Python has become the industry standard for vulnerability development field, the reader will find that most of the concept of verification tools are written in Python (except written in Ruby security vulnerability detection tool). Python scripting allows developers to write remote service, deal with binary files, and C language library (or the Java Jython / .Net's IronPython) in a fast and simple way to interact. It is a huge standard library "built-in battery" principle, eliminating the need for the development of dependence on other frameworks or languages.
Xiao Bian finishing a set of Python data and PDF, need to learn Python learning materials can be added to the group: 631 441 315, anyway idle is idle it, it is better to learn a lot friends ~ ~
I want readers to share personal Python programming experience, you may find these future work to help make the world a safer place several (Note: Most of the examples based on Python3.0 later write, some can be compatible python all branches).
1. Environment Configuration
For most projects or you want to write the script, we recommend readers the best all depend on the same location (in addition to rely only used in some special projects). In order to meet these requirements, the need to use a tool called virtualenv (Python3.3 already includes the tool) This tool has a simple function, that is, on the basis of the global environment is not disrupted, generating independent of your Python project surroundings:
Method # generate a new environment is as follows:
$ virtualenv <path to the new environment>
# or above Python3.3 environment:
$ python3 -mvenv <path to the new environment>
# prior to use in this environment, you must first activate it:
$ source <path to the new environment of> / bin / of an activate
# ban the environment is also very simple:
$ deactivate
2. Installation dependencies
Many times readers will find, with the personal tools to prepare a large python python library community can help us quickly get results. You can install these libraries by personal management software package or available python Package Manager, which is the most authoritative pip tool. With pip, you can install these global dependencies (#pip install), or per-user installation (
pip install). Readers can manually release personal use Package Manager, or library-based Python3.4 provided pip installation package.
There is a basic package python called iPython, usually I'm not 100% sure how to solve the current task, when you want to try to do the experiment, I will install the dependencies. IPython is a common python command line, which is based in Python, has the following characteristics:
Dynamic object introspection
Tab completion by local namespace
Ongoing history
Session Log
Path completion
JIT debugger
Auto-indenting
As usual, installation is simple via pip: $ pip install ipython
If you want to create tutorials or other text files, notebooks characteristics ipython the (now provided by the jupyter) allows users personal IPython browser and command line interaction, including markdown, mathjax, matplotlib tools such support.
(They can be used by installing jupyter (pip install jupyter), open notebook service by (jupyter notebook)).
If readers need to interact with HTTP services including JSON / XML and I recommend especially useful requests dependent libraries. The python library can handle all types of operations and interactive web facing, such as encoding, decoding, parameters, markers, and redirection. For example, resource request and parsing a JSON code is as follows:
r = requests.get('https://api.github.com/user', auth=('user', 'pass'))
r.json()
{u'private_gists': 419, u'total_private_repos': 77, ...}
Most HTML parsing and interactive work can be handed over BeautifulSoup library, python library that can handle HTML input on any current browsers, including repair damaged codes.
3. interact with the network
Most of our goals are likely to get on the network, installed standard library already contains a general, useful python library, here I be a brief introduction. socket module is based on a BSD socket API thin wrapper, which is available in all of the general purpose operating system.
So if you already have programming experience in C language socket, you can easily translate your code into python code. There are many special convenience functions, such as create_connection function can create a TCP socket, the machine and the establishment of a given host or connection port. Another package is sendall method, some data is given only when all the data are sent, or an error occurs in the transmission line in order, and sendall ways to try to retransmit the data.
from __future__ import unicode_literals
import socket
s = socket.create_connection(('www.ernw.de', 80))
s.sendall(b'GET / HTTP/1.1
Host: www.ernw.de
')
print(s.recv(1024))
TSL encryption to increase the link is very simple:
from __future__ import unicode_literals
import socket
import ssl
s = socket.create_connection(('www.ernw.de', 443))
s = ssl.wrap_socket(s)
s.sendall(b'GET / HTTP/1.1
Host: www.ernw.de
')
print(s.recv(1024))
In the above-described functions may be implemented in connection has been used:
from __future__ import unicode_literals
import socket
import ssl
s = socket.create_connection(('smtp.example.com', 25))
s.sendall(b'HELO smtp.example.com
STARTTLS
')
print(s.recv(1024))
s = ssl.wrap_socket(s)
s.sendall(b'MAIL FROM:<[email protected]>
')
print(s.recv(1024))
How you do not need these low-level service interactions, and some high-level modules can provide interactive services:
smtplib
ftplib
poplib
IMAP
httplib (Python 3 or later http client)
nntplib
telnetlib (developed and applied to the service after the required interactive command line session)
xmlrpclib (Python 3 or later xmlrpc clients)
4. The binary coding operation or
When developing scripts to interact with the service or file, you often find that you need to convert data to a different format or encoding. In Python2.x version, encode or decode method is generally used to convert between the different string formats.
"Hello World".encode("hex")
"AAA=".decode("base64")
Unfortunately, this shortcut was canceled in Python3.x version, encode and decode the current method can only be realized character encodings, such as utf-8, cp1250, iso8859, big5 and so on.
As an alternative, you can only use two methods bytes type of hex code:
bytes.fromhex ( '414 141')
b'AAA'.hex () # start from Py3.5
For Base64 encoding, you need to use additional modules (also in Python2.x version):
import base64
base64.b64encode(b'Hello World')
import codecs
codecs.encode(b'Hello World', 'base64')
import binascii
binascii.b2a_base64(b'Hello World')
URLs can be coding or parsing module for urllib.parse (Python2.x version is the urllib)
from urllib.parse import quote_plus, unquote_plus
quote_plus('Hello World+1=1337') # Hello+World%2B1%3D1337
unquote_plus('Hello+World') # Hello World
Python common data type (e.g., int, float, str) and general conversion between binary, may be implemented in stuct module:
import struct
struct.pack('<I', 1337) # convert the integer 1337 into its little endian, 32 bit representation
struct.unpack('<I', b'')[0] # returns tuple of results -> get only the first result
struct.unpack('<I4s', b'Test') # returns (16, b'Test')
Python3.2 can also use an int direct access to its binary representation:
a = 1337
a.to_bytes(4, 'little') # 32 bit little endian
a.to_bytes(2, 'big') # 16 bit big endian
int.from_bytes(b'', 'little') # 16
There is also a special bar features ctypes module, if you will cpython as interpreter (we are usually so), you can use C ctypes.Structure structured description language, get their binary representation, as if from a C application Like the dump.
from ctypes import *
import io
class TestStructure(Structure):
_fields_ = (('foo', c_int), ('bar', c_char))
t = Test()
t.foo = 1337
t.bar = b'A'
b = io.BytesIO()
b.write(t)
b.seek(0)
print(b.getvalue()) # 9A
t2 = Test()
b = io.BytesIO(b'B')
b.readinto(t2)
print(t2.foo) # 16
print(t2.bar) # B
ctypes module is usually a bridge between Python assembly language and C libraries do not need to write any Python wrapper. With ctypes module, you can use any C language library and its output functions:
from ctypes import *
libc = ctypes.CDLL('libc.so.6')
libc.printf(b'Hello World
')
Structure type mentioned above is mainly used for interactive C language libraries, or obtain the transfer function of the structure during the call.
5. Vulnerability Development Tools
Many CTF organizations to provide their own solutions framework of CTF, I found pwntools framework from Gallopsled particularly useful, especially when developing remote elf binary, it contains many convenient functions, such as displacement calculation (by cyclic mode), character formatting development string (normal feed data and generating a formatted string), a combination of a jump (elf based parse ropgadget generate simple binary and providing a call jump wrapper combination), and all transmission channels of different API (referred to as a pipe). These allow readers to develop back-end compiler gdb, but simply change one line of code can be transferred to the target service.
PWN * Import from
R & lt gdb.debug = ( './ Level3')
# = R & lt Remote (the IP, PORT) # in order to make a remote interactive interface, the first comment
r.recvuntil ( ':')
r.sendline (EXPLOIT )
r.interactive () # open an interactive session