Python for Offensive PenTest

By : Khrais

3.4 (7)

Buy this Book

Python for Offensive PenTest

3.4 (7)

By: Khrais

Buy this Book

Overview of this book

Python is an easy-to-learn and cross-platform programming language that has unlimited third-party libraries. Plenty of open source hacking tools are written in Python, which can be easily integrated within your script. This book is packed with step-by-step instructions and working examples to make you a skilled penetration tester. It is divided into clear bite-sized chunks, so you can learn at your own pace and focus on the areas of most interest to you. This book will teach you how to code a reverse shell and build an anonymous shell. You will also learn how to hack passwords and perform a privilege escalation on Windows with practical examples. You will set up your own virtual hacking environment in VirtualBox, which will help you run multiple operating systems for your testing environment. By the end of this book, you will have learned how to code your own scripts and mastered ethical hacking from scratch.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Free Chapter

Warming up – Your First Antivirus-Free Persistence Shell

Preparing the attacker machine

Preparing the target machine

TCP reverse shell

HTTP reverse shell

Persistence

Tuning the connection attempts

Tips for preventing a shell breakdown

Countermeasures

Summary

Advanced Scriptable Shell

Dynamic DNS

Interacting with Twitter

Replicating Metasploit's screen capturing

Replicating Metasploit searching for content

Integrating low-level port scanner

Summary

Password Hacking

Antivirus free keylogger

Hijacking KeePass password manager

Man in the browser

Firefox API hooking with Immunity Debugger

Python in Firefox proof of concept (PoC)

Python in Firefox EXE

Dumping saved passwords out of Google Chrome

Submitting the recovered password over HTTP session

Password phishing – DNS poisoning

Facebook password phishing

Countermeasures

Summary

Catch Me If You Can!

Bypassing host-based firewalls

Bypassing reputation filtering in next generation firewalls

Bypassing botnet filtering

Summary

Miscellaneous Fun in Windows

Privilege escalation – weak service file

Privilege escalation – preparing vulnerable software

Privilege escalation – backdooring legitimate windows service

Privilege escalation – creating a new admin account and covering the tracks

Summary

Abuse of Cryptography by Malware

Introduction to encryption algorithms

Protecting your tunnel with AES – stream mode

Protecting your tunnel with RSA

Hybrid encryption key

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

3.4 (7)

5 star

42.9%

4 star

14.3%

3 star

2 star

28.6%

1 star

14.3%

Privilege escalation – backdooring legitimate windows service

In this section, we will code a malicious service file to replace the legitimate one. Now, in order to replace the service file, our new malicious service file should be able to communicate with Windows service control manager. For instance, when you manually Start, Stop, Pause, or Resume the service, the Windows service control manager will send a signal or order to the EXE service file and in return, the service file should usually obey the service control manager's order. If, for any reason, the service file or the EXE file did not understand that signal, then the service control manager will fail to start the service and you will get an error saying The service did not respond to the start or control request in a timely fashion.

Now, let's jump to the code:

# Python For Offensive PenTest

# Backdooring...

Your notes and bookmarks

Python for Offensive PenTest

By : Khrais

Python for Offensive PenTest

By: Khrais

Overview of this book

Delete Bookmark