Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
Authors: TJ O'Connor
A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
TJ O’Connor
Contributing Author Bio – Rob Frost
Technical Editor Bio – Mark Baggett
Introduction: A Penetration Test with Python
Setting Up Your Development Environment
Chapter 2. Penetration Testing with Python
Introduction: The Morris Worm—Would it Work Today?
Building an SSH BotNet with Python
Mass Compromise by Bridging FTP and Web
Conficker, Why Trying Hard is Always Good Enough
Writing Your Own Zero-Day Proof of Concept Code
Chapter 3. Forensic Investigations with Python
Introduction: How Forensics Solved the BTK Murders
Where Have You Been?—Analysis of Wireless Access Points in the Registry
Using Python to Recover Deleted Items in the Recycle Bin
Investigating Application Artifacts with Python
Investigating iTunes Mobile Backups with Python
Chapter 4. Network Traffic Analysis with Python
Introduction: Operation Aurora and How the Obvious was Missed
Where is that IP Traffic Headed?—A Python Answer
Is Anonymous Really Anonymous? Analyzing LOIC Traffic
How H D Moore Solved the Pentagon’s Dilemma
Storm’s Fast-Flux and Conficker’s Domain-Flux
Kevin Mitnick and TCP Sequence Prediction
Foiling Intrusion Detection Systems with Scapy
Chapter 5. Wireless Mayhem with Python
Introduction: Wireless (IN)Security and the Iceman
Setting up Your Wireless Attack Environment
The Wall of Sheep—Passively Listening to Wireless Secrets
Where Has Your Laptop Been? Python Answers
Intercepting and Spying on UAVs with Python
Stalking with Bluetooth and Python
Chapter 6. Web Recon with Python
Introduction: Social Engineering Today
Using the Mechanize Library to Browse the Internet
Scraping Web Pages with AnonBrowser
Research, Investigate, Discovery
Acquiring Editor
:
Chris Katsaropolous
Development Editor
:
Meagan White
Project Manager
:
Priya Kumaraguruparan
Designer
:
Russell Purdy
Syngress
is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
Copyright © 2013 Elsevier, Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website:
www.elsevier.com/permissions
.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-957-6
Printed in the United States of America
13 14 15 10 9 8 7 6 5 4 3 2 1
For information on all Syngress publications visit our website at
www.syngress.com
Elsevier, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.
Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement ®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Elsevier, Inc.“Syngress:The Definition of a Serious Security Library”TM, “Mission CriticalTM,” and “The Only Way to Stop a Hacker is to Think Like OneTM” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
In military slang, “watching your six” literally means keeping a look out behind you. While a patrol leader presses forward in the twelve o’clock direction, at least one of his teammates walks backward scouting the six o’clock position for dangers that the patrol leader cannot see. When I first approached my mentor about writing a book, he warned me that I could only do this if I had team members committed to watching my six. I pondered about those in my life that this massive endeavor would affect. Three seconds later, I knew that they were all strong enough.
To my technical editor, Mark Baggett, your endless technical revisions protected this book. To Dr. Reeves, Dr. Freeh, Dr. Jacoby, and Dr. Blair—thank you for picking up a young and angry army officer years ago and turning me into a non-traditional academic, capable of writing a book. To Dr. Fanelli, thank you for teaching me not to think outside of the box, but to rather use the box as a stepping stool to crawl out of the basement. To Dr. Conti, thank you for precisely manipulating me into Law 28. To my former students, especially the ninja collective of Alan, Alex, Arod, Chris, Christina, Duncan, Gremlin, Jim, James, Kevin, Rob, Steven, Sal and Topher—your creativity continues to inspire me.
To Rob Frost, thank you for writing a much more powerful chapter on web reconnaissance than I ever could. To Matt, Ryan, Kirk, Mark, Bryan, and Bill — thank you for understanding why I didn’t sleep the night before, and for watch ing positions 1 through 12. To my loving wife, my monkey and my ninja princess—thank you for providing me with your unconditional love, understanding, and support throughout this endeavor. To my parents, thank you for teaching me to value education. And to Dr. Cook—
tank on, brother
.
For my monkey and my ninja princess: anything is possible if you try hard enough.
TJ O’Connor is a Department of Defense expert on information security and a US Army paratrooper. While assigned as an assistant professor at the US Military Academy, TJ taught undergraduate courses on forensics, exploitation and information assurance. He twice co-coached the winning team at the National Security Agency’s annual Cyber Defense Exercise and won the National Defense University’s first annual Cyber Challenge. He has served on multiple red teams, including twice on the Northeast Regional Team for the National Collegiate Cyber Defense Competition.
TJ holds a Master of Science degree in Computer Science from North Carolina State, a Master of Science degree in Information Security Engineering from the SANS Technical Institute, and a Bachelor of Science degree in Computer Science from the US Military Academy. He has published technical research at USENIX workshops, ACM conferences, security conferences, the SANS Reading Room, the Internet Storm Center, the
Army Magazine
, and the
Armed Forces Journal
. He holds expert cyber security credentials, including the prestigious GIAC Security Expert (GSE) and Offensive Security Certified Expert (OSCE). TJ is a member of the elite SANS Red and Blue Team Cyber Guardians.
Robert Frost graduated from the United States Military Academy in 2011, commissioning into the Army Signal Corps. He holds a Bachelor of Science degree in Computer Science with honors, with his thesis work focusing on open-source information-gathering. Rob was individually recognized as one of the top two members of the national championship team for the 2011 Cyber Defense Exercise due to his ability to circumvent rules. Rob has participated in and won several cyber security competitions.
Mark Baggett is a Certified SANS Instructor, where he teaches several courses in SANS penetration-testing curriculum. Mark is the primary consultant and founder of In Depth Defense, Inc., which provides incident-response and penetration-testing services. Today, in his role as the technical advisor to the Department of Defense for SANS, Mark is focused on the practical application of SANS resources in the development of military capabilities.
Mark has held a variety of positions in information security for large international and Fortune 1000 companies. He has been a software developer, a network and systems engineer, a security manager, and a CISO. As a CISO, Mark was responsible for policy, compliance, incident response, and all other aspects of information security operations. Mark knows firsthand the challenges that information security professionals face today in selling, implementing, and supporting information security. Mark is an active member of the information security community and the founding president of the Greater Augusta ISSA. He holds several certifications, including SANS’ prestigious GSE. Mark blogs about various security topics at
http://www.pauldotcom.com
.
