiikim
jgcia <-- Python shell (browser button)
https://chrome.google.com/webstore/
detail/cmlchnlmkdcpelgmkebknjgjgdd
ncelc - Python shell (Chrome
application)
https://chrome.google.com/webstore/
detail/nckbgikkpbjdliigbhgjfgfcahhona
kp <-- Online Python development
environment
Little gems I found
Extra extra credit
Description
Function
Site
Tweepy
It’s the best working Python
library to interface with Twitter
(so far)
http://tweepy.github.com/
Tweepy
http://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth
Additional resources
Beginners guides from Python
• http://wiki.python.org/moin/BeginnersGuide/NonProgrammers
• http://wiki.python.org/moin/BeginnersGuide/Programmers
Extra tools
• http://mashable.com/2007/10/02/python-toolbox/
Online exercises
• http://codingbat.com/python
• http://homepage.mac.com/s_lott/books/python.html
• http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html
• http://anh.cs.luc.edu/python/hands-on/
• http://code.google.com/edu/languages/google-python-class/index.html
• http://www.cdf.toronto.edu/~csc148h/winter/
• http://www.cdf.toronto.edu/~csc108h/fall/
• http://projecteuler.net/
• http://www.upriss.org.uk/python/PythonCourse.html
• http://www.pythonchallenge.com/
• http://learnpythonthehardway.org/
• http://www.awaretek.com/tutorials.html
• http://www.checkio.org/
• http://www.pyschools.com/
Additional resources
Free online videos
• http://freevideolectures.com/Course/2512/Python-Programming
• http://showmedo.com/videotutorials/python
• http://www.python.org/doc/av/
Online books
• http://en.wikibooks.org/wiki/Python_Programming
Online interactive tutorial/interpreter
• http://www.trypython.org
• http://www.learnpython.org/
• https://languageshells.appspot.com/
Forums
• http://www.python-forum.org
• http://stackoverflow.com/questions/tagged/python
• http://www.daniweb.com/software-development/python/114
Module/package repositories
• http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python
programming language. There are currently 17409 packages here.
• http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to
learn from and use.
Python tools for penetration testers
• http://www.dirk-loss.de/python-tools.htm
Additional resources
Tips, tricks, etc.
IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments)
• Windows
• PyScripter
• Aptana Studio
• IDLE
• Ninja
• Pycrust (it’s actually a shell)
• Part of wxPython
• Linux
• IDLE
• Geany
• Python Toolkit
• SPE
• ERIC (supposed to have auto-complete of code…)
• Pycrust (it’s actually a shell)
• Part of wxPython
• DreamPie (it’s actually a shell)
Editors (http://wiki.python.org/moin/PythonEditors)
• Windows
• Notepad++
• Linux
• Gedit
• SCiTE
Tips, tricks, etc.
Linux vs. Windows
Linux
•
Linux scripts can be ran via terminal
• calling python <script name>
• by putting #!/usr/bin/python at the top (path
to interpreter) and typing ./<script name>
• Common problem on PyScripter
(awesome Windows Python IDE)… extra
code comments are put at the top, then
the #! /usr/bin/python
Windows
•
Windows scripts don’t need the #! but need to have
.py associated with Python interepreter.
• Scripts can be double clicked or ran from
command prompt python <script name>
• If the script is double clicked, without
having raw_input("Press ENTER to exit")
you may not see the output of the script.
Portable Python (Windows only)
•
Portable Python is a Python® programming
language preconfigured to run directly from any USB
storage device, enabling you to have, at any time, a
portable programming environment. Just download
it, extract to your portable storage device or hard
drive and in 10 minutes you are ready to create your
next Python® application.
• Portable Python 2.7.2.1 package contains
following applications/libraries:
• PyScripter v2.4.1
• NymPy 1.6.0
• SciPy 0.90
• Matplotlib 1.0.1
• PyWin32 216
• Django 1.3
• PIL 1.1.7
• Py2Exe 0.6.9
• wxPython 2.8.12.0
• Portable Python 3.2.1.1 package contains
following applications/libraries (alphabetical
order):
• NetworkX v1.4
• PySerial 2.5
• PyScripter v2.4.1
• PyWin32 v.216
• RPyC-3.0.7
Tips, tricks, etc.
Etc.
Antigravity
• When you open up ModulesDocs and
click on antigravity module or from IDLE
run import antigravity, a web browser
opens to the XKCD cartoon at the
beginning of this slide deck.
Zen of Python
• To start the path of finding Zen of Python,
remember these two key words…
IMPORT THIS .
• From an IDE (IDLE) or a Python shell,
run import this and the Zen of
Python will be revealed.
Etc.
Final thoughts
Up next?
Questions?
Keith Dixon
@Tazdrumm3r
#misec – Tazdrumm3r
tazdrummer@gmail.com
http://tazdrumm3r.wordpress.com
