strategic security, inc. © http://www.strategicsec.com/ python 2014 python for it security...

Download Strategic Security, Inc. © http://www.strategicsec.com/ Python 2014 Python For IT Security Professionals By: Joe McCray

Post on 17-Jan-2016

233 views

Category:

Documents

2 download

Embed Size (px)

TRANSCRIPT

PowerPoint Presentation

Strategic Security, Inc. http://www.strategicsec.com/Python2014

Python For IT Security ProfessionalsBy: Joe McCray

Strategic Security, Inc. http://www.strategicsec.com/AgendaWho is This Course ForWhy PythonInstalling PythonProgramming BasicsPython Syntax Basics

Strategic Security, Inc. http://www.strategicsec.com/What is this course for?If you are an IT Security Professional and the thought of programming makes you nauseous

If youve tried to learn a programming language and felt like it was too much math or taught you nothing useful for your job

If you feel like you cant learn to program from a book

Strategic Security, Inc. http://www.strategicsec.com/Why Python?Python is considered by many to be one of the easiest languages to learn

Python runs on pretty much anything (Windows, Linux, Mac, tablets, phones)

Lots of modules so it has lots of functionality

Strategic Security, Inc. http://www.strategicsec.com/Python 2 vs 3We will be using Python 2.7.x for this course

Short version of the differences:https://wiki.python.org/moin/Python2orPython3

My rational:Almost all security tools are in 2.x (reference code)More tutorials cover 2.x (training materials)

Strategic Security, Inc. http://www.strategicsec.com/Lets get startedNo geekenesePrintingMathVariablesModules and Functions

Strategic Security, Inc. http://www.strategicsec.com/No Geekenese

A lot of computer scientists will be familiar with programming concepts such as:Turings PrimitivesProgramming LogicData Structures and AlgorithmsObject Oriented Programming

If you are like me then none of this stuff makes any sense to youI dont understand any of this stuff, and dont plan on tryingIm regular working stiff so that means that I like:AlcoholSportsBarbaquingMy weekends are no longer consumed with writing code or recompiling my kernel

We will focus on the jobcommon security tasks that working infosec professionals need to do on a regular basis

Strategic Security, Inc. http://www.strategicsec.com/Programming is simpleSkip programming logic lets keep this simple

Code can only do 3 things:ProcessingDecisionLooping

Strategic Security, Inc. http://www.strategicsec.com/Keep it simpleProcessingReadWriteMath

DecisionsIf/Then

LoopingForWhile

Strategic Security, Inc. http://www.strategicsec.com/Installing PythonWindows32-Bit Versionhttp://www.python.org/ftp/python/2.7.5/python-2.7.5.msi

64-Bit Versionhttp://www.python.org/ftp/python/2.7.5/python-2.7.5.amd64.msi

LinuxDebian/Ubuntu:sudo apt-get install -y pythonRHEL/CentOS/Fedora:sudo yum install -y python

Strategic Security, Inc. http://www.strategicsec.com/Choose Run

Strategic Security, Inc. http://www.strategicsec.com/Choose Next

Strategic Security, Inc. http://www.strategicsec.com/Select the install location

Strategic Security, Inc. http://www.strategicsec.com/Choose Next

Strategic Security, Inc. http://www.strategicsec.com/Select Yes

Strategic Security, Inc. http://www.strategicsec.com/Let it install

Strategic Security, Inc. http://www.strategicsec.com/Choose Finish

Strategic Security, Inc. http://www.strategicsec.com/Lesson 1: Simple PrintingPrinting>>> print "Today we are learning Python.

Math>>> 2+2>>> 6-3>>> 18/7

>>> 18.0/7

>>> 18.0/7.0

>>> 18/7

>>> 9%4

>>> 8%4

>>> 8.75%.5

>>> 6.*7

>>> 6*6*6

>>> 6**3

>>> 5**12

>>> -5**4

Strategic Security, Inc. http://www.strategicsec.com/Lesson 2: Simple Numbers and Math Math Continued>>> 18.0/7>>> 18.0/7.0>>> 18/7>>> 9%4>>> 8%4>>> 8.75%.5

Strategic Security, Inc. http://www.strategicsec.com/Lesson 2: Simple Numbers and Math Math Continued>>> 6.*7>>> 6*6*6>>> 6**3>>> 5**12>>> -5**4

Strategic Security, Inc. http://www.strategicsec.com/Lesson 3: VariablesVariables>>> x=18>>> x+15>>> x**3>>> y=54>>> x+y

Strategic Security, Inc. http://www.strategicsec.com/Lesson 3: VariablesVariables>>> g=input("Enter number here: ")43

>>> g+32

>>> g**3

Strategic Security, Inc. http://www.strategicsec.com/Lesson 4: Modules and Functions Functions>>> 5**4>>> pow(5,4)>>> abs(-18)>>> abs(5)>>> floor(18.7)Here we learn to use the pow(), power function and abs(), absolute value function.

23

Strategic Security, Inc. http://www.strategicsec.com/Lesson 4: Modules and Functions Modules>>> import math>>> math.floor(18.7)>>> math.sqrt(81)>>> joe = math.sqrt>>> joe(9)>>> joe=math.floor>>> joe(19.8)

Strategic Security, Inc. http://www.strategicsec.com/Lesson 5: How to Save ProgramsSaving Your ProgramRun "IDLE (Python GUI)"

File -> New Window

print "Python for InfoSec"

File -> Save as py4InfoSec.py

Run -> Run Module or Press "F5"

Strategic Security, Inc. http://www.strategicsec.com/Your TaskYour first task

Create a file name.py

x + raw_input("Enter name: ")print "Hey " + xraw_input("Press")

Run -> Run Module or Press "F5"

Strategic Security, Inc. http://www.strategicsec.com/Lesson 6: Strings Strings>>> "XSS">>> 'SQLi'>>> "Joe's a python lover">>> 'Joe\'s a python lover'>>> "Joe said \"InfoSec is fun\" to me">>> a = "Joe">>> b = "McCray">>> a, b>>> a+b

Strategic Security, Inc. http://www.strategicsec.com/ Lesson 7: More StringsMore Strings>>> num = 10

>>> num + 2

>>> "The number of open ports found on this system is " + num

>>> num = str(18)

>>> "There are " + num + " vulnerabilities found in this environment."

>>> num2 = 46

>>> "As of 08/20/2012, the number of states that enacted the Security Breach Notification Law is " + `num2`

Strategic Security, Inc. http://www.strategicsec.com/Lesson 8: Raw InputYour second taskRun "IDLE (Python GUI)"

File -> New Window

joemccray=input("Enter name: ")print joemccray

Run -> Run Module# Will throw an errororPress "F5"

File -> New Windowjoemccray=raw_input("Enter name: ")

Run -> Run Module

or

Press "F5"

NOTE: Use "input() for integers and expressions, and use raw_input() when you are dealing with strings.

Strategic Security, Inc. http://www.strategicsec.com/Lesson 9: Sequences and Lists Lists>>> attacks = ['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include']

>>> attacks['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include']

>>> attacks[3]'SQL Injection'

>>> attacks[-2]'Cross-Site Scripting'

Strategic Security, Inc. http://www.strategicsec.com/Level 10: If Statement If StatementRun "IDLE (Python GUI)"

File -> New Windowattack="SQLI"if attack=="SQLI":print 'The attacker is using SQLI'

Run -> Run Module or Press "F5"

Strategic Security, Inc. http://www.strategicsec.com/Level 10: If Statement If StatementRun "IDLE (Python GUI)"

File >> New Windowattack="XSS"if attack=="SQLI":print 'The attacker is using SQLI'

Run -> Run Module or Press "F5"

Strategic Security, Inc. http://www.strategicsec.com/Level 10: If Statement Enough fundamentals & syntaxHow about some real security stuffLets get started with log analysis

Strategic Security, Inc. http://www.strategicsec.com/Level 10: If Statement Intro to log parsing with PythonStart with grepLearn to read a fileLook for a value in a listPrompt for user input

Strategic Security, Inc. http://www.strategicsec.com/Lesson 11: Intro to Log Analysis Log AnalysisLogin to your StrategicSec Ubuntu machine (user: strategicsec pass: strategicsec)

sudo wget https://s3.amazonaws.com/SecureNinja/Python/access_log

cat access_log | grep 141.101.80.188

cat access_log | grep 141.101.80.187

cat access_log | grep 108.162.216.204

cat access_log | grep 173.245.53.160

Google the following terms:- Python read file- Python read line- Python read from file

Strategic Security, Inc. http://www.strategicsec.com/Your TaskYour x taskUse Python to read in a file line by line

## Open the file with read only permitf = open('access_log', "r")

## use readlines to read all lines in the file## The variable "lines" is a list containing all lineslines = f.readlines()

print lines

## close the file after reading the lines.f.close()

Strategic Security, Inc. http://www.strategicsec.com/Your TaskYou

Recommended

View more >