11 Programing With Python and Create Script For Hacking, Free Hacking Complete Course Step By Step

-
Free Hacking Complete Course Step By Step

Python Scripting For Hacking 

Linux systems typically come with interpreters for other scripting languages such as Python and Perl. Interpreters for both languages are included in Kali Linux. In upcoming blogs, we’ll use Python to write our own exploit code. For now, let’s write a simple Python script and run it in Kali Linux just to demonstrate the basics of Python scripting.

For this example we’ll do something similar to our first Netcat example in upcoming blogs. We’ll attach to a port on a system and see if the port is listening. A starting point for our script is shown here.

#!/usr/bin/python (1)
ip = raw_input("Enter the ip: ") (2)
port = input("Enter the port: ") (3)

In the previous section, the first line of our script told the terminal to use Bash to interpret the script. We do the same thing here, pointing to the Python interpreter installed on Kali Linux at /usr/bin/python (1).

We’ll begin by prompting the user for data and recording input into variables. The variables will store the input for use later in the script. To take input from the user, we can use the Python function raw_input (2). We want to save our port as an integer, so we use a similar built-in Python function, input, at (3). Now we ask the user to input an IP address and a port to test.

After saving the file, use chmod to make the script executable before running the script, as shown here.

root@kali:~/mydirectory# chmod 744 pythonscript.py
root@kali:~/mydirectory# ./pythonscript.py
Enter the ip: 192.168.20.10
Enter the port: 80

When you run the script, you’re prompted for an IP address and a port, as expected. 
Now we will add in some functionality to allow us to use the user’s input to connect to the chosen system on the selected port to see if it is open Listing.

#!/usr/bin/python
import socket (1)
ip = raw_input("Enter the ip: ")
port = input("Enter the port: ")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) (2)
if s.connect_ex((ip, port)): (3)
print "Port", port, "is closed" (4)
else: (5)
print "Port", port, "is open"

To perform networking tasks in Python, we can include a library called socket using the command import socket (1). The socket library does the heavy lifting for setting up a network socket.

The syntax for creating a TCP network socket is socket.socket(socket.AF_ INET, socket.SOCK_STREAM). We set a variable equal to this network socket at (2).

Connecting to a Port

When creating a socket to connect to a remote port, the first candidate available from Python is the socket function connect. However, there is a better candidate for our purposes in the similar function, connect_ex. According to the Python documentation, connect_ex is like connect except that it returns an error code instead of raising an exception if the connection fails. If the connection succeeds, connect_ex will return the value 0. Because we want to know whether the function can connect to the port, this return value seems ideal to feed into an if statement.

if Statements in Python

When building if statements in Python, we enter if condition:. In Python the statements that are part of a conditional or loop are denoted with indentations rather than ending markers, as we saw in Bash scripting. We can instruct our if statement to evaluate the returned value of the connection of our TCP socket to the user-defined IP address and port with the command if s.connect_ex((ip, port)): (3). If the connection succeeds, connect_ex will return 0, which will be evaluated by the if statement as false. If the connection fails, connect_ex will return a positive integer, or true. Thus, if our if statement evaluates as true, it stands to reason that the port is closed, and we can present this to the user using the Python print command at (4). And, as in the Bash scripting example, if connect_ex returns 0 at (5), we can use an else statement (the syntax is else: in Python) to instead inform the user that the tested port is open.

Now, run the updated script to test whether TCP port 80 is running on the Windows XP target host as shown here.

root@kali:~/# ./pythonscript.py
Enter the ip: 192.168.20.10
Enter the port: 80
Port 80 is open

According to our script, port 80 is open. Now run the script again against port 81.

root@kali:~/# ./pythonscript.py
Enter the ip: 192.168.20.10
Enter the port: 81
Port 81 is closed

This time, the script reports that port 81 is closed.

NOTE : We will look at checking open ports in upcoming blogs, and we will return to Python scripting when we study exploit development. Kali Linux also has interpreters for the Perl and Ruby languages. We will learn a little bit of Ruby in upcoming blogs. It never hurts to know a little bit of multiple languages. If you are up for a challenge, see if you can re-create this script in Perl and Ruby.

Writing and Compiling C Programs

Time for one more simple programming example, this time in the C programming language. Unlike scripting languages such as Bash and Python, C code must be compiled and translated into machine language that the CPU can understand before it is run.

Kali Linux includes the GNU Compiler Collection (GCC), which will allow us to compile C code to run on the system. Let’s create a simple C program that says hello to a command line argument, as shown in Listing.

#include <stdio.h> (1)
int main(int argc, char *argv[]) (2)
{
    if(argc < 2) (3)
        {
            printf("%s\n", "Pass your name as an argument"); (4)
            return 0; (5)
        }
    else
        {
            printf("Hello %s\n", argv[1]); (6)
            return 0;
        }
}

The syntax for C is a bit different from that of Python and Bash. Because our code will be compiled, we don’t need to tell the terminal which interpreter to use at the beginning of our code. First, as with our Python example, we import a C library. In this case we’ll import the stdio (short for standard input and output) library, which will allow us to accept input and print output to the terminal. In C, we import stdio with the command #include <stdio.h> (1).

Every C program has a function called main (2) that is run when the program starts. Our program will take a command line argument, so we pass an integer argc and a character array argv to main. argc is the argument count, and argv is the argument vector, which includes any command line arguments passed to the program. This is just standard syntax for C programs that accept command line arguments. (In C, the beginning and end of functions, loops, and so on are denoted by braces {}.)

First, our program checks to see if a command line argument is present. The argc integer is the length of the argument array; if it is less than two (the program name itself and the command line argument), then a command line argument has not been given. We can use an if statement to check (3).

The syntax for if is also a little different in C. As with our Bash script, if a command line argument is not given, we can prompt the user with usage information (4). The printf function allows us to write output to the terminal. Also note that statements in C are finished with a semicolon (;). Once we’re through with our program, we use a return statement (5) to finish the function main. If a command line argument is supplied, our else statement instructs the program to say hello (6). (Be sure to use braces to close all of your loops and the main function.)

Before we can run our program, we need to compile it with GCC as shown here. Save the program as cprogram.c.

root@kali:~# gcc cprogram.c -o cprogram

Use the -o option to specify the name for the compiled program and feed your C code to GCC. Now run the program from your current directory. If the program is run with no arguments, you should see usage information as shown here.

root@kali:~# ./cprogram
Pass your name as an argument

If instead we pass it an argument, in this case our name, the program tells us hello.

root@kali:~# ./cprogram Accused Hacking
Hello Accused Hacking

NOTE : We will look at another C programming example in upcoming blogs, where a little bit of
sloppy C coding leads to a buffer overflow condition, which we will exploit.

Summary

In this blog we’ve looked at simple programs in three different languages. We looked at basic constructs, such as saving information in variables for later use. Additionally, we learned how to use conditionals, such as if statements, and iterations, such as for loops, to have the program make decisions based on the provided information. Though the syntax used varies from programming language to programming language, the ideas are the same.

In our last blog we learn How Programing With Bash And Create A Script For Hacking, our next tops will be learn about How Using the Metasploit Framework For Hacking and pentest's attacks which we will attack. If you have not followed us yet, then do so so that you do not miss the upcoming topics. Click Here To Read Our Blogs From Getting Started.

Comments

Post a Comment

Popular posts from this blog

14 Creating Standalone Payloads with Msfvenom, Free Hacking Complete Course Step By Step

-
Image
Free Hacking Complete Course Step By Step Creating Standalone Payloads with Msfvenom In 2011, Msfvenom was added to Metasploit. Before Msfvenom, the tools Msfpayload and Msfencode could be used together to create standalone encoded Metasploit payloads in a variety of output formats, such as Windows executables and ASP pages. With the introduction of Msfvenom, the functionality of Msfpayload and Msfencode was combined into a single tool, though Msfpayload and Msfencode are still included in Metasploit. To view Msfvenom’s help page, enter msfvenom -h . So far with Metasploit, our goal has been to exploit a vulnerability in the target system and take control of the machine. Now we’ll do something a little different. Instead of relying on a missing patch or another security issue, we are hoping to exploit the one security issue that may never be fully patched: the users. Msfvenom allows you to build standalone payloads to run on a target system in an attempt to...
Read more

3 Configuring the Network for Virtual Machine, Hacking Complete Free Course Step By Step

-
Image
Hacking Free Complete Course Step By Step Configuring the Network for Virtual Machine After installing Kali Linux as a Virtual machine we must configuring the network for virtual machine because we’ll be using Kali Linux to attack our target systems over a network, we need to place all our virtual machines on the same virtual network. VMware offers three options for virtual network connections:   Bridged  NAT Host only.   You should choose the bridged option, but here’s a bit of information about each: The bridged network connects the virtual machine directly to the local network using the same connection as the host system. As far as the local network is concerned, our virtual machine is just another node on the network with its own IP address. NAT, short for network address translation, sets up a private network on the host machine. The private network translates outgoing traffic from the virtual machine to the local network. On the local network, traffic from the virt...
Read more

2 How to Create and Use Virtual Machines For Hacking, Hacking Complete Free Course Step By Step

-
Image
Hacking Free Complete Course Step By Step How to Create and Use Virtual Machines For Hacking Virtual machines allow you to run an operating system in an app window on your desktop that behaves like a full, separate computer. You can use them play around with different operating systems, run software your main operating system can’t, and try out apps in a safe, sandboxed environment. There are several good free virtual machine (VM) apps out there, which makes setting up a virtual machine something anybody can do. You’ll need to install a VM app, and have access to installation media for the operating system you want to install. What’s a Virtual Machine? A virtual machine app creates a virtualized environment—called, simply enough, a virtual machine—that behaves like a separate computer system, complete with virtual hardware devices. The VM runs as a process in a window on your current operating system. You can boot an operating system installer disc (or live CD) inside the...
Read more