Tag Archives: Python

The Power of Python

29 Saturday Mar 2014

Posted by in Computer Security, Hacking, Pen-testing, Python

Leave a comment

Tags

, , , ,

I am often asked by CS students interested in a career of pen-testing, what programming language they should learn?  Is there one that is best suited for pen-testing?  My answer is Python — hands down.  It is a very easy language to learn and it is very powerful.  When a pen-tester in the field needs to whip up an automated tool, it is usually done in Python because it is fairly easy to code up working prototypes on the fly.  I will demonstrate by whipping up a Python key-logger in just a moment.

Another reason you should learn Python is that many pen-testing tools are written in Python.  So if you ever need to take an existing tool and extend its capability, you will have to understand the Python language.  Python is also available on many pen-testing platforms such as BackTrack and Kali linux.

As I said, learning Python is very easy because it is a well documented programming language.  Almost everything you need to learn the language is available at python.org.  There are also very good tutorials available here and here.  Once you get the basics down, you will be amazed at the tools you can create.  Allow me to demonstrate with a simple Python key-logger:

First, a word of warning.  This key-logger only works on Windows machines and it will log every key stroke a user presses.  Please do not load this key-logger on anybody’s machine but your own.  This key-logger is for educational purposes only.  Besides, it is not very stealthy.

Next, you will need to install Python on your Windows machine.  You can download Python here.  I am using Python 2.7.6 for a Windows 7 64-bit machine.  Python 2.7.6 is pretty stable so I prefer it to versions 3.x.  Be sure you select the proper installer for your Windows machine (i.e. 32-bit or 64-bit).

After installing Python, you will need to install a library called pyHook.  pyHook is a wrapper for global input hooks in Windows.  It wraps the Windows SetWindowsHookEx API.  You can get the appropriate version for your version of Python and Windows 32-bit or 64-bit versions here.  Scroll all the way down until you get to the pyHook section.  For my machine, I installed the pyHook‑1.5.1.win‑amd64‑py2.7.exe version.

After installing pyHook, fire up a command prompt (cmd.exe) and cd into the C:\Python27 directory, then type ‘python’ at the prompt (without the quotes) you should see:

Screen Shot 2014-03-29 at 8.52.56 PM

the three right angle brackets (>>>) is the prompt for python.  Type ‘import pyHook’ then enter.  You should see no errors if pyHook installed correctly:

Screen Shot 2014-03-29 at 8.55.40 PM

You are now good to go.  Fire up your favorite editor.  You could use notepad.exe but it is much better to use an editor that recognizes Python syntax.  A good one is notepad++ or my favorite is Vim.

Before coding up the key-logger, I visited the documentation page to learn how to use pyHook.  You should too.  Play with pyHook from the Python command shell to get a feel for what you can do with it; see if you can cobble your own key logger together before looking at my implementation.  If you need further hints, see this pyHook wiki.

Here is my implementation:

Screen Shot 2014-03-29 at 9.10.40 PM

That is it!  It only took about 20 lines of code!  That is the power of Python.  To run your key-logger, make sure you are in your Python directory (usually C:\Python27) and type the name of your key-logger (I named mine logger.py):

Screen Shot 2014-03-29 at 9.15.40 PM

Now open up another command prompt and type, ‘dir’, and ‘whoami’.

Screen Shot 2014-03-29 at 9.18.30 PM

Open up notepad and type anything you want:

Screen Shot 2014-03-29 at 9.21.30 PM

Once you are done, your logging file should contain every key you typed:

Screen Shot 2014-03-29 at 9.27.53 PM

With a little reading and some practice, Python can help you become that evil genius you’ve always aspired to be.  That is the power of Python.

 

 

Quine Quandary

23 Monday Dec 2013

Posted by in Computer Science, Philosophy, Quine programs

1 Comment

Tags

, , , ,

While at a Christmas party, I met a Computer Science undergrad currently earning his degree at UNM.  He was having trouble grappling Quine programs.  A Quine program is a computer program that takes in no input, and produces a copy of its own source code as the only output.  That is — self-replicating code.  It is not as easy to explain as one might think, and my poor crude attempts at doing so only confused this poor CS student further.  To my defense, I used examples you can find online, but many of these examples are not very intuitive to understand.  Take for example this Quine written in Python:

s='s=%r;print s%%s,';print s%s,

Fire up a Python interpreter and try it out. It simply prints that exact line you typed in.  Unless you are very familiar with Python strings and the string formatting codes, it is hard to see how this program works.  But it is essentially, defining a string s, then using that string itself to replicate.  Here is a Quine written in the old Kernigan and Ritchie C style:

main(){char*s="main(){char*s=%c%s%c;printf(s,34,s,34);}";printf(s,34,s,34);}

I don’t believe it will compile with today’s C99 or better compilers, which don’t allow programmers to implicitly call the printf function with out using:

#include <stdio.h>

Again, the C program is not any more intuitive to understand than the Python example.  So today, my goal is to write a Quine program in C that is easier for me to explain by example.  Instead of using printf format strings, I am going to leverage the power of a computer’s ability to represent C source code as data.  The goal is to take the data representation of the source code and print it, then translate the data into the ASCII high-level source code and print that.  After some trial and error, here is what I came up with:

#include <stdio.h>

int
main (void)
{
    unsigned int i;

    printf("const unsigned char data[] = {");
    for (i = 0; i<sizeof(data); i++)
    {
        if (i%8 == 0)
            printf("\n");
        printf("%0#4x,", data[i]);    
    }
    printf("\n};\n\n");
    for (i = 0; i<sizeof(data); i++)
        putchar(data[i]);
    return 0;
}

The above is my partial program so far.  There are two for-loops.  The first loop will iterate through a byte array called data, which I have not defined yet because this data array will contain the hexadecimal representation of this ASCII code (i.e. everything from the #include to the last right curly-brace at the bottom).

The second for-loop takes that same data array and uses the C library putchar that will translate the hexadecimal representation into an ASCII character, which will give us all that C code from the #include to the last right curly-brace at the bottom.  In other words: this source code will print an exact copy of the data array and our source code when executed.

Next, we need to translate our C code into the byte array data and place it at the top of our program (before the #include statement in the source above).  It should look like this:

const unsigned char data[] = {
0x23,0x69,0x6e,0x63,0x6c,0x75,0x64,0x65,
0x20,0x3c,0x73,0x74,0x64,0x69,0x6f,0x2e,
0x68,0x3e,0x0a,0x0a,0x69,0x6e,0x74,0x0a,
0x6d,0x61,0x69,0x6e,0x20,0x28,0x76,0x6f,
0x69,0x64,0x29,0x0a,0x7b,0x0a,0x20,0x20,
0x20,0x20,0x75,0x6e,0x73,0x69,0x67,0x6e,
0x65,0x64,0x20,0x69,0x6e,0x74,0x20,0x69,
0x3b,0x0a,0x20,0x20,0x20,0x20,0x0a,0x20,
0x20,0x20,0x20,0x70,0x72,0x69,0x6e,0x74,
0x66,0x28,0x22,0x63,0x6f,0x6e,0x73,0x74,
0x20,0x75,0x6e,0x73,0x69,0x67,0x6e,0x65,
0x64,0x20,0x63,0x68,0x61,0x72,0x20,0x64,
0x61,0x74,0x61,0x5b,0x5d,0x20,0x3d,0x20,
0x7b,0x22,0x29,0x3b,0x0a,0x20,0x20,0x20,
0x20,0x66,0x6f,0x72,0x20,0x28,0x69,0x20,
0x3d,0x20,0x30,0x3b,0x20,0x69,0x3c,0x73,
0x69,0x7a,0x65,0x6f,0x66,0x28,0x64,0x61,
0x74,0x61,0x29,0x3b,0x20,0x69,0x2b,0x2b,
0x29,0x0a,0x20,0x20,0x20,0x20,0x7b,0x0a,
0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
0x69,0x66,0x20,0x28,0x69,0x25,0x38,0x20,
0x3d,0x3d,0x20,0x30,0x29,0x0a,0x20,0x20,
0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
0x20,0x20,0x70,0x72,0x69,0x6e,0x74,0x66,
0x28,0x22,0x5c,0x6e,0x22,0x29,0x3b,0x0a,
0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
0x70,0x72,0x69,0x6e,0x74,0x66,0x28,0x22,
0x25,0x30,0x23,0x34,0x78,0x2c,0x22,0x20,
0x64,0x61,0x74,0x61,0x5b,0x69,0x5d,0x29,
0x3b,0x20,0x20,0x20,0x20,0x0a,0x20,0x20,
0x20,0x20,0x7d,0x0a,0x20,0x20,0x20,0x20,
0x70,0x72,0x69,0x6e,0x74,0x66,0x28,0x22,
0x5c,0x6e,0x22,0x7d,0x3b,0x5c,0x6e,0x5c,
0x6e,0x22,0x29,0x3b,0x0a,0x20,0x20,0x20,
0x20,0x66,0x6f,0x72,0x20,0x28,0x69,0x20,
0x3d,0x20,0x30,0x3b,0x20,0x69,0x3c,0x73,
0x69,0x7a,0x65,0x6f,0x66,0x28,0x64,0x61,
0x74,0x61,0x29,0x3b,0x20,0x69,0x2b,0x2b,
0x29,0x0a,0x20,0x20,0x20,0x20,0x20,0x20,
0x20,0x20,0x70,0x75,0x74,0x63,0x68,0x61,
0x72,0x28,0x64,0x61,0x74,0x61,0x5b,0x69,
0x5d,0x29,0x3b,0x0a,0x20,0x20,0x20,0x20,
0x72,0x65,0x74,0x75,0x72,0x6e,0x20,0x30,
0x3b,0x0a,0x7d,0x0a,
};

Now, how did I get the above?  Well, we can use an ASCII table and transcribe our C source above by hand… # = 0x23, i = 0x69, n = 0x6E, c = 0x63, l = 0x6C, u = 0x75, d = 0x64, e = 0x65, spaces = 0x20, newlines = 0x0A, etc.  That is a lot of work.  Being a lazy computer scientist, I wrote the following python script to do it for me:

import sys

f = open(sys.argv[1], 'r')

s = ''
for line in f:
    for l in line:
        s += '0x%02x' % ord(l)
        s += ','

s += '0x0a,'
step = 40
for i in range(0, len(s), step):
    line = s[i:i+step]
    print line

In the above, you pass in the C file of our first code listing above, and it prints to the screen:

0x23,0x69,0x6e,0x63,0x6c,0x75,0x64,0x65,
0x20,0x3c,0x73,0x74,0x64,0x69,0x6f,0x2e,
0x68,0x3e,0x0a,0x0a,0x69,0x6e,0x74,0x0a,
0x6d,0x61,0x69,0x6e,0x20,0x28,0x76,0x6f,
0x69,0x64,0x29,0x0a,0x7b,0x0a,0x20,0x20,
0x20,0x20,0x75,0x6e,0x73,0x69,0x67,0x6e,
0x65,0x64,0x20,0x69,0x6e,0x74,0x20,0x69,
0x3b,0x0a,0x20,0x20,0x20,0x20,0x0a,0x20,

<-------snipped----------------------->

0x28,0x64,0x61,0x74,0x61,0x29,0x3b,0x20,
0x69,0x2b,0x2b,0x29,0x0a,0x20,0x20,0x20,
0x20,0x20,0x20,0x20,0x20,0x70,0x75,0x74,
0x63,0x68,0x61,0x72,0x28,0x64,0x61,0x74,
0x61,0x5b,0x69,0x5d,0x29,0x3b,0x0a,0x20,
0x20,0x20,0x20,0x72,0x65,0x74,0x75,0x72,
0x6e,0x20,0x30,0x3b,0x0a,0x7d,0x0a,

You can copy and paste that into your

const unsigned char data[] = {

},

block and put that above the #include of the first code listing above.  I used Eclipse-C++ to code and run my program.  Upon execution the program should print to the console:

const unsigned char data[] = {
0x23,0x69,0x6e,0x63,0x6c,0x75,0x64,0x65,
0x20,0x3c,0x73,0x74,0x64,0x69,0x6f,0x2e,
0x68,0x3e,0x0a,0x0a,0x69,0x6e,0x74,0x0a,
0x6d,0x61,0x69,0x6e,0x20,0x28,0x76,0x6f,
0x69,0x64,0x29,0x0a,0x7b,0x0a,0x20,0x20,
0x20,0x20,0x75,0x6e,0x73,0x69,0x67,0x6e,
0x65,0x64,0x20,0x69,0x6e,0x74,0x20,0x69,
0x3b,0x0a,0x20,0x20,0x20,0x20,0x0a,0x20,
0x20,0x20,0x20,0x70,0x72,0x69,0x6e,0x74,
0x66,0x28,0x22,0x63,0x6f,0x6e,0x73,0x74,
0x20,0x75,0x6e,0x73,0x69,0x67,0x6e,0x65,
0x64,0x20,0x63,0x68,0x61,0x72,0x20,0x64,
0x61,0x74,0x61,0x5b,0x5d,0x20,0x3d,0x20,
0x7b,0x22,0x29,0x3b,0x0a,0x20,0x20,0x20,
0x20,0x66,0x6f,0x72,0x20,0x28,0x69,0x20,
0x3d,0x20,0x30,0x3b,0x20,0x69,0x3c,0x73,
0x69,0x7a,0x65,0x6f,0x66,0x28,0x64,0x61,
0x74,0x61,0x29,0x3b,0x20,0x69,0x2b,0x2b,
0x29,0x0a,0x20,0x20,0x20,0x20,0x7b,0x0a,
0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
0x69,0x66,0x20,0x28,0x69,0x25,0x38,0x20,
0x3d,0x3d,0x20,0x30,0x29,0x0a,0x20,0x20,
0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
0x20,0x20,0x70,0x72,0x69,0x6e,0x74,0x66,
0x28,0x22,0x5c,0x6e,0x22,0x29,0x3b,0x0a,
0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,
0x70,0x72,0x69,0x6e,0x74,0x66,0x28,0x22,
0x25,0x30,0x23,0x34,0x78,0x2c,0x22,0x20,
0x64,0x61,0x74,0x61,0x5b,0x69,0x5d,0x29,
0x3b,0x20,0x20,0x20,0x20,0x0a,0x20,0x20,
0x20,0x20,0x7d,0x0a,0x20,0x20,0x20,0x20,
0x70,0x72,0x69,0x6e,0x74,0x66,0x28,0x22,
0x5c,0x6e,0x22,0x7d,0x3b,0x5c,0x6e,0x5c,
0x6e,0x22,0x29,0x3b,0x0a,0x20,0x20,0x20,
0x20,0x66,0x6f,0x72,0x20,0x28,0x69,0x20,
0x3d,0x20,0x30,0x3b,0x20,0x69,0x3c,0x73,
0x69,0x7a,0x65,0x6f,0x66,0x28,0x64,0x61,
0x74,0x61,0x29,0x3b,0x20,0x69,0x2b,0x2b,
0x29,0x0a,0x20,0x20,0x20,0x20,0x20,0x20,
0x20,0x20,0x70,0x75,0x74,0x63,0x68,0x61,
0x72,0x28,0x64,0x61,0x74,0x61,0x5b,0x69,
0x5d,0x29,0x3b,0x0a,0x20,0x20,0x20,0x20,
0x72,0x65,0x74,0x75,0x72,0x6e,0x20,0x30,
0x3b,0x0a,0x7d,0x0a,
};

#include 

int
main (void)
{
unsigned int i;printf("const unsigned char data[] = {");
for (i = 0; i<sizeof(data); i++)
    {
        if (i%8 == 0)
            printf("\n");
        printf("%0#4x," data[i]);    
    }
    printf("\n"};\n\n");
    for (i = 0; i<sizeof(data); i++)
        putchar(data[i]);
    return 0;
}

You should be able to copy and paste the print out into an IDE, compile and run it.  Quines are pretty neat.  I enjoyed this little exercise.  It made me think about levels of meaning; about values and their representations.  Computers and programs can’t differentiate between data and code.  It is the context that determines when data is meant to be interpreted as code instead of data, and when code is meant to be data (e.g. when downloading a binary file from the Internet).  This is an important concept in computer security.  It is the fact that we can use data as code that makes shellcode exploits possible.

“Yields falsehood when preceded by its quotation” yields falsehood when preceded by its quotation.

–Quine’s paradox

Computer Science Education Week December 9 – 15

07 Saturday Dec 2013

Posted by in Computer Science, Learning, Programming

1 Comment

Tags

, , , ,

Teaching students programming and computer science one hour of code at a time.  Here is the official site where you can learn how to become involved.   I thought I would take an opportunity here to make my contribution.  In this lesson, I will use as my guide, a great introductory to Computer Science (CS) text, often referred to as the “purple” book, or the “wizard” book.

What is Computer Science?

Computer science is really a misnomer.  It is not a science.  We don’t study a system, observe phenomena, and run experiments to validate a hypothesis.  Computer science is not a study of computers anymore than biology is the study of microscopes.  A computer is simply a tool.  And computational devices come in many different forms.  There are the silicon-based binary gadgets that you use everyday, like laptops, tablets, and smart phones.  But they are poor imitations of the most powerful computing device ever created: the human being.  We are a bio-mechanical machine, performing our computations in base 10.  And of course, we are capable of much, much more.

Declarative and Imperative Knowledge

Computer science is not a science; it is more of an art — an engineering practice.  Computer science is really about knowledge.  The knowledge of how to do something: solve a problem, perform a task in a methodical, mechanical process.  This process is called imperative knowledge.  It is the knowledge of how to do something.  Declarative knowledge, on the other hand, deals with the facts.  Let me illustrate with an example found in the purple book.

Example: Square Roots by Newton’s Method

An example of declarative knowledge:

The above is a fact about square roots.  You can find it in any basic math text.  In words: the square root of any number x, is a number y, where y is a positive number, and if I multiply y by itself.  I get x.  For example: let x be 4, then y must be 2 because 2 times 2 equals 4.  You can reason the same for 16, or even 625.  Larger numbers are harder.  You may have to make some educated guesses before you stumble upon the correct answer.
Well, that is all fine and dandy.  But what if you were given: \sqrt{2} ?  How can we use the above declarative knowledge to figure that out?  And that is the problem of declarative knowledge.  It doesn’t tell you how to calculate the square root of 2 — or how to find the square root of any number.  The declarative statement can only tell you how to recognize a square root if you saw one.

Newton’s Method

To solve the square root of any number, we will use a very old algorithm called Newton’s method.  Ironically, the method starts with a wild-ass guess (a WAG, we call it in the scientific and engineering community).  Then we refine our guess with successive approximations until we get to an answer that is good enough for government work.  Let’s construct our algorithm based on Newton’s method:

To find the approximation of the square root of x:

  1. Make a guess G
  2. Improve guess G by averaging G and x/G
  3. Keep improving until the guess is good enough.

Simple, right?  Don’t take my word for it.  Try it out.

table

Compare the 1.4142 with your calculator’s square root button.  You should see the 1.4142 plus a bunch of other numbers.  We solved out to four decimal places (to the 10-thousandths place), and that is good enough for us.

Now let us write this out as a recipe of instructions:

Square Root X:

  1. Make a guess G
  2. Is it good enough?:  absolute_value(G*G – X) < 0.0001 then G is the answer and we can stop; otherwise go to next step
  3. Improve guess G: G = (G + X/G)/2
  4. Repeat step 2.

So let’s step through our recipe.  First make a Scientific Wild-ass Guess.

Next we test our guess by, first squaring our guess and subtracting that guess with X.  We take the absolute value because your guess may be less than the square.  For example, in the square root of 2, our first guess was 1.  1 – 2 = -1 and we don’t want a negative number because we are measuring the distance between our guess and the perfect square X.  And since negative distances don’t make sense, we take the absolute value, which means we first remove the negative sign, and then see if the answer is within some threshold of tolerance.  In this case, less than one-ten-thousandths.  Or put another way, we will keep refining our guesses until we calculate the square root to four decimal places.  If our guess is less than our threshold, then we stop and G is our answer.  If not, we go to step three to improve our guess and repeat the process.

Try our recipe above out with a piece of paper and a calculator and see if you get the same results as in the table above, if you let X = 2.

If you made it this far, my dear reader, I want to congratulate you.  Together we wrote a computer program.  Our program is not in a traditional computer language like C, or C++, or even Python.  But it is in the language of English and math.  Any reasonably intelligent human computer, with some knowledge of middle school, or high school math should be able to follow our recipe (algorithm) and effectively become the square root button on a calculator.

I hope the above example gives you an idea of what programming and computer science is about.  Now, if you really want to learn a programming language, first pick a language and a site you can learn from.  I recommend code academy and the language of Python.  Python is very easy to learn.  Once you get the basics and the syntax down, see if you can take our little recipe above and translate it into your new language, and get a computer to do all this hard math stuff for us.

Related articles