Overview of Python Flying made simple without the Nyquil hangover
Preview:
Citation preview
- Slide 1
- Overview of Python Flying made simple without the Nyquil
hangover
- Slide 2
- Agenda About me History of Python About Python Pythons uses
Python basics (Python 101) CSAW Crypto Redux Extra credit Resources
Tips, tricks, observations
- Slide 3
- Who am I? Husband/father/geek/gets distracted by shiny objects
easy Career path switched to IT in 1999, professionally an IT guy
since 2001 Started the infosec career path switch in 2009,
officially an infosec professional since 2012(?) Vbscript 2007
Python 2011 About me
- Slide 4
- History of Python Conceived in the late 1980s by Guido van
Rossum at CWI. Was designed to be a successor to the ABC
programming language Benevolent Dictator for Life (BDFL) Currently
employed by Google where he spends half his time working on Python
development Python 2.0 was release on October 16 th, 2000 Contained
many major new features Full garbage collector (automatic memory
management) Unicode support Biggest change development process with
a shift towards more transparent and community-backed process
Python 3.0 was released on December 2008 Many major features have
been back ported to Python 2.6 and 2.7
- Slide 5
- About Python What is Python? Python is a general-purpose,
high-level programming language whose design philosophy emphasizes
code readability. Python claims to "[combine] remarkable power with
very clear syntax", and its standard library is large and
comprehensive. Its use of indentation for block delimiters is
unique among popular programming
languages.general-purposehigh-level programming languageuse of
indentation for block delimiters Why is it called Python? When he
began implementing Python, Guido van Rossum was also reading the
published scripts from Monty Pythons Flying Circus, a BBC comedy
series from the 1970s. Van Rossum thought he needed a name that was
short, unique, and slightly mysterious, so he decided to call the
language Python.Monty Pythons Flying Circus Fun fact - The built in
IDE is named after Eric Idle, a member of Monty Python.
- Slide 6
- What is Python good for? Python comes with a large standard
library that covers areas such as; string processing (regular
expressions, Unicode, calculating differences between files)
Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI
programming) software engineering (unit testing, logging,
profiling, parsing Python code) operating system interfaces (system
calls, file systems, TCP/IP sockets) Artificial intelligence
(because of similarities to Lisp) Extensive use in the information
security industry, including exploit development. Network,
debugging and reverse engineering, fuzzing, web, forensics, malware
analysis, PDF, etc. Easy to write short scripts for system admin
work. Python code is easy to understand. Once the basic syntax is
learned, even the most complicated scripts can make sense. Python
is cross platform!! It will work on Linux, Windows, Mac and most
every other OS. Many, many resources and a big, friendly
community
- Slide 7
- Pythons uses
- Slide 8
- Applications BitTorrent DropBox Video games Civilization IV
Battlefield 2 Eve Online Vampire: The Masquerade Bloodlines
Graphics Industrial Light & Magic "The Phantom Menace", "The
Mummy Returns" and other productions as ones where Python was used.
Walt Disney Feature Animation Science NASA National Weather Service
GUI frameworks TKInter PyQt wxPython Embedded as a scripting
language Amarok GIMP Autodesk Maya Commercial uses Google apps
Reddit YouTube Government CIA.gov Python implementations Cpython
IronPython Python for.NET and Mono platforms Jython Python coded in
Java
- Slide 9
- Python basics Indentation does matter This will workBut this
wont if True: print "True" else: print "False if True: print
"Answer" print "True" else: print "Answer" print "False" If, If..
Else, If Elif (no Then) Syntax is easy If statement Else statement
Elif statement if expression: statement(s) if expression:
statement(s) else: statement(s) if expression1: statement(s) elif
expression2: statement(s) else: statement(s) All scripts are
considered modules All functions inside module can be used or only
certain methods can be used inside script Entire modulePartial
method import sys from sys import argv
- Slide 10
- Python basics Help is built in Help on modulesHelp on methods
>>> Import sys, hashlib >>> help(sys)
>>> help(hashlib) >>> pydoc sys >>>
pydoc hashlib >>> Import sys, hashlib >>>
help(sys.argv) >>> help(hashlib.sha512) >>> pydoc
sys.argv >>> pydoc hashlib.sha512 It can be ran
interactively Via command prompt Via IDLE or DreamPie python Python
2.72 Type help, copyright.. >>> IDLE is built in to Python
installs DreamPie is a Python shell (best used on Linux)
- Slide 11
- Inspiration for the idea?
- Slide 12
- Post CSAW CTF
- Slide 13
- Slide 14
- Slide 15
- My approach Post CSAW crypto challenges Each challenge
1.Encrypted message inside script Output is decrypted 2.Encrypted
message can be used as an argument when calling script Output is
decrypted 3.Encrypted message can be read from a file for
decrypting Overall 1.One module for all decrypting, each decryption
style is a method
- Slide 16
- Challenge 1- Unicode Challenge 2 Hex Challenge 3 Binary
Challenge 4 Base64 Challenge 5 ROT13 Challenge 6 - Script option 1
- inside script Done Done *Done Incomplete Script option 2 argument
Done Done*Done Incomplete Script option 3 from file Done Done*Done
Incomplete Script option 4 from input (scrapped, 255 character
limit) n/a Incomplete Overall module with methods (CSAW_Crypto.py)
Success Incomplete My overall scoreboard * Found the code excerpt
online
- Slide 17
- CSAW Crypto Redux Crypto challenge # 1 Cipher text: 87 101 108
99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85
32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116
46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109
97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114
32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121
111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110
103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101
121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110
103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121
46
- Slide 18
- Answer Welcome to the 2011 NYU Poly CSAW CTF event. We have
planned many challenges for you and we hope you have fun solving
them all. The key for this challenge is cryptography.
- Slide 19
- Wolfgangs code private static string AsciiToString(string
encodedString) { string[] encodedChars = encodedString.Split(' ');
char[] decodedChars = new char[encodedChars.Length]; for (int i =
0; i < decodedChars.Length; i++) { // Convert the number
expressed in base-10 to an integer int codeNum =
Convert.ToInt32(encodedChars[i], 10); // Convert the integer to a
character code decodedChars[i] = Convert.ToChar(codeNum); } return
new string(decodedChars); }
- Slide 20
- Matts code $string=$null [int[]]$array = ("87 101 108 99 111
109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80
111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32
87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97
110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32
121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111
117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103
32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32
102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101
32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121
46").Split(" ") foreach($l in $array) { $string += [char]$l}
$string
- Slide 21
- My code #!/usr/bin/python Import sys code1 =
(87,101,108,99,111,109,101,32,116,111,32,116,104,101,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,10
1,32,104,97,118,101,32,112,108,97,110,110,101,100,32,
109,97,110,121,32,99,104,97,108,108,101,110,103,101,
115,32,102,111,114,32,121,111,117,32,97,110,100,32,1
19,101,32,104,111,112,101,32,121,111,117,32,104,97,1
18,101,32,102,117,110,32,115,111,108,118,105,110,103,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32,107,101,121,32,102,111,114,32,116,104,105,115,32,99,
104,97,108,108,101,110,103,101,32,105,115,32,99,114,
121,112,116,111,103,114,97,112,104,121,46) for i in code1: code1a =
int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) Option #
1 Encrypted message inside script Output is decrypted
- Slide 22
- My code Option # 2 Encrypted message can be used as an argument
when calling script Output is decrypted #!/usr/bin/python import
sys if len(sys.argv)= A && codeNum = a &&
codeNum