Security and Privacy in a Networked World/Too easy to misuse

Allikas: KakuWiki
Mine navigeerimisribaleMine otsikasti

Nothing special

Hollywood movies tend to suggest that it takes Dr. Evil or some other nasty genius to be a cybercriminal. While some of it may be true for some kinds of attacks as well as for some well-defended targets, it is surprisingly simple to achieve significant results. Today's topic was inspired by the book Violent Python by TJ O'Connor - but similar easy recipes can also be found online.

But first, we need to learn a bit more about Python.

Python (continued)

Strings

Manipulation of strings (textual values) is a common task for security-related scripts in Python - e.g. a web page URL (web address), an IP address or a serial number are all handled as strings. Finding, extracting and relocating substrings (e.g. replace the last block of an IP address with another) are all common.

http://docs.python.org/2/library/stdtypes.html#string-methods

...

Modules

One of the strong points of Python is modularity - in addition to the pretty extensive standard library, one can link specific modules to his/her program to access a multitude of additional functions. The modules are linked to the program using the "import" directive:


socket

This module contains many handy tools to handle networking. While the full description is available here, let us just stop at some simple uses:

  • socket.socket() - in simple terms, defines a new network connection. To connect to a specific IP address and port, we need to define a connection to a variable like this:
import socket
netcon = socket.socket()
netcon.connect("192.168.1.10", 8080)

Functions

...

Some examples

Simple port scanner

...

Archive password cracker

...

Pärit leheküljelt "https://wiki.kakupesa.net/index.php?title=Security_and_Privacy_in_a_Networked_World/Too_easy_to_misuse&oldid=4057"