Members Get 10% Off and Earn Rewards Find Out More
Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

by Justin Seitz, Tim Arnold
Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters
Add to Wishlist
Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters

by Justin Seitz, Tim Arnold

Overview

Fully-updated for Python 3, the second edition of this worldwide bestseller (over 100,000 copies sold) explores the stealthier side of programming and brings you all new strategies for your hacking projects.

When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. In this second edition of the bestselling Black Hat Python, you’ll explore the darker side of Python’s capabilities: everything from writing network sniffers, stealing email credentials, and bruteforcing directories to crafting mutation fuzzers, investigating virtual machines, and creating stealthy trojans.

All of the code in this edition has been updated to Python 3.x. You’ll also find new coverage of bit shifting, code hygiene, and offensive forensics with the Volatility Framework as well as expanded explanations of the Python libraries ctypes, struct, lxml, and BeautifulSoup, and offensive hacking strategies like splitting bytes, leveraging computer vision libraries, and scraping websites.

You’ll even learn how to:
  • Create a trojan command-and-control server using GitHub
  • Detect sandboxing and automate common malware tasks like keylogging and screenshotting
  • Extend the Burp Suite web-hacking tool
  • Escalate Windows privileges with creative process control
  • Use offensive memory forensics tricks to retrieve password hashes and find vulnerabilities on a virtual machine
  • Abuse Windows COM automation
  • Exfiltrate data from a network undetected
When it comes to offensive security, you need to be able to create powerful tools on the fly. Learn how with Black Hat Python.

Product Details

ISBN-13: 9781718501126
Publisher: No Starch Press
Publication date: 04/14/2021
Pages: 216
Sales rank: 321,081
Product dimensions: 6.90(w) x 9.20(h) x 0.70(d)

About the Author

Justin Seitz is the president and co-founder of Dark River Systems Inc., where he spends his time shipping Hunchly (https://www.hunch.ly), consulting for hedge funds and doing OSINT research. He is the author of Gray Hat Python (No Starch Press), the first book to cover Python for security analysis.

Tim Arnold has worked as a professional Python software developer at the SAS Institute for more than 20 years. He contributes to several open source software projects and volunteers as a hacking trainer in his local community.

Table of Contents

Foreword xv

Preface xvii

Acknowledgements xix

1 Setting Up Your Python Environment 1

Installing Kali Linux 2

Setting Up Python 3

Installing an IDE 5

Code Hygiene 5

2 Basic Networking Tools 9

Python Networking in a Paragraph 10

TCP Client 10

UDP Client 11

TCP Server 12

Replacing Netcat 13

Kicking the Tires 17

Building a TCP Proxy 19

Kicking the Tires 24

SSH with Paramiko 26

Kicking the Tires 30

SSH Tunneling 30

Kicking the Tires 34

3 Writing a Sniffer 35

Building a UDP Host Discovery Tool 36

Packet Sniffing on Windows and Linux 36

Kicking the Tires 38

Decoding the IP Layer 38

The ctypes Module 39

The struct Module 41

Writing the IP Decoder 43

Kicking the Tires 45

Decoding ICMP 46

Kicking the Tires 50

4 Owning the Network With Scapy 53

Stealing Email Credentials 54

Kicking the Tires 57

ARP Cache Poisoning with Scapy 57

Kicking the Tires 62

pcap Processing 63

Kicking the Tires 69

5 Web Hackery 71

Using Web Libraries 72

The urllib2 Library for Python 2.x 72

The urllib Library for Python 3.x 73

The requests Library 74

The lxml and BeautifulSoup Packages 74

Mapping Open Source Web App Installations 76

Mapping the WordPress Framework 76

Testing the Live Target 80

Kicking the Tires 81

Brute-Forcing Directories and File Locations 82

Kicking the Tires 85

Brute-Forcing HTML Form Authentication 85

Kicking the Tires 90

6 Extending Burp Proxy 93

Setting Up 94

Burp Fuzzing 95

Kicking the Tires 101

Using Bing for Burp 104

Kicking the Tires 108

Turning Website Content into Password Gold 110

Kicking the Tires 113

7 Github Command and Control 117

Setting Up a GitHub Account 118

Creating Modules 119

Configuring the Trojan 120

Building a GitHub-Aware Trojan 121

Hacking Python's import Functionality 123

Kicking the Tires 124

8 Common Trojaning Tasks on Windows 127

Keylogging for Fun and Keystrokes 128

Kicking the Tires 130

Taking Screenshots 131

Pythonic Shellcode Execution 132

Kicking the Tires 134

Sandbox Detection 135

9 Fun With Exfiltration 139

Encrypting and Decrypting Files 140

Email Exfiltration 142

File Transfer Exfiltration 144

Exfiltration via a Web Server 145

Putting It All Together 149

Kicking the Tires 150

10 Windows Privilege Escalation 153

Installing the Prerequisites 154

Creating the Vulnerable BlackHat Service 154

Creating a Process Monitor 156

Process Monitoring with WMI 157

Kicking the Tires 158

Windows Token Privileges 159

Winning the Race 161

Kicking the Tires 164

Code Injection 164

Kicking the Tires 166

11 Offensive Forensics 169

Installation 170

General Reconnaissance 171

User Reconnaissance 173

Vulnerability Reconnaissance 176

The volshell Interface 177

Custom Volatility Plug-Ins 177

Kicking the Tires 182

Onward! 184

Index 185

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computer Programming
Programming Languages
Scripting Languages
Programming Languages * Python
Computers
Computer Programming
Programming Languages
Scripting Languages
Programming Languages * Python

Customer Reviews