Attack and Defense with Python
Bastian Ballmann, Uster, Switzerland
© Springer-Verlag Berlin Heidelberg 2015
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer.Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.
While the advice and information in this book are believed to be true and accurate at the date of
publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.
 |
| Understanding Network Hacks Attack and Defense with Python |
Doesn’t this book explain how to break into a computer system? Isn’t that illegal
and a bad thing at all?
I would like to answer both questions with no (at least the second one).
Knowledge is never illegal nor something bad, but the things you do with it.
You as an admin, programmer, IT manager, or just an interested reader cannot
protect yourself if you don’t know the techniques of the attackers. You cannot test
the effectiveness of your firewalls and intrusion detection systems or other security,
related software if you are not able to see your IT infrastructure through the eyes of
an attacker. You cannot weigh up the danger to costs of possible security solutions
if you don’t know the risks of a successful attack. Therefore, it is necessary to
understand how attacks on computer networks really work.
The book presents a selection of possible attacks with short source code samples
to demonstrate how easy and effectively and maybe undetected a network can be
infiltrated. This way you can not only learn the real techniques but present them to
your manager or employer and help them in the decision if it would make sense to
care a little bit more about IT security. At the end of the book, you should be able
to not only understand how attacks on computer networks really work but also to
modify the examples to your own environment and your own needs.
Sure, the book also tells those bad guys how to crack the net and write their own
tools, but IT security is a sword with two sharp blades. Both sides feed themselves
off the same pot of knowledge, and it is a continuous battle, which the protecting
side can never dream of winning if it censors itself or criminalizes their knowledge!
Uster, Switzerland
Bastian Ballmann
Introduction
Who Should Read This Book?
This book addresses interested Python programmers who want to learn about
network coding and administrators who want to actively check the security of their
systems and networks. The content should also be useful for white, gray, and black
hat hackers, who prefer Python for coding, as well as for curious computer users,
who want to get their hands on practical IT security and are interested in learning to
see their network through the eyes of an attacker.
You neither need deep knowledge on how computer networks are built up nor in
programming. You will get through all the knowledge you need to understand the
source codes of the book in Chaps. 2 and 3. Readers, who know how to program in
Python and dream in OSI layers or packet headers, can right away jump to Chap. 5
and start having fun at their device.
Of course a book like this needs a disclaimer, and the author would be happy if
all readers only play on systems they are allowed to do so and use the information
of this book only for good and ethical actions, otherwise, you may be breaking a
law depending on the country your device is connected in.
The length of the book doesn’t allow for in-depth discussion of all topics. You
will only get somewhat more than the basics. If you want to dig deeper, you should
afterward get some special lecture in your special field of interest.
The Structure of the Book
The different hacks are grouped by network protocols, and every chapter content is
ordered by difficulty. You can read the book in the order you like except both the
introduction chapters about networks (Chap. 2) and Python (Chap. 3).
The code samples are printed unshortened; therefore, you can just copy and use
them without worrying about incremental changes or add-ons. If you are too lazy or
busy to type, you should consider downloading all sources by pointing for browsing
software at http://www.codekid.net/pythonnetwork-hacks/all.zip.
At the end of each chapter, you will find a selection of tools also written in Python
that attack the described protocol in a more detailed way.
Thanks to the basic knowledge learned in the chapter, it shouldn’t be too hard to
read and understand the source code of the tools.
The Most Important Security Principles
The most important principles in building a secure network of the author’s point of
view are:
1. Security solutions should be simple. A firewall rule set that no one understands
is a guarantee for security holes.
Software that’s complex has more bugs than simple code.
2. Less is more.More code, more systems, more services providemore possibilities of attack.
3. Security solutions should be open source. You can search easier for security
problems if you have access to the source code. If the vendor disagrees to close
an important security hole, you or someone else can fix it and you don’t have to
wait for six or more months till the next patch day. Proprietary software can have
built-in backdoors sometimes called Law Interception Interface. Companies like
Cisco (see RFC 3924), Skype (US-Patent-No 20110153809), and Microsoft
(e.g., _NSAKEY http://en.wikipedia.org/wiki/NSAKEY) are only popular examples.
4. A firewall is a concept, not a box that you plug in and you are safe.
5. Keep all your systems up to date! A system that’s considered secure today can
be unprotected a few hours later. Update all systems, also smartphones, printer, and switches!
6. The weakest device defines the security of the complete system, and that doesn’t
necessarily have to be a computer; it can also be a human (read about social engineering).
7. There is no such thing as 100% secure. Even a computer that is switched off can
be infiltrated by a good social engineer. The aim should be to build that much
layers that the attacker falls over one tripwire and leaves traces and that the value
he or she can gain from a successful infiltration is much lower than the work or
it kills his owner’s skills.
Table of Contents
1 Installation
1.1 The Right Operating System. . . . . . . . 1
1.2 The Right Python Version . . . . . . 1
1.3 Development Environment . . 2
1.4 Python Modules . . . .. 3
2 Network 4 Newbies
2.1 Components . . . .. 5
2.2 Topologies . . . . . . . 5
2.3 ISO/OSI Layer Model. . . . . 7
2.4 Ethernet . . . .. . . . 8
2.5 VLAN. . . . . . . 9
2.6 ARP . . . 10
2.7 IP . . . . . . . 10
2.8 ICMP. . . . . . . . 12
2.9 TCP . . . . . . . . . . 12
2.10 UDP . . . .. . . . 16
2.11 An Example Network . . . . . . 16
2.12 Architecture.. . . . . 17
2.13 Gateway. . .. . . 18
2.14 Router . . . . . 18
2.15 Bridge . . . . . . . 19
2.16 Proxies . . . . . . 19
2.17 Virtual Private Networks . . . . . 19
2.18 Firewalls . .. . . . . . 20
2.19 Man-in-the-Middle-Attacks.. .. 21
3 Python Basics
3.1 Every Start Is Simple. . . . . . 23
3.2 The Python Philosophy . . . 24
3.3 Data Types . . . . . 25
3.4 Data Structures . . . . . . 26
3.5 Functions . . . . . . . . 27
3.6 Control Structures . . .. . 28
3.7 Modules ... . . . . 30
3.8 Exceptions .. . . . . . . 31
3.9 Regular Expressions.. . . . 31
3.10 Sockets . . . . . . 33
4 Layer 2 Attacks
4.1 Required Modules . . . 35
4.2 ARP-Cache-Poisoning . . . . . 35
4.3 ARP-Watcher . . . . . . . . 39
4.4 MAC-Flooder.. . . . . 41
4.5 VLAN Hopping . . .. . . 42
4.6 Let’s Play Switch . . . . . . 42
4.7 ARP Spoofing Over VLAN Hopping . .. . . . 43
4.8 DTP Abusing . . . . . 44
4.9 Tools . . . . . . . . . 45
4.9.1 NetCommander . . . . . . 45
4.9.2 Hacker’s Hideaway ARP Attack Tool . . . . 45
4.9.3 Loki . . . . . . . . 45
5 TCP/IP Tricks
5.1 Required Modules . . . . 47
5.2 A Simple Sniffer . . . . . .. . . . . . 47
5.3 Reading and Writing PCAP Dump Files .. . . . 49
5.4 Password Sniffer . . . . . . . . . . 51
5.5 Sniffer Detection . . . . 53
5.6 IP-Spoofing .. . . . . . . .. . . . . 54
5.7 SYN-Flooder . . . . .. . . . . 55
5.8 Port-Scanning.. . . . . . . . . . . 56
5.9 Port-Scan Detection . . . . .. . 59
5.10 ICMP-Redirection .. . . . . . . . . . 61
5.11 RST Daemon . . . .. . . . 63
5.12 Automatic Hijack Daemon.. . . . 65
5.13 Tools . . . . . . . . 68
5.13.1 Scapy . . . . . . . 68
6 WHOIS DNS?
6.1 Protocol Overview . . . . 73
6.2 Required Modules .. . . . . . . . 74
6.3 Questions About Questions . . . 74
6.4 WHOIS . . . . . . . . . . . . 75
6.5 DNS Dictionary Mapper . . . . . 76
6.6 Reverse DNS Scanner . . . 77
6.7 DNS-Spoofing .. . . . . . 80
6.8 Tools . . .. . . . . . . 83
6.8.1 Chaosmap . . . . . . . . . 83
7 HTTP Hacks
7.1 Protocol Overview . . . . . 85
7.2 Web Services . . . .. . 88
7.3 Required Modules . . . . . . . . 88
7.4 HTTP Header Dumper . . . . . . . 89
7.5 Referer Spoofing . . . . . . . . 89
7.6 The Manipulation of Cookies . . . . . . 90
7.7 HTTP-Auth Sniffing . . . . . . 91
7.8 Webserver Scanning.. . . . . 92
7.9 SQL Injection.. . . . . . . . . 95
7.10 Command Injection . . . . . . . . 101
7.11 Cross-Site-Scripting .. . . . 102
7.12 SSL Sniffing . . . . . . . . 103
7.13 Proxy Scanner . . . . . 107
7.14 Proxy Port Scanner . . . . 109
7.15 Tools . . . . . . . . . . 111
7.15.1 SSL Strip . . . . . . . 111
7.15.2 Cookie Monster . . . . 111
7.15.3 Sqlmap . . . .. . . 112
7.15.4 W3AF . . . . . . . . 112
8 WifiFun
8.1 Protocol Overview . . . . . 113
8.2 Required Modules .. . . 115
8.3 Wifi Scanner .. . .. . . . 116
8.4 Wifi Sniffer . . . . . . 117
8.5 Probe-Request Sniffer . . . 118
8.6 Hidden SSID. . . . .. . . 119
8.7 MAC-Address-Filter . . . . . . 120
8.8 WEP. . . . . . 120
8.9 WPA . . . . . 122
8.10 WPA2 . . .. . . 124
8.11 Wifi-Packet-Injection.. .. . . . 124
8.12 Playing Wifi Client . . . . . 125
8.13 Deauth. . . . . . 127
8.14 Wifi Man-in-the-Middle . . . . . . . 128
8.15 Wireless Intrusion Detection. . . . . 133
8.16 Tools . . .. . . . . . . . . 134
8.16.1 WiFuzz .. . . . 134
8.16.2 Pyrit .. . . . . . . . 135
8.16.3 AirXploit .. . . . 135
9 Feeling Bluetooth on the Tooth
9.1 Protocol Overview . . . . . . 137
9.2 Required Modules . . .. . . . 138
9.3 Bluetooth-Scanner.. . . . . . 139
9.4 SDP-Browser . . . . . 140
9.5 RFCOMM-Channel-Scanner . . . . . . . 140
9.6 OBEX. . . . . . . . . . 142
9.7 Blue Snarf Exploit. . . . . . . . 143
9.8 Blue Bug Exploit .. .. . . . 144
9.9 Bluetooth-Spoofing . . . . . 145
9.10 Sniffing .. . . . 146
9.11 Tools . . . . . . . . 148
9.11.1 BlueMaho . . . . . . . . . 148
10 Bargain Box Kung Fu
10.1 Required Modules . .. . . . . . 149
10.2 Spoofing E-mail Sender .. .. . . . . 149
10.3 DHCP Hijack . . . . . 150
10.4 IP Brute Forcer . . . . . 154
10.5 Google-Hacks-Scanner... . . 155
10.6 SMB-Share-Scanner . . . . 156
10.7 LoginWatcher . . . . . . 157
A Scapy Reference . . . 161
A.1 Protocols . . . . . . 161
A.2 Functions . . . .. . . . . . 162
B Secondary Links . . . . . . . . . . . 173
Index . . . .. . . . . . . . . . . 175
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
Pages
| 187 p |
File Size
|
11,115 KB |
File Type
|
PDF format |
ISBN
| 978-3-662-44436-8 978-3-662-44437-5 (eBook) |
Copyright
| Springer-Verlag, 2012 |
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
