Overview of Python Flying made simple without the Nyquil hangover Agenda • • • • • • • • • About me History of Python About Python Python’s uses Python basics (Python 101) CSAW Crypto Redux Extra credit Resources Tips, tricks, observations About me Who am I? • Husband/father/geek/gets distracted by shiny objects easy • Career path switched to IT in 1999, professionally an IT guy since 2001 – Started the infosec career path switch in 2009, officially an infosec professional since 2012(?) • Vbscript – 2007 • Python – 2011 History of Python • Conceived in the late 1980’s by Guido van Rossum at CWI. • Was designed to be a successor to the ABC programming language • Benevolent Dictator for Life (BDFL) • Currently employed by Google where he spends half his time working on Python development • Python 2.0 was release on October 16th, 2000 • Contained many major new features • Full garbage collector (automatic memory management) • Unicode support • Biggest change – development process with a shift towards more transparent and community-backed process • Python 3.0 was released on December 2008 • Many major features have been back ported to Python 2.6 and 2.7 About Python • What is Python? • Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive. Its use of indentation for block delimiters is unique among popular programming languages. • Why is it called Python? • When he began implementing Python, Guido van Rossum was also reading the published scripts from “Monty Python’s Flying Circus”, a BBC comedy series from the 1970s. Van Rossum thought he needed a name that was short, unique, and slightly mysterious, so he decided to call the language Python. • Fun fact - The built in IDE is named after Eric Idle, a member of Monty Python. What is Python good for? • • • • • • Python comes with a large standard library that covers areas such as; • string processing (regular expressions, Unicode, calculating differences between files) • Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming) • software engineering (unit testing, logging, profiling, parsing Python code) • operating system interfaces (system calls, file systems, TCP/IP sockets) • Artificial intelligence (because of similarities to Lisp) Extensive use in the information security industry, including exploit development. • Network, debugging and reverse engineering, fuzzing, web, forensics, malware analysis, PDF, etc. Easy to write short scripts for system admin work. Python code is easy to understand. • Once the basic syntax is learned, even the most complicated scripts can make sense. Python is cross platform!! • It will work on Linux, Windows, Mac and most every other OS. Many, many resources and a big, friendly community Python’s uses Python’s uses • Applications • BitTorrent • DropBox • Video games • Civilization IV • Battlefield 2 • Eve Online • Vampire: The Masquerade – Bloodlines • Graphics • Industrial Light & Magic • "The Phantom Menace", "The Mummy Returns" and other productions as ones where Python was used. • Walt Disney Feature Animation • Science • NASA • National Weather Service • GUI frameworks • TKInter • PyQt • wxPython • Embedded as a scripting language • Amarok • GIMP • Autodesk Maya • Commercial uses • Google apps • Reddit • YouTube • Government • CIA.gov • Python implementations • Cpython • IronPython – Python for .NET and Mono platforms • Jython – Python coded in Java Python basics • Indentation does matter • If, If.. Else, If… Elif (no Then) • Syntax is easy • All scripts are considered modules • All functions inside module can be used or only certain methods can be used inside script This will work But this won’t if True: print "True" else: print "False“ if True: print "Answer" print "True" else: print "Answer" print "False" If statement Else statement Elif statement if expression: statement(s) if expression: statement(s) else: statement(s) if expression1: statement(s) elif expression2: statement(s) else: statement(s) Entire module Partial method import sys from sys import argv Python basics • Help is built in • It can be ran interactively Help on modules Help on methods >>> Import sys, hashlib >>> help(sys) >>> help(hashlib) >>> Import sys, hashlib >>> help(sys.argv) >>> help(hashlib.sha512) >>> pydoc sys >>> pydoc hashlib >>> pydoc sys.argv >>> pydoc hashlib.sha512 Via command prompt Via IDLE or DreamPie python • IDLE is built in to Python installs • DreamPie is a Python shell (best used on Linux) Python 2.72 Type “help”, “copyright”.. >>> Inspiration for the idea? Post CSAW CTF My approach – Post CSAW crypto challenges Each challenge 1. Encrypted message inside script – Output is decrypted 2. Encrypted message can be used as an argument when calling script – Output is decrypted 3. Encrypted message can be read from a file for decrypting Overall 1. One module for all decrypting, each decryption style is a method My overall scoreboard Challenge 1Unicode Challenge 2 – Hex Challenge 3 – Binary Challenge 4 – Base64 Challenge 5 – ROT13 Challenge 6 - Script option 1 inside script Done Done Done * Done Done Incomplete Script option 2 – argument Done Done Done* Done Done Incomplete Script option 3 – from file Done Done Done* Done Done Incomplete Script option 4 – from input (scrapped, 255 character limit) n/a n/a n/a n/a n/a Incomplete Overall – module with methods (CSAW_Crypto.py) Success Success Success Success Success Incomplete * Found the code excerpt online CSAW Crypto Redux Crypto challenge # 1 Cipher text: 87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46 Answer Welcome to the 2011 NYU Poly CSAW CTF event. We have planned many challenges for you and we hope you have fun solving them all. The key for this challenge is cryptography. Wolfgang’s code private static string AsciiToString(string encodedString) { string[] encodedChars = encodedString.Split(' '); char[] decodedChars = new char[encodedChars.Length]; for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-10 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 10); // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars); } Matt’s code $string=$null [int[]]$array = ("87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46").Split(" ") foreach($l in $array) { $string += [char]$l} $string My code Option # 1 – Encrypted message inside script – Output is decrypted #!/usr/bin/python Import sys code1 = (87,101,108,99,111,109,101,32,116,111,32,116,104,101 ,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83 ,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,10 1,32,104,97,118,101,32,112,108,97,110,110,101,100,32, 109,97,110,121,32,99,104,97,108,108,101,110,103,101, 115,32,102,111,114,32,121,111,117,32,97,110,100,32,1 19,101,32,104,111,112,101,32,121,111,117,32,104,97,1 18,101,32,102,117,110,32,115,111,108,118,105,110,103 ,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32 ,107,101,121,32,102,111,114,32,116,104,105,115,32,99, 104,97,108,108,101,110,103,101,32,105,115,32,99,114, 121,112,116,111,103,114,97,112,104,121,46) for i in code1: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted #!/usr/bin/python import sys if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>\n") code1 = (sys.argv[1]) code_split = code1.split(':') for i in code_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) My code Option # 3 - Encrypted message can be read from a file for decrypting #!/usr/bin/python import binascii, sys f = open ('unicode.txt', 'r') file = f.read() code_split = file.split(':') for decode in code_split: decode1 = int(decode) codefinal = chr(decode1) sys.stdout.write(codefinal) f.close ( ) CSAW Crypto Redux Crypto challenge # 2 Cipher text: 54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:65:20 :62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:20:6c: 65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75: 6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:20:64: 65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:65:63: 74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6 e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6 f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:69:6c:6 c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:62:65:2 0:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:6 9:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72:7 4:68:72:6f:77:2e Answer Last weeks meeting was a great success. We seem to be generating a lot of buzz about the movement. The key for next weeks meeting is resistance. If there is anyone else you know of that may be interested in joining bring them to the meeting this week. It will be held same time, same place. Wolfgang’s code private static string AsciiHexToString(string encodedString) { string[] encodedChars = encodedString.Split(':'); char[] decodedChars = new char[encodedChars.Length]; for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-16 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 16); // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars); } $string = $null $text = "54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65: 73:73:61:67:65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:7 9:6f:75:20:62:79:20:74:68:65:20:6c:65:61:64:65:72:73:68:69:70 :20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:6f:75:6e:64:20:5 5:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65 :20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67: 65:20:63:6f:72:72:65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20 :6e:6f:77:20:6b:6e:6f:77:20:6f:75:72:20:6e:65:78:74:20:6d:65:6 5:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:64:20:6f:6e: 20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65: 20:77:69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:2 0:6b:65:79:20:74:6f:20:62:65:20:6c:65:74:20:69:6e:74:6f:20:74: 68:65:20:6d:65:65:74:69:6e:67:73:3b:20:74:68:69:73:20:77:65: 65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:65:72 :74:68:72:6f:77:2e" $text.Split(':') | ForEach-Object {[Convert]::ToInt32($_,16)} | ForEach-Object {$string = $string + [Convert]::ToChar($_)} $string Matt’s code My code Option # 1 – Encrypted message inside script – Output is decrypted #!/usr/bin/python import binascii, sys hex = '54:68:69:73:20:69:73:20:74:68:65:20:66:69:72:73:74:20:6d:65:73:73:61:67:\ 65:20:62:65:69:6e:67:20:73:65:6e:74:20:74:6f:20:79:6f:75:20:62:79:20:74:68:65:\ 20:6c:65:61:64:65:72:73:68:69:70:20:6f:66:20:74:68:65:20:55:6e:64:65:72:67:72:\ 6f:75:6e:64:20:55:70:72:69:73:69:6e:67:2e:20:49:66:20:79:6f:75:20:68:61:76:65:\ 20:64:65:63:6f:64:65:64:20:74:68:69:73:20:6d:65:73:73:61:67:65:20:63:6f:72:72:\ 65:63:74:6c:79:20:79:6f:75:20:77:69:6c:6c:20:6e:6f:77:20:6b:6e:6f:77:20:6f:75:\ 72:20:6e:65:78:74:20:6d:65:65:74:69:6e:67:20:77:69:6c:6c:20:62:65:20:68:65:6c:\ 64:20:6f:6e:20:57:65:64:6e:65:73:64:61:79:20:40:20:37:70:6d:2e:20:57:65:20:77:\ 69:6c:6c:20:61:6c:73:6f:20:72:65:71:75:69:72:65:20:61:20:6b:65:79:20:74:6f:20:\ 62:65:20:6c:65:74:20:69:6e:74:6f:20:74:68:65:20:6d:65:65:74:69:6e:67:73:3b:20:\ 74:68:69:73:20:77:65:65:6b:1f:73:20:6b:65:79:20:77:69:6c:6c:20:62:65:20:6f:76:\ 65:72:74:68:72:6f:77:2e' hex_split = hex.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted #!/usr/bin/python import sys, binascii if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Unicode data you wish to decode>\n") code1 = (sys.argv[1]) hex_split = code1.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) My code Option # 3 - Encrypted message can be read from a file for decrypting #!/usr/bin/python import binascii, sys f = open ('hex.txt', 'r') file = f.read() hex_split = file.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) f.close ( ) CSAW Crypto Redux Crypto challenge # 3 Cipher text: 010011000110000101110011011101000010000001110111011001010110010101101011011100110010000001101101011001010110 010101110100011010010110111001100111001000000111011101100001011100110010000001100001001000000110011101110010 011001010110000101110100001000000111001101110101011000110110001101100101011100110111001100101110001000000101 011101100101001000000111001101100101011001010110110100100000011101000110111100100000011000100110010100100000 011001110110010101101110011001010111001001100001011101000110100101101110011001110010000001100001001000000110 110001101111011101000010000001101111011001100010000001100010011101010111101001111010001000000110000101100010 011011110111010101110100001000000111010001101000011001010010000001101101011011110111011001100101011011010110 010101101110011101000010111000100000010101000110100001100101001000000110101101100101011110010010000001100110 011011110111001000100000011011100110010101111000011101000010000001110111011001010110010101101011011100110010 000001101101011001010110010101110100011010010110111001100111001000000110100101110011001000000111001001100101 011100110110100101110011011101000110000101101110011000110110010100101110001000000100100101100110001000000111 010001101000011001010111001001100101001000000110100101110011001000000110000101101110011110010110111101101110 011001010010000001100101011011000111001101100101001000000111100101101111011101010010000001101011011011100110 111101110111001000000110111101100110001000000111010001101000011000010111010000100000011011010110000101111001 001000000110001001100101001000000110100101101110011101000110010101110010011001010111001101110100011001010110 010000100000011010010110111000100000011010100110111101101001011011100110100101101110011001110010000001100010 011100100110100101101110011001110010000001110100011010000110010101101101001000000111010001101111001000000111 010001101000011001010010000001101101011001010110010101110100011010010110111001100111001000000111010001101000 011010010111001100100000011101110110010101100101011010110010111000100000010010010111010000100000011101110110 100101101100011011000010000001100010011001010010000001101000011001010110110001100100001000000111001101100001 011011010110010100100000011101000110100101101101011001010010110000100000011100110110000101101101011001010010 0000011100000110110001100001011000110110010100101110 Answer Last weeks meeting was a great success. We seem to be generating a lot of buzz about the movement. The key for next weeks meeting is resistance. If there is anyone else you know of that may be interested in joining bring them to the meeting this week. It will be held same time, same place. Wolfgang’s code private static string BinaryToString(string encodedString) { char[] decodedChars = new char[encodedString.Length / 8]; for (int i = 0; i < decodedChars.Length; i++) { // Convert the number in binary (base-2) to an integer int codeNum = Convert.ToInt32(encodedString.Substring(i * 8, 8), 2); // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars); } $test = "010011000110000101110011011101000010000001110111011001010110010101101011011100 1100100000011011010110010101100101011101000110100101101110011001110010000001110 1110110000101110011001000000110000100100000011001110111001001100101011000010111 0100001000000111001101110101011000110110001101100101011100110111001100101110001 0000001010111011001010010000001110011011001010110010101101101001000000111010001 1011110010000001100010011001010010000001100111011001010110111001100101011100100 1100001011101000110100101101110011001110010000001100001001000000110110001101111 0111010000100000011011110110011000100000011000100111010101111010011110100010000 0011000010110001001101111011101010111010000100000011101000110100001100101001000 0001101101011011110111011001100101011011010110010101101110011101000010111000100 0000101010001101000011001010010000001101011011001010111100100100000011001100110 1111011100100010000001101110011001010111100001110100001000000111011101100101011 0010101101011011100110010000001101101011001010110010101110100011010010110111001 1001110010000001101001011100110010000001110010011001010111001101101001011100110 1110100011000010110111001100011011001010010111000100000010010010110011000100000 0111010001101000011001010111001001100101001000000110100101110011001000000110000 1011011100111100101101111011011100110010100100000011001010110110001110011011001 0100100000011110010110111101110101001000000110101101101110011011110111011100100 0000110111101100110001000000111010001101000011000010111010000100000011011010110 0001011110010010000001100010011001010010000001101001011011100111010001100101011 1001001100101011100110111010001100101011001000010000001101001011011100010000001 1010100110111101101001011011100110100101101110011001110010000001100010011100100 1101001011011100110011100100000011101000110100001100101011011010010000001110100 0110111100100000011101000110100001100101001000000110110101100101011001010111010 0011010010110111001100111001000000111010001101000011010010111001100100000011101 1101100101011001010110101100101110001000000100100101110100001000000111011101101 0010110110001101100001000000110001001100101001000000110100001100101011011000110 0100001000000111001101100001011011010110010100100000011101000110100101101101011 0010100101100001000000111001101100001011011010110010100100000011100000110110001 100001011000110110010100101110" $string = $null $chars = while ($test.Length) { $byte = $test.Substring(0,8) $test = $test.Substring(8) $([Convert]::ToChar([Convert]::ToByte($byte, 2))) } $chars -join "" Matt’s code #!/usr/bin/python import math, sys # v = value to split, l = size of each chunk My code f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f ('0100110001100001011100110111010000100000011101110110010101100101\ 0110101101110011001000000110110101100101011001010111010001101001011011100110011\ 1001000000111011101100001011100110010000001100001001000000110011101110010011001\ 0101100001011101000010000001110011011101010110001101100011011001010111001101110\ 0110010111000100000010101110110010100100000011100110110010101100101011011010010\ 0000011101000110111100100000011000100110010100100000011001110110010101101110011\ 0010101110010011000010111010001101001011011100110011100100000011000010010000001\ 1011000110111101110100001000000110111101100110001000000110001001110101011110100\ 1111010001000000110000101100010011011110111010101110100001000000111010001101000\ 0110010100100000011011010110111101110110011001010110110101100101011011100111010\ 0001011100010000001010100011010000110010100100000011010110110010101111001001000\ 0001100110011011110111001000100000011011100110010101111000011101000010000001110\ 1110110010101100101011010110111001100100000011011010110010101100101011101000110\ 1001011011100110011100100000011010010111001100100000011100100110010101110011011\ 0100101110011011101000110000101101110011000110110010100101110001000000100100101\ 1001100010000001110100011010000110010101110010011001010010000001101001011100110\ 0100000011000010110111001111001011011110110111001100101001000000110010101101100\ 0111001101100101001000000111100101101111011101010010000001101011011011100110111\ 1011101110010000001101111011001100010000001110100011010000110000101110100001000\ 0001101101011000010111100100100000011000100110010100100000011010010110111001110\ 1000110010101110010011001010111001101110100011001010110010000100000011010010110\ 1110001000000110101001101111011010010110111001101001011011100110011100100000011\ 0001001110010011010010110111001100111001000000111010001101000011001010110110100\ 1000000111010001101111001000000111010001101000011001010010000001101101011001010\ 1100101011101000110100101101110011001110010000001110100011010000110100101110011\ 0010000001110111011001010110010101101011001011100010000001001001011101000010000\ 0011101110110100101101100011011000010000001100010011001010010000001101000011001\ 0101101100011001000010000001110011011000010110110101100101001000000111010001101\ 0010110110101100101001011000010000001110011011000010110110101100101001000000111\ 00000110110001100001011000110110010100101110',8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) Option # 1 – Encrypted message inside script – Output is decrypted My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted import sys, math if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <binary code you wish to decode>\n") f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f(sys.argv[1],8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) My code Option # 3 - Encrypted message can be read from a file for decrypting #!/usr/bin/python import math, sys f = open ('binary.txt', 'r') file = f.read() f1 = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f1(file,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) f.close ( ) CSAW Crypto Redux Crypto challenge # 4 Cipher text: VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBjcmF6 eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIHRob3NlIGd 1eXMgaW4gdGhlIGJsYWNrIHN1aXRzIGNhbWUgZnJ vbSwgYnV0IHdlIGFyZSBsb29raW5nIGludG8gaXQuIF VzZSB0aGUga2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4 dCB3ZWVrknMgbWVldGluZy4gU3RheSB3aXRoIHRo ZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZWVkLg== Answer That meeting was a little crazy. We have no idea where those guys in the black suits came from, but we are looking into it. Use the key infiltration for next week’s meeting. Stay with the cause and we will succeed. Wolfgang’s code private static string DecodeBase64ToString(string encodedString) { byte[] encodedAsBytes = System.Convert.FromBase64String(e ncodedString); return System.Text.UTF8Encoding.UTF8 .GetString(encodedAsBytes); } Matt’s code $text = "VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZSBj cmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdoZXJlIH Rob3NlIGd1eXMgaW4gdGhlIGJsYWNrIHN1aXR zIGNhbWUgZnJvbSwgYnV0IHdlIGFyZSBsb29ra W5nIGludG8gaXQuIFVzZSB0aGUga2V5IGluZml sdHJhdGlvbiBmb3IgbmV4dCB3ZWVrknMgbWV ldGluZy4gU3RheSB3aXRoIHRoZSBjYXVzZSBhbm Qgd2Ugd2lsbCBzdWNjZWVkLg==“ $bytes = [System.Convert]::FromBase64String($text) $string = [System.Text.Encoding]::UTF8.GetString($bytes ) $string My code Option # 1 – Encrypted message inside script – Output is decrypted #!/usr/bin/python code3 = ("VGhhdCBtZWV0aW5nIHdhcyBhIGxpdHRsZ SBjcmF6eS4gV2UgaGF2ZSBubyBpZGVhIHdo ZXJlIHRob3NlIGd1eXMgaW4gdGhlIGJsYWNrI HN1aXRzIGNhbWUgZnJvbSwgYnV0IHdlIGFyZ SBsb29raW5nIGludG8gaXQuIFVzZSB0aGUga 2V5IGluZmlsdHJhdGlvbiBmb3IgbmV4dCB3Z WVrknMgbWVldGluZy4gU3RheSB3aXRoIHR oZSBjYXVzZSBhbmQgd2Ugd2lsbCBzdWNjZW VkLg==") answer=code3.decode('base64','strict') print answer My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted #!/usr/bin/python import sys if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <Base64 code you wish to decode>\n") basecode = sys.argv[1] answer=basecode.decode('base64','strict') print "This is the encoded message : " + sys.argv[1] print "This is the decoded message : " + answer My code Option # 3 - Encrypted message can be read from a file for decrypting #!/usr/bin/python f = open ('base64.txt', 'r') file = f.read() answer=file.decode('base64','strict') print answer f.close ( ) CSAW Crypto Redux Crypto challenge # 5 Cipher text: JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF JR'ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ. Answer We have discovered that our last three transmissions we're easily deciphered. We have taken care of the party responsible for their encoding and are now using a new method. Use the information provided at last week.s meeting to decipher all new messages. And remember, this week's key is obfuscated. Wolfgang’s code (part 1) private static string RotToString(string encodedString, int rotation) { // Boundary check because this only works for ROT1 thru ROT26 if (rotation < 0 | rotation > 26) { throw new Exception("RotToString only supports ROT1 thru ROT26."); } char[] encodedChars = encodedString.ToArray(); char[] decodedChars = new char[encodedChars.Length]; int A = Convert.ToInt32('A'); // 65 int Z = Convert.ToInt32('Z'); // 90 int a = Convert.ToInt32('a'); // 97 int z = Convert.ToInt32('z'); // 122 Wolfgang’s code (part 2) for (int i = 0; i < decodedChars.Length; i++) { int codeNum = Convert.ToInt32(encodedChars[i]); // Rotate capital letters A-Z 65-90 if (codeNum >= A && codeNum <= Z) { codeNum = codeNum - rotation; if (codeNum < A) { codeNum = Z - (A - codeNum) + 1; } } // Rotate lower-case letters a-z 97-122 if (codeNum >= a && codeNum <= z) { codeNum = codeNum - rotation; if (codeNum < a) { codeNum = z - (a - codeNum) + 1; } } // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); Wolfgang’s code (part 3) return new string(decodedChars); } Matt’s code My code Option # 1 – Encrypted message inside script – Output is decrypted #!/usr/bin/python rot13 = ('JR UNIR QVFPBIRERQ GUNG BHE YNFG GUERR GENAFZVFFVBAF JR ER RNFVYL QRPVCURERQ. JR UNIR GNXRA PNER BS GUR CNEGL ERFCBAFVOYR SBE GURVE RAPBQVAT NAQ NER ABJ HFVAT N ARJ ZRGUBQ. HFR GUR VASBEZNGVBA CEBIVQRQ NG YNFG JRRX.F ZRRGVAT GB QRPVCURE NYY ARJ ZRFFNTRF. NAQ ERZRZORE, GUVF JRRX.F XRL VF BOSHFPNGRQ.') answer=rot13.decode('rot13','strict') print answer My code Option # 2 – Encrypted message can be used as an argument when calling script – Output is decrypted #!/usr/bin/python import sys if len(sys.argv)<2: sys.exit("Usage " + sys.argv[0] + " <ROT13 code you wish to decode>\n") basecode = sys.argv[1] answer=basecode.decode('rot13','strict') print "This is the encoded message : " + sys.argv[1] print "This is the decoded message : " + answer My code Option # 3 - Encrypted message can be read from a file for decrypting #!/usr/bin/python f = open ('rot13.txt', 'r') file = f.read() answer=file.decode('rot13','strict') print answer f.close ( ) My final one – Encrypt/decrypt module #!/usr/bin/python import sys def hexdecode(hex_key): import binascii hex_split = hex_key.split(':') for decode in hex_split: hex_decode = binascii.a2b_hex(decode) sys.stdout.write(hex_decode) def uni_decode(unicode_key): unicode_split=unicode_key.split(':') for i in unicode_split: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) def base64_decode(base64_key): answer=base64_key.decode('base64','strict') print answer def binary_decode(binary_key): import math f = lambda v, l: [v[i*l:(i+1)*l] for i in range(int(math.ceil(len(v)/float(l))))] basecode = f (binary_key,8) for code in basecode: x = (code) decodea = int(code,2) decodeb = chr(decodea) sys.stdout.write(decodeb) def rot13_decode(rot13_key): answer=rot13_key.decode('rot13','strict') print answer My final one – Encrypt/decrypt module My final one – Encrypt/decrypt module Extra credit Coding for Penetration Testers book Extra credit Script Function Learned Success? Webcheck_v1.py Monitor web server – verify it remains up 1. 2. Script arguments Connect to web server and run a GET request Yes Webcheck_v2.py Monitor web server – verify it remains up (default to port 80) 1. Alternate script arguments method No Subnetcalc.py Calculate subnet mask, broadcast address, network range, and gateway from IP/CIDR 1. 2. 3. 4. Parse out values programmatically Math functions with variables Displaying results Using FOR loops Yes Pass.py Determines if users are using the original default assigned password 1. Use the crypt module Robotparser.py Retrieve the paths from the robot.txt root_check.py Checks to see what permissions logged in account has (normal user, root or system account) 1. Using IF and ELIF conditional statements Yes Readshadow.py Checks to see if you have permission to read /etc/shadow 1. Tests permissions on files to see if current credentials can read file Yes Network_socket. py Connect to website, pull contents (hard coded) 1. 2. Network socket creation Spaces will bite you in the ass where you least expect it. Yes No No Coding for Penetration Testers book Extra credit Script Function Learned Success? network_socket_argum ent.py Connect to website, pull contents (site specified by argument) 1. 2. Yes Server_connect.py Once a connection is made, send back a string 1. Network socket creation 2. Allow incoming connections. Network socket creation Spaces will bite you in the ass where you least expect it. server_shell.py Yes No receiveICMP.py To receive a file from another system via ICMP (in conjunction with sendICMP.py) 1. Python script using Scapy Yes sendICMP.py To send a file to another system via ICMP (in conjunction with receiveICMP.py) 1. Python script using Scapy Yes All the scripts Category CSAW Crypto Redux – Challenge 1 to 5 Extra credit Coding for Penetration Testers – part 1 Coding for Penetration Testers – part 2 Coding for Penetration Testers – part 3 Extra extra credit Script Extra credit Coding for Pentesters - Exploitation Extra extra credit Scapy • Packet creation • Read PCAP files • Create graphical dumps • Must have appropriate supporting tools installed • Fuzzing • Send and receive packets • TCP traceroute (can do graphical dump as well) • Sniffing • Send and receive files through alternate data channels (ICMP) • Ping • ARP ping • ICMP ping • TCP ping • UDP ping • Wireless frame injection • OS Fingerprinting Extra extra credit • Classic attacks • Malformed packets • Ping of death • Nestea attack • ARP cache poisoning • Scans • SYN scan • ACK scan • XMAS scan • IP scan • TCP port scan • IKE scan • Advanced traceroute • TCP SYN traceroute • UDP traceroute • DNS traceroute • VLAN hopping • Wireless sniffing • Firewalking Scripts I created Script Extra extra extra credit Function URL deobfuscator – To read the shortened URL website and tell you the title. Word list creator Little gems I found Extra extra credit Description Function Site Python-nmap It’s a Python library which helps in using nmap. http://xael.org/norman/python/pythonnmap/ Python API to the VirtualBox VM Allowing you to control every aspect of virtual machine configuration and execution http://download.virtualbox.org/virtualbox /SDKRef.pdf Py2Exe py2exe is a Python Distutils extension which converts Python scripts into executable Windows programs, able to run without requiring a Python installation. http://www.py2exe.org/ Chrome extensions/applications Various extensions/applications found in the Chrome Webstore • • • https://chrome.google.com/webstore/ detail/gdiimmpmdoofmahingpgabiikim jgcia <-- Python shell (browser button) https://chrome.google.com/webstore/ detail/cmlchnlmkdcpelgmkebknjgjgdd ncelc - Python shell (Chrome application) https://chrome.google.com/webstore/ detail/nckbgikkpbjdliigbhgjfgfcahhona kp <-- Online Python development environment Little gems I found Extra extra credit Description Function Site Tweepy It’s the best working Python library to interface with Twitter (so far) http://tweepy.github.com/ Tweepy http://talkfast.org/2010/05/31/twitter-from-the-command-line-in-python-using-oauth Additional resources Beginners guides from Python • http://wiki.python.org/moin/BeginnersGuide/NonProgrammers • http://wiki.python.org/moin/BeginnersGuide/Programmers Extra tools • http://mashable.com/2007/10/02/python-toolbox/ Online exercises • http://codingbat.com/python • http://homepage.mac.com/s_lott/books/python.html • http://web.archive.org/web/20110625065328/http://diveintopython.org/toc/index.html • http://anh.cs.luc.edu/python/hands-on/ • http://code.google.com/edu/languages/google-python-class/index.html • http://www.cdf.toronto.edu/~csc148h/winter/ • http://www.cdf.toronto.edu/~csc108h/fall/ • http://projecteuler.net/ • http://www.upriss.org.uk/python/PythonCourse.html • http://www.pythonchallenge.com/ • http://learnpythonthehardway.org/ • http://www.awaretek.com/tutorials.html • http://www.checkio.org/ • http://www.pyschools.com/ Additional resources Free online videos • http://freevideolectures.com/Course/2512/Python-Programming • http://showmedo.com/videotutorials/python • http://www.python.org/doc/av/ Online books • http://en.wikibooks.org/wiki/Python_Programming Online interactive tutorial/interpreter • http://www.trypython.org • http://www.learnpython.org/ • https://languageshells.appspot.com/ Forums • http://www.python-forum.org • http://stackoverflow.com/questions/tagged/python • http://www.daniweb.com/software-development/python/114 Module/package repositories • http://pypi.python.org/pypi The Python Package Index is a repository of software for the Python programming language. There are currently 17409 packages here. • http://code.activestate.com/recipes/ The ActiveState Code Recipes contains 3850 snippets to learn from and use. Python tools for penetration testers • http://www.dirk-loss.de/python-tools.htm Additional resources Tips, tricks, etc. IDE (http://wiki.python.org/moin/IntegratedDevelopmentEnvironments) • Windows • PyScripter • Aptana Studio • IDLE • Ninja • Pycrust (it’s actually a shell) • Part of wxPython • Linux • IDLE • Geany • Python Toolkit • SPE • ERIC (supposed to have auto-complete of code…) • Pycrust (it’s actually a shell) • Part of wxPython • DreamPie (it’s actually a shell) Editors (http://wiki.python.org/moin/PythonEditors) • Windows • Notepad++ • Linux • Gedit • SCiTE Tips, tricks, etc. Linux vs. Windows Linux • Linux scripts can be ran via terminal • calling python <script name> • by putting #!/usr/bin/python at the top (path to interpreter) and typing ./<script name> • Common problem on PyScripter (awesome Windows Python IDE)… extra code comments are put at the top, then the #! /usr/bin/python Windows • Windows scripts don’t need the #! but need to have .py associated with Python interepreter. • Scripts can be double clicked or ran from command prompt python <script name> • If the script is double clicked, without having raw_input("Press ENTER to exit") you may not see the output of the script. Portable Python (Windows only) • Portable Python is a Python® programming language preconfigured to run directly from any USB storage device, enabling you to have, at any time, a portable programming environment. Just download it, extract to your portable storage device or hard drive and in 10 minutes you are ready to create your next Python® application. • Portable Python 2.7.2.1 package contains following applications/libraries: • PyScripter v2.4.1 • NymPy 1.6.0 • SciPy 0.90 • Matplotlib 1.0.1 • PyWin32 216 • Django 1.3 • PIL 1.1.7 • Py2Exe 0.6.9 • wxPython 2.8.12.0 • Portable Python 3.2.1.1 package contains following applications/libraries (alphabetical order): • NetworkX v1.4 • PySerial 2.5 • PyScripter v2.4.1 • PyWin32 v.216 • RPyC-3.0.7 Tips, tricks, etc. Etc. Antigravity • When you open up ModulesDocs and click on antigravity module or from IDLE run import antigravity, a web browser opens to the XKCD cartoon at the beginning of this slide deck. Zen of Python • To start the path of finding Zen of Python, remember these two key words… IMPORT THIS . • From an IDE (IDLE) or a Python shell, run import this and the Zen of Python will be revealed. Etc. Final thoughts Up next? Questions? Keith Dixon @Tazdrumm3r #misec – Tazdrumm3r tazdrummer@gmail.com http://tazdrumm3r.wordpress.com