Automate your pentests with Python (W24)

Description

After completing this course you will be able to: 

• Learn how do professional pentesters use Python to automate pentests and create exploits, scanners and fuzzers.
• Work with Metasploit from your auto-pentest scripts.
• Write your first basic application with given functionality.
• Write a script that goes through directories and checks file permission.
• Try to build your own simple proxy server. It should proxy all traffic by sniff trafic to predefined destinations. Additional task is to implement packet injection there.
  Write a script to check it for sql injections.
• Implement your script which is a PoC of well-known vulnerability.

How does does the training look like?

Twice in a month the instructor provides the students with the materials regarding the topic of this particular issue. Each portion of the delivered materials is gathered in a form of an in-depth article describing and explaining the topic. Additionally the instructor is sharing other media files, like videos, if applicable.
Except of the article, each lesson includes homework to test the gained knowledge and skills of the student. Once the homework is done, the student is sharing his results with the instructor and having a live chat with him in the appointed hours.
Additionally, for the course period, the instructor is available via e-mail for students to ask questions and confront their thoughts with the instructor.
The additional option of the courses is the possibility for the students to interact with themselves, seeking some support or just discussing some course related issues.

What will you need (course requirements, software & hardware):

For this course you will need a machine with Python 2.7+ installed (but not 3+).
It can be virtual machine or you can install Python on your main OS.
However I recommend using virtual environments. Examples in course are tested on Debian Linux and OSX 10.10.5 Yosemite.

What should you know before you join:

The second thing you need is the basic knowledge of Python programming language
because in this course assumed that you already know the basics – variables, operators, functions, etc.

Pre-course material:

Python language basics.
Introduction to interpreted languages
Data types
Variables
Expressions
Operators
Program structure
Functions
Concept of Classes and Objects
Modules and Packages
Running Python scripts in different environments
Files and directories access with Python                
Sockets
Implementing server
Implementing client
Making web server and client

Exercise.
a) Write your first basic application with given functionality.
b) Check given example and correct it to make it work properly.

COURSE SYLLABUS

What will you learn in this workshop

Module 1 – Using operating system features.

Topic 1: Debuggers
Topic 2: Methods of development
Topic 3: Working with binaries in Python
Topic 4: Linking together our tool and Metasploit
Topic 5: Metasploit plugins
Topic 6: RPC
Topic 7: Parsing metasploit results
Topic 8: Automation

Exercise.
a) Implement your script which is a PoC of well-known vulnerability. Links are in module
b) Write your own plugin to Metasploit. It can do whatever you want (or take the idea from the module)

Your instructor: Vladimir Korennoy

Head of Development of Information Security Systems at PentestIT.

Currently develops brand new SIEM system DataSafety.

DataSafety will present a new level of automating and provide easy connections with all popular security tools.