首页 > > > [Python灰帽子:黑客与逆向工程师的Python编程之道].(Gray.Hat.Pytho…

[Python灰帽子:黑客与逆向工程师的Python编程之道].(Gray.Hat.Python).Justin.Seitz.文字版.pdf

[Python灰帽子:黑客与逆向工程师的Python编程之道]…

上传者: 智普教育python培训 2013-07-15 评分1 评论0 下载640 收藏10 阅读量1434 暂无简介 简介 举报

简介:本文档为《[Python灰帽子:黑客与逆向工程师的Python编程之道].(Gray.Hat.Python).Justin.Seitz.文字版pdf》,可适用于IT书籍领域,主题内容包含ISBN:PythonProgrammingforhackersandreverseengineersPythonisfastbecomingthe符等。

5 3 9 9 5 9 7 81 5 93 2 71 92 3 ISBN: 978-1-59327-192-3 6 89 1 45 7 19 21 5 Python Programming for hackers and reverse engineers Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it’s easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore. Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools — and how to build your own when the pre-built ones won’t cut it. You’ll learn how to: > Automate tedious reversing and security tasks > Design and program your own debugger > Learn how to fuzz Windows drivers and create powerful fuzzers from scratch > Have fun with code and library injection, soft and hard hooking techniques, and other software trickery > Sniff secure traffic out of an encrypted web browser session > Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more The world’s best hackers are using Python to do their handiwork. Shouldn’t you? Justin seitz is a senior security researcher for immunity, inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python. TH E F I N EST I N G E E K E NTE RTA I N M E NT www.nostarch.com “ I LAY F LAT .” This book uses RepKover — a durable binding that won’t snap shut. g r a y h a t P y t h o n master the Professional hacker’s Python toolkit $39.95 ($49.95 CDN) shelve in: COMPUTERS/SECURiTy s e it z Justin seitz gray hat Python GRAY HAT PYTHON GR AY HAT PY THON P y t h o n P r o g r a m m i n g f o r H a c k e r s a n d R e v e r s e E n gi n e er s by Just in Sei tz San Francisco GRAY HAT PYTHON. Copyright 2009 by Justin Seitz. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 13 12 11 10 09 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-192-1 ISBN-13: 978-1-59327-192-3 Publisher: William Pollock Production Editor: Megan Dunchak Cover Design: Octopod Studios Developmental Editor: Tyler Ortman Technical Reviewer: Dave Aitel Copyeditor: Linda Recktenwald Compositors: Riley Hoffman and Kathleen Mish Proofreader: Rachel Kai Indexer: Fred Brown, Allegro Technical Indexing For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 555 De Haro Street, Suite 250, San Francisco, CA 94107 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data: Seitz, Justin. Gray hat Python : Python programming for hackers and reverse engineers / Justin Seitz. p. cm. ISBN-13: 978-1-59327-192-3 ISBN-10: 1-59327-192-1 1. Computer security. 2. Python (Computer program language) I. Title. QA76.9.A25S457 2009 005.8--dc22 2009009107 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. Mom, If there’s one thing I wish for you to remember, it’s that I love you very much. Alzheimer Society of Canada—www.alzheimers.ca B R I E F C O N T E N T S Foreword by Dave Aitel ................................................................................................ xiii Acknowledgments ........................................................................................................ xvii Introduction ..................................................................................................................xix Chapter 1: Setting Up Your Development Environment .........................................................1 Chapter 2: Debuggers and Debugger Design ...................................................................13 Chapter 3: Building a Windows Debugger ......................................................................25 Chapter 4: PyDbg—A Pure Python Windows Debugger.....................................................57 Chapter 5: Immunity Debugger—The Best of Both Worlds ..................................................69 Chapter 6: Hooking ......................................................................................................85 Chapter 7: DLL and Code Injection..................................................................................97 Chapter 8: Fuzzing .....................................................................................................111 Chapter 9: Sulley ........................................................................................................123 Chapter 10: Fuzzing Windows Drivers ..........................................................................137 Chapter 11: IDAPython—Scripting IDA Pro ....................................................................153 Chapter 12: PyEmu—The Scriptable Emulator.................................................................163 Index .........................................................................................................................183 C O N T E N T S I N D E T A I L FOREWORD by Dave Aitel xiii ACKNOWLEDGMENTS xvii INTRODUCTION xix 1 SETTING UP YOUR DEVELOPMENT ENVIRONMENT 1 1.1 Operating System Requirements ......................................................................... 2 1.2 Obtaining and Installing Python 2.5 ................................................................... 2 1.2.1 Installing Python on Windows ............................................................ 2 1.2.2 Installing Python for Linux .................................................................. 3 1.3 Setting Up Eclipse and PyDev ............................................................................ 4 1.3.1 The Hacker’s Best Friend: ctypes ........................................................ 5 1.3.2 Using Dynamic Libraries ................................................................... 6 1.3.3 Constructing C Datatypes .................................................................. 8 1.3.4 Passing Parameters by Reference ....................................................... 9 1.3.5 Defining Structures and Unions .......................................................... 9 2 DEBUGGERS AND DEBUGGER DESIGN 13 2.1 General-Purpose CPU Registers......................................................................... 14 2.2 The Stack ....................................................................................................... 16 2.3 Debug Events ................................................................................................. 18 2.4 Breakpoints .................................................................................................... 18 2.4.1 Soft Breakpoints.............................................................................. 19 2.4.2 Hardware Breakpoints..................................................................... 21 2.4.3 Memory Breakpoints ....................................................................... 23 3 BUILDING A WINDOWS DEBUGGER 25 3.1 Debuggee, Where Art Thou?............................................................................ 25 3.2 Obtaining CPU Register State ........................................................................... 33 3.2.1 Thread Enumeration ........................................................................ 33 3.2.2 Putting It All Together....................................................................... 35 3.3 Implementing Debug Event Handlers ................................................................. 39 3.4 The Almighty Breakpoint .................................................................................. 43 3.4.1 Soft Breakpoints.............................................................................. 43 3.4.2 Hardware Breakpoints..................................................................... 47 3.4.3 Memory Breakpoints ....................................................................... 52 3.5 Conclusion ..................................................................................................... 55 x Conten ts in Detai l 4 PYDBG—A PURE PYTHON WINDOWS DEBUGGER 57 4.1 Extending Breakpoint Handlers ......................................................................... 58 4.2 Access Violation Handlers................................................................................ 60 4.3 Process Snapshots ........................................................................................... 63 4.3.1 Obtaining Process Snapshots ........................................................... 63 4.3.2 Putting It All Together....................................................................... 65 5 IMMUNITY DEBUGGER—THE BEST OF BOTH WORLDS 69 5.1 Installing Immunity Debugger............................................................................ 70 5.2 Immunity Debugger 101 .................................................................................. 70 5.2.1 PyCommands ................................................................................. 71 5.2.2 PyHooks ........................................................................................ 71 5.3 Exploit Development........................................................................................ 73 5.3.1 Finding Exploit-Friendly Instructions ................................................... 73 5.3.2 Bad-Character Filtering .................................................................... 75 5.3.3 Bypassing DEP on Windows ............................................................ 77 5.4 Defeating Anti-Debugging Routines in Malware .................................................. 81 5.4.1 IsDebuggerPresent .......................................................................... 81 5.4.2 Defeating Process Iteration ............................................................... 82 6 HOOKING 85 6.1 Soft Hooking with PyDbg ................................................................................. 86 6.2 Hard Hooking with Immunity Debugger ............................................................. 90 7 DLL AND CODE INJECTION 97 7.1 Remote Thread Creation .................................................................................. 98 7.1.1 DLL Injection ................................................................................... 99 7.1.2 Code Injection .............................................................................. 101 7.2 Getting Evil .................................................................................................. 104 7.2.1 File Hiding ................................................................................... 104 7.2.2 Coding the Backdoor .................................................................... 105 7.2.3 Compiling with py2exe.................................................................. 108 8 FUZZING 111 8.1 Bug Classes ................................................................................................. 112 8.1.1 Buffer Overflows ........................................................................... 112 8.1.2 Integer Overflows ......................................................................... 113 8.1.3 Format String Attacks..................................................................... 114 8.2 File Fuzzer ................................................................................................... 115 8.3 Future Considerations .................................................................................... 122 8.3.1 Code Coverage............................................................................ 122 8.3.2 Automated Static Analysis .............................................................. 122 Conten ts in Detai l xi 9 SULLEY 123 9.1 Sulley Installation .......................................................................................... 124 9.2 Sulley Primitives ............................................................................................ 125 9.2.1 Strings ......................................................................................... 125 9.2.2 Delimiters..................................................................................... 125 9.2.3 Static and Random Primitives.......................................................... 126 9.2.4 Binary Data.................................................................................. 126 9.2.5 Integers ....................................................................................... 126 9.2.6 Blocks and Groups........................................................................ 127 9.3 Slaying WarFTPD with Sulley ......................................................................... 129 9.3.1 FTP 101....................................................................................... 129 9.3.2 Creating the FTP Protocol Skeleton .................................................. 130 9.3.3 Sulley Sessions ............................................................................. 131 9.3.4 Network and Process Monitoring .................................................... 132 9.3.5 Fuzzing and the Sulley Web Interface ............................................. 133 10 FUZZING WINDOWS DRIVERS 137 10.1 Driver Communication ................................................................................. 138 10.2 Driver Fuzzing with Immunity Debugger......................................................... 139 10.3 Driverlib—The Static Analysis Tool for Drivers................................................. 142 10.3.1 Discovering Device Names .......................................................... 143 10.3.2 Finding the IOCTL Dispatch Routine............................................... 144 10.3.3 Determining Supported IOCTL Codes ............................................ 145 10.4 Building a Driver Fuzzer .............................................................................. 147 11 IDAPYTHON—SCRIPTING IDA PRO 153 11.1 IDAPython Installation .................................................................................. 154 11.2 IDAPython Functions .................................................................................... 155 11.2.1 Utility Functions........................................................................... 155 11.2.2 Segments ................................................................................... 155 11.2.3 Functions ................................................................................... 156 11.2.4 Cross-References ......................................................................... 156 11.2.5 Debugger Hooks......................................................................... 157 11.3 Example Scripts .......................................................................................... 158 11.3.1 Finding Dangerous Function Cross-References................................. 158 11.3.2 Function Code Coverage ............................................................. 160 11.3.3 Calculating Stack Size ................................................................. 161 12 PYEMU—THE SCRIPTABLE EMULATOR 163 12.1 Installing PyEmu .......................................................................................... 164 12.2 PyEmu Overview......................................................................................... 164 12.2.1 PyCPU ....................................................................................... 164 12.2.2 PyMemory.................................................................................. 165 12.2.3 PyEmu ....................................................................................... 165 xii Content s i n De ta i l 12.2.4 Execution ................................................................................... 165 12.2.5 Memory and Register Modifiers .................................................... 165 12.2.6 Handlers.................................................................................... 166 12.3 IDAPyEmu .................................................................................................. 171 12.3.1 Function Emulation ...................................................................... 172 12.3.2 PEPyEmu.................................................................................... 175 12.3.3 Executable Packers...................................................................... 176 12.3.4 UPX Packer ................................................................................ 176 12.3.5 Unpacking UPX with PEPyEmu ...................................................... 177 INDEX 183 F O R E W O R D The phrase most often heard at Immunity is probably, “Is it done yet?” Common parlance usually goes some- thing like this: “I’m starting work on the new ELF importer for Immunity Debugger.” Slight pause. “Is it done yet?” or “I just found a bug in Internet Explorer!” And then, “Is the exploit done yet?” It’s this rapid pace of development, modi- fication, and creation that makes Python the perfect choice for your next security project, be it building a special decompiler or an entire debugger. I find it dizzying sometimes to walk into Ace Hardware here in South Beach and walk down the hammer aisle. There are around 50 different kinds on display, arranged in neat rows in the tiny store. Each one has some minor but extremely important difference from the next. I’m not enough of a handy- man to know what the ideal use for each device is, but the same principle holds when creating security tools. Especially when working on web or custom-built apps, each assessment is going to require some kind of specialized “hammer.” Being able to throw together something that hooks the SQL API has saved an Immunity team on more than one occasion. But of course, this doesn’t just xiv Foreword apply to assessments. Once you can hook the SQL API, you can easily write a tool to do anomaly detection against SQL queries, providing your organiza- tion with a quick fix against a persistent attacker. Everyone knows that it’s pretty hard to get your security researchers to work as part of a team. Most security researchers, when faced with any sort of problem, would like to first rebuild the library they are going to use to attack the problem. Let’s say it’s a vulnerability in an SSL daemon of some kind. It’s very likely that your researcher is going to want to s

该用户的其他资料

  • 名称/格式
  • 评分
  • 下载次数
  • 资料大小
  • 上传时间
  • 平时整理的一些Python基础内容以及语法测试样例,供初学者参考,水平有限不吝赐教,欢迎下载。[立即查看]

  • 0
    10
    1.2MB
    2013-07-15
  • 0
    389
    7.2MB
    2013-07-15
  • 0
    275
    7.4MB
    2013-07-15
  • 0
    185
    7.2MB
    2013-07-15
  • 0
    379
    7.4MB
    2013-07-15
  • 0
    217
    8.3MB
    2013-07-15

    智普教育奉献,jeapedu.com 智普教育是国内最早、最专业的python + Html5就业培训教育机构。掌握Python技术是现今高薪就业的保证!智普教育亲情分享一些Python相关开发技术书籍~!欢迎下载学习![立即查看]

  • 0
    241
    7.2MB
    2013-07-15

    智普教育奉献,jeapedu.com 智普教育是国内最早、最专业的python + Html5就业培训教育机构。掌握Python技术是现今高薪就业的保证!智普教育亲情分享一些Python相关开发技术书籍~!欢迎下载学习![立即查看]

  • 0
    157
    6.9MB
    2013-07-15

    智普教育奉献,jeapedu.com 智普教育是国内最早、最专业的python + Html5就业培训教育机构。掌握Python技术是现今高薪就业的保证!智普教育亲情分享一些Python相关开发技术书籍~!欢迎下载学习![立即查看]

  • 0
    228
    7.0MB
    2013-07-15

    智普教育奉献,jeapedu.com 智普教育是国内最早、最专业的python + Html5就业培训教育机构。掌握Python技术是现今高薪就业的保证!智普教育亲情分享一些Python相关开发技术书籍~!欢迎下载学习![立即查看]

  • 0
    902
    6.1MB
    2013-07-15

    智普教育奉献,jeapedu.com 智普教育是国内最早、最专业的python + Html5就业培训教育机构。掌握Python技术是现今高薪就业的保证!智普教育亲情分享一些Python相关开发技术书籍~!欢迎下载学习![立即查看]

  • 0
    276
    7.8MB
    2013-07-15

    智普教育奉献,jeapedu.com 智普教育是国内最早、最专业的python + Html5就业培训教育机构。掌握Python技术是现今高薪就业的保证!智普教育亲情分享一些Python相关开发技术书籍~!欢迎下载学习![立即查看]

用户评论

0/200
    暂无评论
上传我的资料

相关资料

资料评价:

/ 220
所需积分:0 立即下载
返回
顶部
举报
资料
关闭

温馨提示

感谢您对爱问共享资料的支持,精彩活动将尽快为您呈现,敬请期待!