Violent Python

A Cookbook for Hackers,

Forensic Analysts,
Penetration Testers and
Security Engineers

Acquiring Editor:
Development Editor:
Project Manager:
Designer:

Chris Katsaropoulos
Meagan White
Priya Kumaraguruparan
Russell Purdy

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA
Copyright 2013 Elsevier, Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or any information storage and
retrieval system, without permission in writing from the publisher. Details on how to seek
permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing
Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the
Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may
become necessary. Practitioners and researchers must always rely on their own experience and
knowledge in evaluating and using any information or methods described herein. In using such
information or methods they should be mindful of their own safety and the safety of others,
including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors,
assume any liability for any injury and/or damage to persons or property as a matter of products
liability, negligence or otherwise, or from any use or operation of any methods, products,
instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Application submitted
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-957-6
Printed in the United States of America
13 14 15 10 9 8 7 6 5 4 3 2 1

For information on all Syngress publications visit our website at www.syngress.com

Trademarks

%LSEVIER )NC THE AUTHORS  AND ANY PERSON OR lRM INVOLVED IN THE WRITING
EDITING OR PRODUCTION COLLECTIVELY h-AKERSv OF THIS BOOK hTHE 7ORKv DO
NOT GUARANTEE OR WARRANT THE RESULTS TO BE OBTAINED FROM THE 7ORK
4HERE IS NO GUARANTEE OF ANY KIND EXPRESSED OR IMPLIED REGARDING THE 7ORK OR
ITS CONTENTS 4HE 7ORK IS SOLD !3 )3 AND 7)4(/54 7!22!.49 9OU MAY HAVE
OTHER LEGAL RIGHTS WHICH VARY FROM STATE TO STATE
)N NO EVENT WILL -AKERS BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY LOSS OF
PROlTS LOST SAVINGS OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT
FROM THE 7ORK OR ITS CONTENTS "ECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES THE ABOVE
LIMITATION MAY NOT APPLY TO YOU
9OU SHOULD ALWAYS USE REASONABLE CARE INCLUDING BACKUP AND OTHER APPROPRIATE PRECAUTIONS WHEN WORKING WITH COMPUTERS NETWORKS DATA AND lLES
3YNGRESS -EDIA 3YNGRESS h#AREER !DVANCEMENT 4HROUGH 3KILL %NHANCEMENTv h!SK THE !UTHOR 50$!4%v AND h(ACK 0ROOlNGv ARE REGISTERED
TRADEMARKS OF %LSEVIER )NCh3YNGRESS4HE $ElNITION OF A 3ERIOUS 3ECURITY
,IBRARYv4- h-ISSION #RITICAL4-v AND h4HE /NLY 7AY TO 3TOP A (ACKER IS TO
4HINK ,IKE /NE4-v ARE TRADEMARKS OF %LSEVIER )NC "RANDS AND PRODUCT NAMES
MENTIONED IN THIS BOOK ARE TRADEMARKS OR SERVICE MARKS OF THEIR RESPECTIVE
COMPANIES

Dedication

For my monkey and my ninja princess: anything is

possible if you try hard enough.

ix

Lead Author TJ OConnor

4* /#ONNOR IS A $EPARTMENT OF $EFENSE EXPERT ON INFORMATION SECURITY AND

A 53 !RMY PARATROOPER 7HILE ASSIGNED AS AN ASSISTANT PROFESSOR AT THE 53
-ILITARY !CADEMY 4* TAUGHT UNDERGRADUATE COURSES ON FORENSICS EXPLOITATION AND INFORMATION ASSURANCE (E TWICE CO COACHED THE WINNING TEAM AT
THE .ATIONAL 3ECURITY !GENCYS ANNUAL #YBER $EFENSE %XERCISE AND WON THE
.ATIONAL $EFENSE 5NIVERSITYS lRST ANNUAL #YBER #HALLENGE (E HAS SERVED ON
MULTIPLE RED TEAMS INCLUDING TWICE ON THE .ORTHEAST 2EGIONAL 4EAM FOR THE
.ATIONAL #OLLEGIATE #YBER $EFENSE #OMPETITION
4* HOLDS A -ASTER OF 3CIENCE DEGREE IN #OMPUTER 3CIENCE FROM .ORTH #AROLINA
3TATE A -ASTER OF 3CIENCE DEGREE IN )NFORMATION 3ECURITY %NGINEERING FROM
THE 3!.3 4ECHNICAL )NSTITUTE AND A "ACHELOR OF 3CIENCE DEGREE IN #OMPUTER
3CIENCE FROM THE 53 -ILITARY !CADEMY (E HAS PUBLISHED TECHNICAL RESEARCH AT
53%.)8 WORKSHOPS !#- CONFERENCES SECURITY CONFERENCES THE 3!.3 2EADING 2OOM THE )NTERNET 3TORM #ENTER THE Army Magazine AND THE Armed Forces
Journal (E HOLDS EXPERT CYBER SECURITY CREDENTIALS INCLUDING THE PRESTIGIOUS
')!# 3ECURITY %XPERT '3% AND /FFENSIVE 3ECURITY #ERTIlED %XPERT /3#% 
4* IS A MEMBER OF THE ELITE 3!.3 2ED AND "LUE 4EAM #YBER 'UARDIANS

xvii

Contributing Author Bio Rob Frost

2OBERT &ROST GRADUATED FROM THE 5NITED 3TATES -ILITARY !CADEMY IN 
COMMISSIONING INTO THE !RMY 3IGNAL #ORPS (E HOLDS A "ACHELOR OF 3CIENCE
DEGREE IN #OMPUTER 3CIENCE WITH HONORS WITH HIS THESIS WORK FOCUSING ON
OPEN SOURCE INFORMATION GATHERING 2OB WAS INDIVIDUALLY RECOGNIZED AS ONE OF
THE TOP TWO MEMBERS OF THE NATIONAL CHAMPIONSHIP TEAM FOR THE  #YBER
$EFENSE %XERCISE DUE TO HIS ABILITY TO CIRCUMVENT RULES 2OB HAS PARTICIPATED IN
AND WON SEVERAL CYBER SECURITY COMPETITIONS

xix

Technical Editor Bio Mark Baggett

-ARK "AGGETT IS A #ERTIlED 3!.3 )NSTRUCTOR AND TEACHES SEVERAL COURSES IN THE
3!.3 PENETRATION TESTING CURRICULUM -ARK IS THE PRIMARY CONSULTANT AND
FOUNDER OF )N $EPTH $EFENSE )NC WHICH PROVIDES INCIDENT RESPONSE AND
PENETRATION TESTING SERVICES 4ODAY IN HIS ROLE AS THE TECHNICAL ADVISOR TO THE
$EPARTMENT OF $EFENSE FOR 3!.3 -ARK IS FOCUSED ON THE PRACTICAL APPLICATION
OF 3!.3 RESOURCES IN THE DEVELOPMENT OF MILITARY CAPABILITIES
-ARK HAS HELD A VARIETY OF POSITIONS IN INFORMATION SECURITY FOR LARGE INTERNATIONAL AND &ORTUNE  COMPANIES (E HAS BEEN A SOFTWARE DEVELOPER A NETWORK AND SYSTEMS ENGINEER A SECURITY MANAGER AND A #)3/ !S A #)3/ -ARK
WAS RESPONSIBLE FOR POLICY COMPLIANCE INCIDENT RESPONSE AND ALL OTHER ASPECTS
OF INFORMATION SECURITY OPERATIONS -ARK KNOWS lRSTHAND THE CHALLENGES THAT
INFORMATION SECURITY PROFESSIONALS FACE TODAY IN SELLING IMPLEMENTING AND
SUPPORTING INFORMATION SECURITY -ARK IS AN ACTIVE MEMBER OF THE INFORMATION
SECURITY COMMUNITY AND THE FOUNDING PRESIDENT OF THE 'REATER !UGUSTA )33!
(E HOLDS SEVERAL CERTIlCATIONS INCLUDING 3!.3 PRESTIGIOUS '3% -ARK BLOGS
ABOUT VARIOUS SECURITY TOPICS AT HTTPWWWPAULDOTCOMCOM

xxi

Introduction

0YTHON IS A HACKERS LANGUAGE 7ITH ITS DECREASED COMPLEXITY INCREASED EFlCIENCY LIMITLESS THIRD PARTY LIBRARIES AND LOW BAR TO ENTRY 0YTHON PROVIDES AN
EXCELLENT DEVELOPMENT PLATFORM TO BUILD YOUR OWN OFFENSIVE TOOLS )F YOU ARE
RUNNING -AC /3 8 OR ,INUX ODDS ARE IT IS ALREADY INSTALLED ON YOUR SYSTEM
7HILE A WEALTH OF OFFENSIVE TOOLS ALREADY EXIST LEARNING 0YTHON CAN HELP YOU
WITH THE DIFlCULT CASES WHERE THOSE TOOLS FAIL

TARGET AUDIENCE
%VERYONE LEARNS DIFFERENTLY (OWEVER WHETHER YOU ARE A BEGINNER WHO WANTS
TO LEARN HOW TO WRITE 0YTHON OR AN ADVANCED PROGRAMMER WHO WANTS TO LEARN
HOW TO APPLY YOUR SKILLS IN PENETRATION TESTING THIS BOOK IS FOR YOU

ORGANIZATION OF THE BOOK

)N WRITING THIS BOOK WE REALLY SET OUT TO WRITE AN EVIL COOKBOOK OF EXAMPLES
FOR THE DARKER SIDE OF 0YTHON 4HE FOLLOWING PAGES PROVIDE 0YTHON RECIPES
FOR PENETRATION TESTING WEB ANALYSIS NETWORK ANALYSIS FORENSIC ANALYSIS AND
EXPLOITING WIRELESS DEVICES (OPEFULLY THE EXAMPLES WILL INSPIRE THE READER TO
CREATE HIS OR HER OWN 0YTHON SCRIPTS

Chapter 1: Introduction
)F YOU HAVE NOT PROGRAMMED IN 0YTHON BEFORE #HAPTER  PROVIDES BACKGROUND
INFORMATION ABOUT THE LANGUAGE VARIABLES DATA TYPES FUNCTIONS ITERATION
SELECTION AND WORKING WITH MODULES AND METHODICALLY WALKS THROUGH WRITING A FEW SIMPLE PROGRAMS &EEL FREE TO SKIP IT IF YOU ARE ALREADY COMFORTABLE
WITH THE 0YTHON PROGRAMMING LANGUAGE !FTER THE lRST CHAPTER THE FOLLOWING
SIX CHAPTERS ARE FAIRLY INDEPENDENT FROM ONE ANOTHER FEEL FREE TO READ THEM IN
WHICHEVER ORDER YOU PLEASE ACCORDING TO WHAT STRIKES YOUR CURIOSITY

xxiii