“The difference between script kiddies and B Black Hat python l a c professionals is the difference between merely k H using other people’s tools and writing your own.” a t p — Charlie Miller, from the foreword Python Programming for y t h o n Hackers and Pentesters When it comes to creating powerful and effec- Extend the popular Burp Suite web- tive hacking tools, Python is the language of hacking tool choice for most security analysts. But just how Abuse Windows COM automation to does the magic happen? perform a man-in-the-browser attack In Black Hat Python, the latest from Justin Seitz P Exfiltrate data from a network most y (author of the best-selling Gray Hat Python), t h sneakily you’ll explore the darker side of Python’s o n capabilities—writing network sniffers, manip- Insider techniques and creative challenges P ulating packets, infecting virtual machines, r throughout show you how to extend the hacks o creating stealthy trojans, and more. You’ll g and how to write your own exploits. r learn how to: a m When it comes to offensive security, your m Create a trojan command-and-control using ability to create powerful tools on the fly is i GitHub n indispensable. Learn how in Black Hat Python. g f Detect sandboxing and automate com- o mon malware tasks, like keylogging and About the Author r H screenshotting a c Justin Seitz is a senior security researcher k Escalate Windows privileges with creative e for Immunity, Inc., where he spends his time r s process control bug hunting, reverse engineering, writing a exploits, and coding Python. He is the author n Use offensive memory forensics tricks d to retrieve password hashes and inject of Gray Hat Python (No Starch Press), the first P book to cover Python for security analysis. e shellcode into a virtual machine n t e s t e r s THE FINEST IN GEEK ENTERTAINMENT™ www.nostarch.com Seitz $34.95 ($36.95 CDN) Shelve In: ComputerS/SeCurIty Justin Seitz ISBN: 978-1-59327-590-7 53495 Foreword by Charlie Miller 9 781593 275907 6 89145 75900 6 Black Hat PytHon B l a c k H a t P y tHo n Python Pro gramming for Ha ckers an d Pente sters by Justin Seitz San Francisco Black Hat PytHon. Copyright © 2015 by Justin Seitz. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA First printing 18 17 16 15 14 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-590-0 ISBN-13: 978-1-59327-590-7 Publisher: William Pollock Production Editor: Serena Yang Cover Illustration: Garry Booth Interior Design: Octopod Studios Developmental Editor: Tyler Ortman Technical Reviewers: Dan Frisch and Cliff Janzen Copyeditor: Gillian McGarvey Compositor: Lynn L’Heureux Proofreader: James Fraleigh Indexer: BIM Indexing and Proofreading Services For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; [email protected] www.nostarch.com Library of Congress Control Number: 2014953241 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. To Pat Although we never met, I am forever grateful for every member of your wonderful family you gave me. Canadian Cancer Society www.cancer.ca about the author Justin Seitz is a senior security researcher for Immunity, Inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python. He is the author of Gray Hat Python, the first book to cover Python for security analysis. about the technical Reviewers Dan Frisch has over ten years of experience in information security. Currently, he is a senior security analyst in a Canadian law enforcement agency. Prior to that role, he worked as a consultant providing security assessments to financial and technology firms in North America. Because he is obsessed with technology and holds a 3rd degree black belt, you can assume (correctly) that his entire life is based around The Matrix. Since the early days of Commodore PET and VIC-20, technology has been a constant companion (and sometimes an obsession!) to Cliff Janzen. Cliff discovered his career passion when he moved to information security in 2008 after a decade of IT operations. For the past few years Cliff has been happily employed as a security consultant, doing everything from policy review to penetration tests, and he feels lucky to have a career that is also his favorite hobby.