Security and Privacy in a Networked World/Too easy to misuse: erinevus redaktsioonide vahel
WikiHaldur (arutelu | kaastöö) |
WikiHaldur (arutelu | kaastöö) (→socket) |
||
24. rida: | 24. rida: | ||
This module contains many handy tools to handle networking. While the full description is available [http://docs.python.org/2/library/socket.html?highlight=socket#socket here], let us just stop at some simple uses: | This module contains many handy tools to handle networking. While the full description is available [http://docs.python.org/2/library/socket.html?highlight=socket#socket here], let us just stop at some simple uses: | ||
* socket.socket() - in simple terms, defines a new network connection. To connect to a specific IP address and port, we need to define a connection to a variable | * socket.socket() - in simple terms, defines a new network connection. To connect to a specific IP address and port, we need to define a connection to a variable. The following example defines a variable "netcon" and creates a connection to an FTP port of a local network computer: | ||
import socket | import socket | ||
netcon = socket.socket() | netcon = socket.socket() | ||
netcon.connect("192.168.1.10", | netcon.connect("192.168.1.10", 21) | ||
* | * recv() - asks for a given number of bytes from an open connection. E.g. the previous example may be added something like this: | ||
import socket | |||
netcon = socket.socket() | |||
netcon.connect("192.168.1.10", 21) | |||
reply = netcon.recv(1024) | |||
if ("Old FTP server SomeOldVersion" in reply): | |||
print "A good target!" | |||
else: | |||
print "Sorry, no luck." | |||
Note: some servers would refuse to answer but many will do it. Typically, the first kilobyte (1024 bytes) of the reply will contain some information about the server - and in many cases, this includes the name and version of the software in use. Now, combining this with a known vulnerability database like [http://www.securityfocus.com/ SecurityFocus] may produce a lot of possibilities. | |||
Also, most web servers tend to refuse connection or ignore it, resulting in timeout. However, other services (SSH, FTP, e-mail servers) are often more revealing. | |||
=== Functions === | === Functions === |
Redaktsioon: 24. märts 2014, kell 06:14
Nothing special
Hollywood movies tend to suggest that it takes Dr. Evil or some other nasty genius to be a cybercriminal. While some of it may be true for some kinds of attacks as well as for some well-defended targets, it is surprisingly simple to achieve significant results. Today's topic was inspired by the book Violent Python by TJ O'Connor - but similar easy recipes can also be found online.
But first, we need to learn a bit more about Python.
Python (continued)
Strings
Manipulation of strings (textual values) is a common task for security-related scripts in Python - e.g. a web page URL (web address), an IP address or a serial number are all handled as strings. Finding, extracting and relocating substrings (e.g. replace the last block of an IP address with another) are all common.
http://docs.python.org/2/library/stdtypes.html#string-methods
...
Modules
One of the strong points of Python is modularity - in addition to the pretty extensive standard library, one can link specific modules to his/her program to access a multitude of additional functions. The modules are linked to the program using the "import" directive:
socket
This module contains many handy tools to handle networking. While the full description is available here, let us just stop at some simple uses:
- socket.socket() - in simple terms, defines a new network connection. To connect to a specific IP address and port, we need to define a connection to a variable. The following example defines a variable "netcon" and creates a connection to an FTP port of a local network computer:
import socket netcon = socket.socket() netcon.connect("192.168.1.10", 21)
- recv() - asks for a given number of bytes from an open connection. E.g. the previous example may be added something like this:
import socket netcon = socket.socket() netcon.connect("192.168.1.10", 21) reply = netcon.recv(1024) if ("Old FTP server SomeOldVersion" in reply): print "A good target!" else: print "Sorry, no luck."
Note: some servers would refuse to answer but many will do it. Typically, the first kilobyte (1024 bytes) of the reply will contain some information about the server - and in many cases, this includes the name and version of the software in use. Now, combining this with a known vulnerability database like SecurityFocus may produce a lot of possibilities.
Also, most web servers tend to refuse connection or ignore it, resulting in timeout. However, other services (SSH, FTP, e-mail servers) are often more revealing.
Functions
...
Some examples
Simple port scanner
...
Archive password cracker
...