Monthly Archives: March 2014

The Power of Python

29 Saturday Mar 2014

Posted by in Computer Security, Hacking, Pen-testing, Python

Leave a comment

Tags

, , , ,

I am often asked by CS students interested in a career of pen-testing, what programming language they should learn?  Is there one that is best suited for pen-testing?  My answer is Python — hands down.  It is a very easy language to learn and it is very powerful.  When a pen-tester in the field needs to whip up an automated tool, it is usually done in Python because it is fairly easy to code up working prototypes on the fly.  I will demonstrate by whipping up a Python key-logger in just a moment.

Another reason you should learn Python is that many pen-testing tools are written in Python.  So if you ever need to take an existing tool and extend its capability, you will have to understand the Python language.  Python is also available on many pen-testing platforms such as BackTrack and Kali linux.

As I said, learning Python is very easy because it is a well documented programming language.  Almost everything you need to learn the language is available at python.org.  There are also very good tutorials available here and here.  Once you get the basics down, you will be amazed at the tools you can create.  Allow me to demonstrate with a simple Python key-logger:

First, a word of warning.  This key-logger only works on Windows machines and it will log every key stroke a user presses.  Please do not load this key-logger on anybody’s machine but your own.  This key-logger is for educational purposes only.  Besides, it is not very stealthy.

Next, you will need to install Python on your Windows machine.  You can download Python here.  I am using Python 2.7.6 for a Windows 7 64-bit machine.  Python 2.7.6 is pretty stable so I prefer it to versions 3.x.  Be sure you select the proper installer for your Windows machine (i.e. 32-bit or 64-bit).

After installing Python, you will need to install a library called pyHook.  pyHook is a wrapper for global input hooks in Windows.  It wraps the Windows SetWindowsHookEx API.  You can get the appropriate version for your version of Python and Windows 32-bit or 64-bit versions here.  Scroll all the way down until you get to the pyHook section.  For my machine, I installed the pyHook‑1.5.1.win‑amd64‑py2.7.exe version.

After installing pyHook, fire up a command prompt (cmd.exe) and cd into the C:\Python27 directory, then type ‘python’ at the prompt (without the quotes) you should see:

Screen Shot 2014-03-29 at 8.52.56 PM

the three right angle brackets (>>>) is the prompt for python.  Type ‘import pyHook’ then enter.  You should see no errors if pyHook installed correctly:

Screen Shot 2014-03-29 at 8.55.40 PM

You are now good to go.  Fire up your favorite editor.  You could use notepad.exe but it is much better to use an editor that recognizes Python syntax.  A good one is notepad++ or my favorite is Vim.

Before coding up the key-logger, I visited the documentation page to learn how to use pyHook.  You should too.  Play with pyHook from the Python command shell to get a feel for what you can do with it; see if you can cobble your own key logger together before looking at my implementation.  If you need further hints, see this pyHook wiki.

Here is my implementation:

Screen Shot 2014-03-29 at 9.10.40 PM

That is it!  It only took about 20 lines of code!  That is the power of Python.  To run your key-logger, make sure you are in your Python directory (usually C:\Python27) and type the name of your key-logger (I named mine logger.py):

Screen Shot 2014-03-29 at 9.15.40 PM

Now open up another command prompt and type, ‘dir’, and ‘whoami’.

Screen Shot 2014-03-29 at 9.18.30 PM

Open up notepad and type anything you want:

Screen Shot 2014-03-29 at 9.21.30 PM

Once you are done, your logging file should contain every key you typed:

Screen Shot 2014-03-29 at 9.27.53 PM

With a little reading and some practice, Python can help you become that evil genius you’ve always aspired to be.  That is the power of Python.

 

 

Spring has Sprung in Albuquerque

21 Friday Mar 2014

Posted by in Current Events, Random Stuff

Leave a comment

Tags

,

photo

Spring got off to a great start today.  We were 72 and sunny.  To my friends back East who endured the most miserable winter in recent memory, this stuff is wending its way to you… hang in there.

The tree in the above photo is a Russian olive tree.  I don’t recall why we decided to get a Russian olive tree — I mean I love olives and I always wanted an olive tree but the Russian olive tree produces no olives.  I have no idea what purpose a Russian olive tree serves.  Well, I don’t care what it does as long as it doesn’t annex my house or my Mustang.  There will be sanctions if it does.

Just Three Steps to Success

09 Sunday Mar 2014

Posted by in Algorithms, Research, Success

Leave a comment

Tags

, , , , , ,

I am a computer scientist and I love designing algorithms to solve problems; a series of steps or instructions that one executes until there is a solution.  Wouldn’t it be great to write an algorithm for success — what ever success means for you?  Given a set of inputs, and a set of instructions, that if acted upon correctly and faithfully,  you achieve a successful solution to you problem(s) or in meeting your goal(s).

The above thought actually stems from my concerns and fears of taking on a Principal Investigator role to a research project — a very hard problem with no guarantee of a solution.  Pretty scary venture, right?  I want the project to be successful.  While formulating a team and a plan of attack, I began seeking models of successful project management in the literature.  I thought back on my own successful accomplishments — obtaining a job as a radio announcer, earning a computer science degree, obtaining the rank of Eagle Scout, starting a new career, accepting a job, and moving from one end of the continent to the other, … what did I do consistently that ensured success?

Upon reflection, I discovered that there are three key steps to any successful endeavor.  I could be wrong, but this is based on my own experience.  Therefore, I reserve the right to be wrong.

  1. The first step is a leap of faith.  Accomplishing my goals required some faith that I would succeed even though I could fail.  Despite any fear, I took small steps and built my confidence attempting to get from “here” to “there” — and I wasn’t guaranteed there would even be a there, there.
  2. The second step is personal doubt.  This is the phase of your journey where you feel you have hit a brick wall, you hit rock bottom, and you feel that there is no possible way to go any further.  You are frustrated.  Stymied.  Addled.  This is the point where you may start to feel like giving up — and most people do at this point.  However, I argue that this period of perplexity is a good thing.  It means you are tackling a very hard problem and hard problems yield great rewards.  This is not the time to quit but the time to begin.  You may need to begin by stepping back from the problem.  Take the weekend off.  Don’t think about it.  Do something else; go for a run, play golf, whatever you consider fun to do.  This gives your subconscious some time to work on the problem without your interference.  Ever have an idea suddenly spring out of nowhere?  It usually happens when you are in the shower, on the john, or at 3 A.M.  I believe this is the work of your subconscious; just make sure you have a notebook to write down what ever that flash of inspiration is.  After this period of incubation, you can start fresh.
  3. The third step is perseverance.  This is where you “gut it out”, keep at it to get past your time of doubt.  The key is to start somewhere.  Anywhere.  If you got a flash of inspiration during the incubation or break, start with that.  Otherwise formulate a hypothesis and try it.  Most likely it will be wrong.  But you will learn something.  Apply what you learned in a new hypothesis, try and fail again.  Like a smart missile, you constantly course-correct until you reach your target.

Well, there you have it.  A simple algorithm for success.  The algorithm may be simple; performing it will be hard but you can do it.  All you need to do is take that first step.

Does the End Justify the Means?

08 Saturday Mar 2014

Posted by in Philosophy

Leave a comment

Tags

, ,

In the long run we are all dead…

John Maynard Keynes*

In the end we are all dead.

It is sad when people die before their time: JFK, MLK, John Lennon, Steve Jobs, my father… way too many people to list here.   However, if you really think about it, that person would have died anyway — if not today then one day down the road.

In a way, the very first sentence does take a lot of pressure off of us.  Instead of rushing to accomplish and get everything done before the final deadline, we should remember to enjoy the now.  It is the little moments of joy we should take time to treasure; it is in the here and now that we should make our lives a life worth living and remembering.

Your time is limited, so don’t waste it living someone else’s life.

Steve Jobs (The lost interviews)

To paraphrase Abraham Lincoln, another expert in going before his time: It is doing things that are worth remembering or writing things worth reading that will give us a shot at immortality.

* The full quote is: “In the long run we are all dead. Economists set themselves too easy, too useless a task if in tempestuous seasons they can only tell us that when the storm is long past the ocean is flat again.”