Book Image

Python Ethical Hacking from Scratch

By : Fahad Ali Sarwar
Book Image

Python Ethical Hacking from Scratch

By: Fahad Ali Sarwar

Overview of this book

Penetration testing enables you to evaluate the security or strength of a computer system, network, or web application that an attacker can exploit. With this book, you'll understand why Python is one of the fastest-growing programming languages for penetration testing. You'll find out how to harness the power of Python and pentesting to enhance your system security. Developers working with Python will be able to put their knowledge and experience to work with this practical guide. Complete with step-by-step explanations of essential concepts and practical examples, this book takes a hands-on approach to help you build your own pentesting tools for testing the security level of systems and networks. You'll learn how to develop your own ethical hacking tools using Python and explore hacking techniques to exploit vulnerabilities in networks and systems. Finally, you'll be able to get remote access to target systems and networks using the tools you develop and modify as per your own requirements. By the end of this ethical hacking book, you'll have developed the skills needed for building cybersecurity tools and learned how to secure your systems by thinking like a hacker.

Related Content you might be interested in

Current Title:

Small book image
Python Ethical Hacking from Scratch
Fahad Ali Sarwar
Jun, 2021 | 214 pages
Small book image
Learn Ethical Hacking from Scratch.
Zaid Sabih
Jul, 2018 | 564 pages
Small book image
Applied Network Security
Michael McLafferty | Warun Levesque | Arthur Salmon
Apr, 2017 | 350 pages
Small book image
Python for Offensive PenTest
Hussam Khrais
Apr, 2018 | 176 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: The Nuts and Bolts of Ethical Hacking – The Basics
Section 1: The Nuts and Bolts of Ethical Hacking – The Basics
Free Chapter
2
Chapter 1: Introduction to Hacking
Chapter 1: Introduction to Hacking
What's all the fuss about hackers?
What is hacking?
Becoming a successful hacker
Types of hackers
Hacking phases and methodology
Careers in cybersecurity
Types of attacks
Summary
3
Chapter 2: Getting Started – Setting Up a Lab Environment
Chapter 2: Getting Started – Setting Up a Lab Environment
Technical requirements
Setting up VirtualBox
Installing virtual OSes
Installing Python
Integrated development environment
Setting up networking
Updating Kali
Using virtual environments
Summary
4
Section 2: Thinking Like a Hacker – Network Information Gathering and Attacks
Section 2: Thinking Like a Hacker – Network Information Gathering and Attacks
5
Chapter 3: Reconnaissance and Information Gathering
Chapter 3: Reconnaissance and Information Gathering
What is a computer network?
Components of a basic computer network
Classifying network
Network stack
Network entities
Protection
Changing our MAC address
Summary
6
Chapter 4: Network Scanning
Chapter 4: Network Scanning
Introduction to networking
Introduction to Scapy
Network scanner using Scapy
Summary
7
Chapter 5: Man in the Middle Attacks
Chapter 5: Man in the Middle Attacks
Why do we need ARP?
Building an ARP spoof program
Monitoring traffic
Encrypted traffic
Restoring ARP tables manually
Decrypting the network traffic
Summary
8
Section 3: Malware Development
Section 3: Malware Development
9
Chapter 6: Malware Development
Chapter 6: Malware Development
Understanding RATs
Socket programming in Python
Creating malware
Running commands remotely on the victim's machine
Navigating directories
Summary
10
Chapter 7: Advanced Malware
Chapter 7: Advanced Malware
Building a keylogger file transfer
Taking screenshots
Keylogger
Summary
11
Chapter 8: Post Exploitation
Chapter 8: Post Exploitation
Packaging the malware
Understanding trojans
Attack over a public IP
Cracking passwords
Stealing passwords
Creating botnets
Summary
12
Chapter 9: System Protection and Perseverance
Chapter 9: System Protection and Perseverance
Persistence system protection
Bypassing an IDS
Persistence
Summary
Why subscribe?
13
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Types of attacks

There are several different types of cyber-attacks depending on how they are executed. The nature of these attacks can vary depending on various factors such as the intentions of the attacker and the tools that are used for the attack. More often than not, the purpose of these attacks is to either gain complete control of the system, to steal sensitive information, or both.

System control

Attacks would often like to take charge of the victim's computer and play around with it. This could either mean rendering the system useless for the victim or making a stealth attempt to gain access without the victim knowing about it. A very famous set of attacks in this category are called remote access tool attacks. These attacks provide the attacker with complete or near-complete control of the victim's PC remotely. We have already discussed forward and reverse shells, which are used for these purposes quite frequently.

Social engineering

Another popular kind of attack that often requires little to no technical knowledge is social engineering. In simple terms, social engineering means manipulating or tricking someone into giving you the information. Instead of writing lengthy code and exploiting technical weaknesses of the system, you can simply trick the person into giving you information to carry out a cyber-attack. There are two fundamental aspects of cybersecurity: one is a technical aspect and the other is a human aspect. A security system is as good as its weakest link. More often than not, the weakest link in the security of the system is people. No system is secure if you have the key to breaking it. Social engineering is not as simple as it seems. It requires patience and attention to detail. Some of the more common social engineering tricks are explained next.

Baiting

Baiting simply means luring the target to bait and then waiting for the target to make a mistake. For example, hackers often drop USB drives filled with malware near the offices of organizations and wait until some employee gets curious and plugs the USB into their computer. Once they do so, the rest of the job is done by the malware.

Phishing

Phishing is an attack technique in which attackers impersonate someone the target trusts. Usually, they try to take advantage of people's interests. For example, if someone is a football fan, they are more likely to open an email or a link related to the topic of football and thus provide the attacker with a means to attack the victim. A common example of this attack is clone websites hosted by the attacker. An attacker would send a fake link to the target that resembles a website known to the target. However, the website will be hosted by the attacker and instead of going to the real website, the target will be directed to this website. These cloned websites look very similar to the original ones and if you are not careful, it is very hard to distinguish. Since this cloned website is operated by the hacker, any data that the user enters goes to the hacker. A good way to detect these fake websites is to check the website name along with the protocol. A real website will mostly operate on the https protocol.

Previous Section
End of Section 8
Next Section