Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Buy Now $31.95
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
19Activity

Table Of Contents

SETTING UP YOUR DEVELOPMENTENVIRONMENT
1.1Operating System Requirements
1.2Obtaining and Installing Python 2.5
1.2.1Installing Python on Windows
1.2.2Installing Python for Linux
1.3Setting Up Eclipse and PyDev
1.3.1The Hacker’s Best Friend: ctypes
1.3.2Using Dynamic Libraries
1.3.3Constructing C Datatypes
1.3.4Passing Parameters by Reference
1.3.5Defining Structures and Unions
DEBUGGERS AND DEBUGGERDESIGN
2.1General-Purpose CPU Registers
2.2The Stack
2.4.1Soft Breakpoints
2.4.2Hardware Breakpoints
2.4.3Memory Breakpoints
BUILDING A WINDOWSDEBUGGER
3.1Debuggee, Where Art Thou?
3.2Obtaining CPU Register State
3.2.1Thread Enumeration
3.2.2Putting It All Together
3.3Implementing Debug Event Handlers
3.4The Almighty Breakpoint
3.4.1Soft Breakpoints
3.4.2Hardware Breakpoints
3.4.3Memory Breakpoints
3.5Conclusion
PYDBG—A PURE PYTHON WINDOWSDEBUGGER
4.1Extending Breakpoint Handlers
4.2Access Violation Handlers
4.3Process Snapshots
4.3.1Obtaining Process Snapshots
4.3.2Putting It All Together
IMMUNITY DEBUGGER— THEBEST OF BOTH WORLDS
5.1Installing Immunity Debugger
5.2Immunity Debugger 101
5.2.1PyCommands
5.2.2PyHooks
5.3Exploit Development
5.3.1Finding Exploit-Friendly Instructions
5.3.2Bad-Character Filtering
5.3.3Bypassing DEP on Windows
5.4Defeating Anti-Debugging Routines in Malware
5.4.1IsDebuggerPresent
5.4.2Defeating Process Iteration
HOOKING
6.1Soft Hooking with PyDbg
6.2Hard Hooking with Immunity Debugger
DLL AND CODE INJECTION
7.2.2Coding the Backdoor
7.2.3Compiling with py2exe
FUZZING
8.1.1Buffer Overflows
8.1.2Integer Overflows
8.1.3Format String Attacks
8.3Future Considerations
8.3.2Automated Static Analysis
SULLEY
9.1Sulley Installation
9.2Sulley Primitives
9.2.1Strings
9.2.2Delimiters
9.2.3Static and Random Primitives
9.2.4Binary Data
9.2.5Integers
9.2.6Blocks and Groups
9.3Slaying WarFTPD with Sulley
9.3.1FTP 101
9.3.2Creating the FTP Protocol Skeleton
9.3.3Sulley Sessions
9.3.4Network and Process Monitoring
9.3.5Fuzzing and the Sulley Web Interface
FUZZING WINDOWS DRIVERS
10.1Driver Communication
10.2Driver Fuzzing with Immunity Debugger
10.3Driverlib—The Static Analysis Tool for Drivers
10.3.1Discovering Device Names
10.3.2Finding the IOCTL Dispatch Routine
10.3.3Determining Supported IOCTL Codes
10.4Building a Driver Fuzzer
11.1IDAPython Installation
11.2IDAPython Functions
11.2.1Utility Functions
11.2.2Segments
11.2.3Functions
11.2.4Cross-References
11.2.5Debugger Hooks
11.3Example Scripts
11.3.1Finding Dangerous Function Cross-References
11.3.2Function Code Coverage
11.3.3Calculating Stack Size
12.2.6Handlers
12.3IDAPyEmu
12.3.1Function Emulation
12.3.2PEPyEmu
12.3.3Executable Packers
12.3.4UPX Packer
INDEX
P. 1
Gray Hat Python

Gray Hat Python

Ratings:

4.2

(10)
|Views: 4,752 |Likes:
Published by No Starch Press
Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.

Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it.

You'll learn how to:

* Automate tedious reversing and security tasks
* Design and program your own debugger
* Learn how to fuzz Windows drivers and create powerful fuzzers from scratch
* Have fun with code and library injection, soft and hard hooking techniques, and other software trickery
* Sniff secure traffic out of an encrypted web browser session
* Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more

The world's best hackers are using Python to do their handiwork. Shouldn't you?

Justin Seitz is a Senior Security Researcher for Immunity, Inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python.
Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.

Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools - and how to build your own when the pre-built ones won't cut it.

You'll learn how to:

* Automate tedious reversing and security tasks
* Design and program your own debugger
* Learn how to fuzz Windows drivers and create powerful fuzzers from scratch
* Have fun with code and library injection, soft and hard hooking techniques, and other software trickery
* Sniff secure traffic out of an encrypted web browser session
* Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more

The world's best hackers are using Python to do their handiwork. Shouldn't you?

Justin Seitz is a Senior Security Researcher for Immunity, Inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python.

More info:

Publish date: Apr 30, 2009
Added to Scribd: Aug 01, 2009
Copyright:Traditional Copyright: All rights reservedISBN:9781593271923
List Price: $31.95 Buy Now

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
See more
See less

09/16/2013

220

9781593271923

$31.95

USD

pdf

You're Reading a Free Preview
Pages 5 to 19 are not shown in this preview.
You're Reading a Free Preview
Pages 24 to 119 are not shown in this preview.
You're Reading a Free Preview
Page 124 is not shown in this preview.
You're Reading a Free Preview
Pages 129 to 184 are not shown in this preview.
You're Reading a Free Preview
Pages 189 to 220 are not shown in this preview.

Activity (19)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
laokoontas liked this
ihsan404 liked this
voxdata liked this
Enes Ergün liked this
lras1 liked this
hachulho liked this
putumahesaputra liked this
fatullahdonie liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->