Table of Contents

Black Hat Python

Return to Python Security, Ethical Hacking, Cybersecurity, Pentesting

Black Hat Python: Python Programming for Hackers and Pentesters

Table of Contents

About the Author

About the Technical Reviewers

Foreword

Preface

Acknowledgments

1. Setting Up Your Python Environment

Installing Kali Linux

WingIDE

2. The Network: Basics

Python Networking in a Paragraph

TCP Client

UDP Client

TCP Server

Replacing Netcat

Kicking the Tires

Building a TCP Proxy

Kicking the Tires

SSH with Paramiko

Kicking the Tires

SSH Tunneling

Kicking the Tires

3. The Network: Raw Sockets and Sniffing

Building a UDP Host Discovery Tool

Packet Sniffing on Windows and Linux

Kicking the Tires

Decoding the IP Layer

Kicking the Tires

Decoding ICMP

Kicking the Tires

4. Owning the Network with Scapy

Stealing Email Credentials

Kicking the Tires

ARP Cache Poisoning with Scapy

Kicking the Tires

PCAP Processing

Kicking the Tires

5. Web Hackery

The Socket Library of the Web: urllib2

Mapping Open Source Web App Installations

Kicking the Tires

Brute-Forcing Directories and File Locations

Kicking the Tires

Brute-Forcing HTML Form Authentication

Kicking the Tires

6. Extending Burp Proxy

Setting Up

Burp Fuzzing

Kicking the Tires

Bing for Burp

Kicking the Tires

Turning Website Content into Password Gold

Kicking the Tires

7. Github Command and Control

Setting Up a GitHub Account

Creating Modules

Trojan Configuration

Building a Github-Aware Trojan

Hacking Python’s import Functionality

Kicking the Tires

8. Common Trojaning Tasks on Windows

Keylogging for Fun and Keystrokes

Kicking the Tires

Taking Screenshots

Pythonic Shellcode Execution

Kicking the Tires

Sandbox Detection

9. Fun with Internet Explorer

Man-in-the-Browser (Kind Of)

Creating the Server

Kicking the Tires

IE COM Automation for Exfiltration

Kicking the Tires

10. Windows Privilege Escalation

Installing the Prerequisites

Creating a Process Monitor

Process Monitoring with WMI

Kicking the Tires

Windows Token Privileges

Winning the Race

Kicking the Tires

Code Injection

Kicking the Tires

11. Automating Offensive Forensics

Installation

Profiles

Grabbing Password Hashes

Direct Code Injection

Kicking the Tires

Updates

Index


© 1994 - 2024 Cloud Monk Losang Jinpa or Fair Use. Disclaimers

SYI LU SENG E MU CHYWE YE. NAN. WEI LA YE. WEI LA YE. SA WA HE.