Transcription

Violent Python:Python in the dark sidedarkxPyCON.tw 2013

About a.k.a. xatier 平凡無奇的大學生 喜好自由軟體和資訊安全技術 Python 只是輔助 (?)

工商服務晚點 BoF 八號場地強者我學長 Dr. Ken講題『 Mining大大Interest Topics fromPlurk by using Python 』

最常拿 Python 來 .

We Love PythonEasy to Learn Easy to Read Easy to Hack (?)Cross platform Builtin tools Libraries

“This (Programming), of course, is thefundamental hacking skill. If you don't know anycomputer languages, I recommend starting withPython. It is cleanly designed, well documented,and relatively kind to beginners. Despite being agood first language, it is not just a toy; it is verypowerful and flexible and well suited for largeprojects. ”– How to become a hacker (ESR)

(compare to C) . “With today's machinesas powerful as they are, this is usually a badtradeoff — it's smarter to use a language thatuses the machine's time less efficiently, but yourtime much more efficiently. Thus, Python.”– How to become a hacker (ESR)

小試身手

decrypt

decryptimport cryptcrypt.crypt(word, salt) - stringword will usually be a user's password. salt is a 2character stringwhich will be used to select one of 4096 variations ofDES. The charactersin salt must be either ".", "/", or an alphanumericcharacter. Returnsthe hashed password as a string, which will becomposed of characters fromthe same alphabet as the salt.

decrypt Dictionary Attack /usr/share/dict/words GGvxb.e7YgnIg

decrypt

decrypt

Brute force http://pvanhoof.be/files/bruteforce.c import itertools

Brute force http://pvanhoof.be/files/bruteforce.c import itertoolsZ

APIs socket API 跟 C 用起來幾乎一模一樣 ctypes 標準庫提供 C/dll/so 跨接的橋樑 物件、流程控制等可省下更多時間

Hacking Skype main.db 你想要的通通都在這邊 (? 聯絡人、聊天紀錄 . 等 Unix like 系統很棒的

Lots of tools mmunity DebuggerIDAPythonLldb (llvm's debugger) .

python-nmap http://xael.org/norman/python/python-nmap/ Nmap 工具的 Python binding 搭配 IPython shell 一同服用 GPL licensed

Inspired by Nicolle Neulist: Write your own tools withpython! Derbycon2012 Gray Hat Python: Python Programming forHackers and Reverse Engineers Violent Python: A Cookbook for Hackers,Forensic Analysts, Penetration Testers andSecurity Engineers

Thank you