Violent python
1 like789 views
This document discusses how Python can be used for both ethical and unethical hacking purposes. It provides examples of how Python allows for easy learning, is cross-platform, and has many built-in tools and libraries that enable activities like dictionary attacks, brute force cracking, analyzing Skype databases, and using APIs to interact with systems like sockets in a similar way to C. The document also lists several Python security tools and frameworks like Scapy and recommends resources like books and tutorials that provide inspiration for writing hacking tools with Python.
Violent python
- 1. Violent Python: Python in the dark side darkx PyCON.tw 2013
- 2. About ● a.k.a. xatier ● 平凡無奇的大學生 ● 喜好自由軟體和資訊安全技術 ● Python 只是輔助 (?)
- 3. 工商服務 晚點 18:00 BoF 八號場地 強者我學長 Dr. Ken 大大 ● 講題『Mining Interest Topics from Plurk by using Python』 http://j.mp/10VSNPt
- 4. 工商服務 晚點 18:00 BoF 八號場地 強者我學長 Dr. Ken 大大 ● 講題『Mining Interest Topics from Plurk by using Python』 http://j.mp/10VSNPt
- 5. 最常拿 Python 來 ...
- 6. We Love Python ●Easy to Learn ●Easy to Read ● Easy to Hack (?) ●Cross platform ●Builtin tools ●Libraries
- 7. “This (Programming), of course, is the fundamental hacking skill. If you don't know any computer languages, I recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects. ” – How to become a hacker (ESR)
- 8. (compare to C) ….. “With today's machines as powerful as they are, this is usually a bad tradeoff — it's smarter to use a language that uses the machine's time less efficiently, but your time much more efficiently. Thus, Python.” – How to become a hacker (ESR)
- 9. 小試身手
- 10. decrypt
- 11. decrypt import crypt crypt.crypt(word, salt) -> string word will usually be a user's password. salt is a 2- character string which will be used to select one of 4096 variations of DES. The characters in salt must be either ".", "/", or an alphanumeric character. Returns the hashed password as a string, which will be composed of characters from the same alphabet as the salt.
- 12. ● Dictionary Attack ● /usr/share/dict/words ● GGvxb.e7YgnIg decrypt
- 13. decrypt
- 14. decrypt
- 15. Brute force ● http://pvanhoof.be/files/bruteforce.c ● import itertools
- 16. Brute force ● http://pvanhoof.be/files/bruteforce.c ● import itertools Z
- 17. APIs ● socket API 跟 C 用起來幾乎一模一樣 ● ctypes 標準庫提供 C/dll/so 跨接的橋樑 ● 物件、流程控制等可省下更多時間
- 18. Hacking Skype ●main.db ● 你想要的通通都在這邊 (? ● 聯絡人、聊天紀錄 ... 等 ● Unix like 系統很棒的
- 19. Lots of tools ● http://www.dirk-loss.de/python-tools.htm scapy dpkt Immunity Debugger IDAPython Lldb (llvm's debugger) …...
- 20. python-nmap ● http://xael.org/norman/python/python-nmap/ ● Nmap 工具的 Python binding ● 搭配 IPython shell 一同服用 ● GPL licensed
- 21. Inspired by ●Nicolle Neulist: Write your own tools with python! Derbycon2012 ●Gray Hat Python: Python Programming for Hackers and Reverse Engineers ●Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers