0%

When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. In Black Hat Python, 2nd Edition, you’ll explore the darker side of Python’s capabilities—writing network sniffers, stealing email credentials, brute forcing directories, crafting mutation fuzzers, infecting virtual machines, creating stealthy trojans, and more.

The second edition of this bestselling hacking book contains code updated for the latest version of Python 3, as well as new techniques that reflect current industry best practices. You’ll also find expanded explanations of Python libraries such as ctypes, struct, lxml, and BeautifulSoup, and dig deeper into strategies, from splitting bytes to leveraging computer-vision libraries, that you can apply to future hacking projects.

You’ll learn how to:

•Create a trojan command-and-control using GitHub
•Detect sandboxing and automate common malware tasks, like keylogging and screenshotting
•Escalate Windows privileges with creative process control
•Use offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machine
•Extend the popular Burp Suite web-hacking tool
•Abuse Windows COM automation to perform a man-in-the-browser attack
•Exfiltrate data from a network most sneakily

When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how with the second edition of Black Hat Python.

Table of Contents

  1. Praise for the First Edition
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Authors
  6. Foreword
  7. Preface
  8. Acknowledgments
  9. Chapter 1: Setting Up Your Python Environment
    1. Installing Kali Linux
    2. Setting Up Python 3
    3. Installing an IDE
    4. Code Hygiene
  10. Chapter 2: Basic Networking Tools
    1. Python Networking in a Paragraph
    2. TCP Client
    3. UDP Client
    4. TCP Server
    5. Replacing Netcat
    6. Kicking the Tires
    7. Building a TCP Proxy
    8. Kicking the Tires
    9. SSH with Paramiko
    10. Kicking the Tires
    11. SSH Tunneling
    12. Kicking the Tires
  11. Chapter 3: Writing a Sniffer
    1. Building a UDP Host Discovery Tool
    2. Packet Sniffing on Windows and Linux
    3. Kicking the Tires
    4. Decoding the IP Layer
    5. The ctypes Module
    6. The struct Module
    7. Writing the IP Decoder
    8. Kicking the Tires
    9. Decoding ICMP
    10. Kicking the Tires
  12. Chapter 4: Owning the Network with Scapy
    1. Stealing Email Credentials
    2. Kicking the Tires
    3. ARP Cache Poisoning with Scapy
    4. Kicking the Tires
    5. pcap Processing
    6. Kicking the Tires
  13. Chapter 5: Web Hackery
    1. Using Web Libraries
    2. The urllib2 Library for Python 2.x
    3. The urllib Library for Python 3.x
    4. The requests Library
    5. The lxml and BeautifulSoup Packages
    6. Mapping Open Source Web App Installations
    7. Mapping the WordPress Framework
    8. Testing the Live Target
    9. Kicking the Tires
    10. Brute-Forcing Directories and File Locations
    11. Kicking the Tires
    12. Brute-Forcing HTML Form Authentication
    13. Kicking the Tires
  14. Chapter 6: Extending Burp Proxy
    1. Setting Up
    2. Burp Fuzzing
    3. Kicking the Tires
    4. Using Bing for Burp
    5. Kicking the Tires
    6. Turning Website Content into Password Gold
    7. Kicking the Tires
  15. Chapter 7: GitHub Command and Control
    1. Setting Up a GitHub Account
    2. Creating Modules
    3. Configuring the Trojan
    4. Building a GitHub-Aware Trojan
    5. Hacking Python’s import Functionality
    6. Kicking the Tires
  16. Chapter 8: Common Trojaning Tasks on Windows
    1. Keylogging for Fun and Keystrokes
    2. Kicking the Tires
    3. Taking Screenshots
    4. Pythonic Shellcode Execution
    5. Kicking the Tires
    6. Sandbox Detection
  17. Chapter 9: Fun with Exfiltration
    1. Encrypting and Decrypting Files
    2. Email Exfiltration
    3. File Transfer Exfiltration
    4. Exfiltration via a Web Server
    5. Putting It All Together
    6. Kicking the Tires
  18. Chapter 10: Windows Privilege Escalation
    1. Installing the Prerequisites
    2. Creating the Vulnerable BlackHat Service
    3. Creating a Process Monitor
    4. Process Monitoring with WMI
    5. Kicking the Tires
    6. Windows Token Privileges
    7. Winning the Race
    8. Kicking the Tires
    9. Code Injection
    10. Kicking the Tires
  19. Chapter 11: Offensive Forensics
    1. Installation
    2. General Reconnaissance
    3. User Reconnaissance
    4. Vulnerability Reconnaissance
    5. The volshell Interface
    6. Custom Volatility Plug-Ins
    7. Kicking the Tires
    8. Onward!
  20. Index
54.205.238.173