Dear PenTest Readers,
This month we would like to provide you with a number of practical content. Python’s popularity among hackers is unquestionable at the moment and it is certain that this trend will be only getting stronger in the near future. It’s easiness, versatility and practicality makes it attractive to everyone who values quick and efficient solutions. Python’s potential to apply the desired solutions in a truly compact mode is nothing but impressive. Its popularity is a result of accessibility in usage, and popularity implies more accessibility. Therefore, we are dealing with some kind of perpetuum mobile here. The amount of Python-based pentesting tools on GitHub is just immense and will undoubtedly continue to grow, as well as its third-party libraries. According to the report of Imperva, published on September 26th, 77% of the websites that they have been monitoring was attacked with a Python-based tool*. Thus, Python’s place in hackers’ hearts is the fact that can not be disregarded.
In the current issue, we are happy to present you the content on hacking with Python. Advanced Persistent Threat, Fuzzing, Automation, and Cryptography are some of the aspects that we would like to draw your attention to, with the articles of our amazing contributors. As usual, there are also articles, case studies, and tutorials on other interesting topics.
Looking for the best way to end this short introduction, we believe that it is appropriate to quote one of the Monty Python’s lines, as the name of our main subject this month is a tribute to this remarkable comedy group :)
“Ladies and gentlemen, we apologize that the film wasn't as long as we had anticipated. Therefore, there will be a short interval. In the meantime, we'll show you a film starring a man with a tape recorder up his nose.”
Without further ado,
Enjoy the content!
PenTest Magazine’s Editorial Team.
Table of Contents
APT In Action - Advanced Python Programming
by Boumediene Kaddour
If you are a penetration tester or incident responder, you should have asked yourself a question while conducting a penetration test project or responding to a massive attack, where “off-the-shelf” tools did not achieve what you were expecting, why did this tool fail to exploit this clear as blue vulnerability, and how can I move fast to provide a POC to my customer who’s paying me to emulate such a threat? Or how can I retrieve these forensics artifacts from this operating system before the case goes cold? The answer to the aforementioned questions is to develop your own tools using a fully featured, easy to use programming language like Python.
The Hacker’s Offensive Language
by Yehia Mamdouh
Python is a hacker’s favorite language that allows them to build their offensive tools, which provides efficiency while doing penetration testing and save time, and of course decrease complexity rather than using low level languages like C, C++, etc., and allow you to build your own exploits or automate reconnaissance and scanning process. Python has many native libraries that in turn reduce the number of lines of codes required along with thousands of third party libraries that can be used and are being developed all the time. In this article, you will learn the advanced techniques being used in penetration testing.
Using Python to Automate the Boring Stuff
by Eric Schultz
Overall, pen testing is fun. Mostly. One of the most annoying and time consuming parts is running various standard tools on the target and parsing the output. Fortunately, our buddy Python can help us out by automating some of the steps.
Python For Pentesters - Tutorial
by Dinesh Sharma
This Python for Pentesters article/tutorial aims to teach you how to apply the powerful Python language to security research, penetration testing and attack automation using a fully hands-on practical approach with a gradual learning curve. This article/tutorial has something for everyone – from the novice to the expert user! This article/tutorial is ideal for penetration testers, security enthusiasts and network administrators who want to learn to automate tasks or go beyond just using ready-made tools.
Penetration Testing with Python: Cryptography and Secure Hashing
by Nouha Ben Brahim and Ben Brahim
The SHA (Secure Hashing Algorithm) is a cryptographic function designed to keep data secured, it works by converting the data using a hash function: an algorithm consists of bitwise operations, modular additions, and compression functions. The hash function produces a fixed size string that looks very different from the original. Cryptographic hash functions are utilized in order to keep data secured by providing these necessary fundamental safety characteristics: pre-image resistance, second pre-image resistance, and collision resistance.
The Importance of Cyber Diplomacy
by Tawhidur Rahman
The world is becoming more networked and interconnected. This has created challenges such as cyber security, cyber espionage, privacy and Internet freedom. Governments around the world need to work together to shape cyberspace policy. To protect national interests and enhance the security of Internet users, there is a need for continued cyber diplomacy between countries.
Vulnerability Case Studies, Google Dorking and Social Engineering
by Bogdan Ethics
After reading the documentation, not the most unique solution was the use of standard logins, which was done. After that, without any problems we were in the admin panel of the banner system. I did not think for a long time without any serious problems that PHP shell code was injected into the project with the extension 1.php.jpg that worked without problems, since the system did not conduct any manipulations with the downloaded files except for checking for ".png, .jpg,. jpeg" at the end of the file.
Secure Code Review
by Nadia Benchika
Developing an application without taking in consideration secure functions that allow you to sanitize and validate user inputs might cause a high risk if attackers exploit this vulnerability. Those front-end interfaces are of course connected to database to stock all the user input provided. Database is the most important component of a web application, and it represents a lucrative target to the attackers, which lead us to secure everything stocked on it. However, dealing with database is also dealing with user input, that’s why sanitization and validation are very important to secure the application and the database as well.
Four Puzzling Issues of Identity Authentication
by Hitoshi Kokumai
If implemented literally, the so-called password-less authentication would lead us to a world where we are deprived of the chances and means to get our volition confirmed in having our identity authenticated. It would be a 1984-like world. The values of democratic societies are not compatible. Some people allege that passwords can and will be eliminated by biometrics or PIN. But logic tells that it can never happen because the former requires a password/PIN as a fallback means and the latter is no more than the weakest form of numbers-only password. Various debates over ‘password-less’ or ‘beyond-password’ authentications only make it clear that the solution to the password predicament could be found only inside the family of broadly-defined passwords.
How Real-world Wi-Fi Gets Hacked Using Weak Password Framing Structure
by Sudershan S.L.
The Wi-Fi authentication process is done by a four-way handshake mechanism, where the access point will send an ANonce packet to the client STA. Then the client generates a PTK (pairwise transient key) known as SNonce and an additional MIC (message integrity code) and sends it to the AP, then the AP replies with a GTK (group temporal key) and sends it along with a MIC, then the client finally closes the four-way handshake with an ACK (acknowledge) packet. The type of attack demonstrated here is by capturing the four-way handshake file and brute forcing it with the custom generated smart list.