Read Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Online

Authors: TJ O'Connor

Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers (32 page)

Index

Note
: Page numbers followed by “f” and “t” indicate figures and tables respectively

Administrative network share (ADMINS),
67

ADMINS.
See
Administrative network share

airmon-ng start wlan
0 command,
172

Anonymous email,
236
–
237

crafting,
237
,
239
–
241

local email server,
238
–
239

malicious spam email sending,
241
–
242

phishing with Smtplib,
239

using Smtplib,
237
–
238

Application artifact investigation,
100

See also
Python

Firefox sqlite3 databases,
108
–
116

Skype database queries,
108

using Python to,
102

using sqlite3 to,
102
,
107
–
108

Skype sqlite3 database,
100
–
102

BackTrack distribution,
4

BeautifulSoup, image downloading with,
96
–
97

BlueBug attack,
208

BlueBugging phone,
208
–
209

Bluetooth

worm,
208

installing Python Bluetooth packages,
173
–
174

Paris Hilton not hacked by,
208

Bluetooth RFCOMM channel scanning

Bluetooth service discovery profile,
206

dubbed BlueBug,
205

RFCOMM connections,
206

unauthenticated channels,
205
–
206

Bridging FTP and web

anonymous FTP server with Python,
57

infected server,
56

k985ytv attack,
56

user credentials

bruteLogin() function,
58

finding account with password guest,
59

web page malicious injection,
60

index.html page downloading,
62

injectPage() function,
61

vulnerable client,
60
–
61

wrapping entire attack

attack() function,
62

fake Antivirus propagation,
66

k985ytv infection,
62
–
65

script against vulnerable FTP,
65

Brute force

password brute force,
48

remote process execution,
71

Built-in OS module,
18
–
20

Built-in sys module,
17
–
18

Butler, Max Ray,
171
–
172

Cabir,
208

C-style shellcode,
247
–
248

Cambridge Silicon Radio (CSR),
174

Catching Wordpress cookie reuse,
199
–
201

Conficker,
66

See also
Morris worm

Python interaction with Metasploit

Meterpreter process,
70

using Nmap-Python module,
69

remote process execution brute force,
71

Windows SMB service attacking

using Metasploit,
67
–
68

system exploitation,
68
–
69

wrapping entire script,
71
–
74

Conficker’s domain flux,
150

detection with Scapy,
153
–
154

consolidated.db
,
116
–
117

cookies.sqlite
,
109
–
110

Crafting 802.11 frames

emergency-land command,
194
–
195

injectCmd() method,
193
–
194

IP length field,
192
–
194

using Scapy,
192

Crypt() function,
22

CSR.
See
Cambridge Silicon Radio

ctypes,
247
–
248

Cuckoo’s Egg, The,
20
–
21

Cyber Fast Track program,
24

Cyber-attack

evading antivirus programs

C-style shellcode,
247
–
248

Metasploit framework,
246
–
247

Pyinstaller,
248
–
249

TCP port 1337,
249

evasion verification

using default Metasploit encoder,
254
–
255

malicious file,
250

printing detection rate string,
252
–
254

using Python,
255

uploaded file analysis,
250
–
251

Flame,
245
–
246

datetime()
method,
101
–
102

DDoS.
See
Distributed denial of service

De-cloaking hidden 802.11 networks,
188
–
189

Dictionaries,
9

discover_devices()
function,
201

Distributed denial of service (DDoS),
93

DNS.
See
Domain name service

DNS Question Record (DNSQR),
150
–
151

DNS Resource Record (DNSRR),
150
–
151

Domain name service (DNS),
149

downloads.sqlite
file,
108
–
109

Exception handling,
10
–
12

Exchange image file format (Exif),
95
–
96

Exif.
See
Exchange image file format

Exif metadata,
95
–
96

reading,
97
–
100

Fast-flux,
149

File I/O,
16
–
17

File Transfer Protocol (FTP),
56
,
184

client programs,
57
–
58

searching web pages on,
59
–
60

server,
10

Firefox sqlite3 databases,
108
–
116

FireSheep,
196
–
197

catching Wordpress cookie reuse,
199
–
201

detection,
196
–
197

Wordpress session cookies,
198
–
199

Flame,
245
–
246

Foiling IDS, with scapy,
162
–
168

alerts,
163
–
164

analyzing logs from,
165
–
168

with scapy,
162

Forensic investigations,
81
–
82

application artifacts investigation,
100

automate Skype database queries,
102
–
108

parsing Firefox sqlite3 databases,
108
–
116

Skype sqlite3 database,
100
–
102

deleted item recovery using Python in,
89

using OS module,
90

SID correlation to user,
90
–
93

iTunes mobile backups investigation,
116
–
122

metadata,
93

Exif metadata,
95
–
96

image downloading,
96
–
97

using PyPDF to parse PDF metadata,
93
–
95

reading Exif metadata from,
97
–
100

solving BTK murders,
81
–
82

wireless access points analysis,
82
–
83

MAC address submitting to Wigle,
85
–
89

Windows Registry reading using WinReg,
83
–
85

FTP.
See
File Transfer Protocol

FTP credentials,
184

FTP credential sniffer,
186

intercept FTP logons,
185
–
186

intercepted user credentials,
184

USER and PASS,
184
–
185

Geo-location

information,
82
–
83
,
97
–
98

Wi-Fi positioning,
85

Google Earth,
134

Hashed password value,
22

haslayer() function,
152

hciconfig
config command,
174

Hidden network 802.11 beacon detection,
187
–
188

Half-open scan.
See
TCP Syn scan

Iceman.
See
Butler, Max Ray

IDS.
See
Intrusion detection system

Intercepting traffic,
189
–
192

Internet browsing,
212
–
213

anonymize function,
218
–
219

cookies,
216

Mechanize’s primary class,
212
–
213

proxy servers,
214
–
215

user-agent,
215
–
216

Internet Protocol address (IP address),
126
–
127

Internet Protocol traffic (IP traffic),
126
–
127

using Dpkt,
128
–
129

Scapy packet manipulation,
128

using PyGeoIP,
127
–
128

Internet Relay Chat (IRC),
137

Interpreted and interactive Python relationship

See also
Python

methods and functions,
6

new script,
6

program,
6

Python interpreter,
5
–
6

semantics,
6

statement execution process,
6

Intrusion detection system (IDS),
41
–
42
,
162

alerts,
163
–
164

analyzing logs from,
165
–
168

with scapy,
162

IP address.
See
Internet Protocol address

IP traffic.
See
Internet Protocol traffic

IRC.
See
Internet Relay Chat

iTunes mobile backups investigation

consolidated.db
,
116
–
117

database schema,
118

file characters,
117

using
file
command,
118

using
isMessageTable()
function,
119

messages
table,
118
–
119

mobile backup directory,
118
–
119

mobile directory backup,
117

printMessage()
function,
120
–
122

SQLite database,
118

text message storage,
122

UNIX commands,
117
–
118

user performs,
117

Kevin Mitnick

and sequence prediction,
154
–
162

sequence number,
157
–
159

spoofing,
159
–
162

SYN flood,
155
–
156

Linux libraries,
5

List data structure in Python,
8
–
9

Listening for 802.11 probe requests,
186
–
187

Low Orbit Ion Cannon (LOIC),
54
,
135

DDoS attack

identification,
139
–
140
,
142
–
143

TCP packets,
138
–
139

download,
135
–
136

operation modes,
135

parsing IRC commands,
137
–
138

Mechanize library,
86
–
87

Mechanize’s primary class,
212
–
213

Metadata,
93

anonymous’ metadata fail,
93

BeautifulSoup, image downloading with,
96
–
97

Exif metadata,
95
–
96

reading,
97
–
100

PDF metadata parsing using PyPDF,
93
–
95

Metasploit, Windows SMB service attacking,
67
–
68

Metasploit, Python interaction with

Meterpreter process,
70

using Nmap-Python module,
69

Metasploit encoder, in cyber-attack,
254
–
255

Metasploit framework,
246
–
247

Meterpreter process,
69
–
70

mon0
adapter,
172

Morris worm,
56
–
66

Other books

Operation Gadgetman! by Malorie Blackman

Couples Who Kill by Carol Anne Davis

Saints and Assassins (The Sentinels) by Hunter, Melinda

Those That Wake 02: What We Become by Jesse Karp

Rollover by James Raven

Absolutely Unforgivable by Tracy Tegan

Those Who Forget the Past by Ron Rosenbaum

Somebody Wonderful by Rothwell, Kate

Jamie Brown Is NOT Rich by Adam Wallace

Death in Summer by William Trevor