Overview of Python Flying made simple without the Nyquil
hangover
Slide 2
Agenda About me History of Python About Python Pythons uses
Python basics (Python 101) CSAW Crypto Redux Extra credit Resources
Tips, tricks, observations
Slide 3
Who am I? Husband/father/geek/gets distracted by shiny objects
easy Career path switched to IT in 1999, professionally an IT guy
since 2001 Started the infosec career path switch in 2009,
officially an infosec professional since 2012(?) Vbscript 2007
Python 2011 About me
Slide 4
History of Python Conceived in the late 1980s by Guido van
Rossum at CWI. Was designed to be a successor to the ABC
programming language Benevolent Dictator for Life (BDFL) Currently
employed by Google where he spends half his time working on Python
development Python 2.0 was release on October 16 th, 2000 Contained
many major new features Full garbage collector (automatic memory
management) Unicode support Biggest change development process with
a shift towards more transparent and community-backed process
Python 3.0 was released on December 2008 Many major features have
been back ported to Python 2.6 and 2.7
Slide 5
About Python What is Python? Python is a general-purpose,
high-level programming language whose design philosophy emphasizes
code readability. Python claims to "[combine] remarkable power with
very clear syntax", and its standard library is large and
comprehensive. Its use of indentation for block delimiters is
unique among popular programming
languages.general-purposehigh-level programming languageuse of
indentation for block delimiters Why is it called Python? When he
began implementing Python, Guido van Rossum was also reading the
published scripts from Monty Pythons Flying Circus, a BBC comedy
series from the 1970s. Van Rossum thought he needed a name that was
short, unique, and slightly mysterious, so he decided to call the
language Python.Monty Pythons Flying Circus Fun fact - The built in
IDE is named after Eric Idle, a member of Monty Python.
Slide 6
What is Python good for? Python comes with a large standard
library that covers areas such as; string processing (regular
expressions, Unicode, calculating differences between files)
Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI
programming) software engineering (unit testing, logging,
profiling, parsing Python code) operating system interfaces (system
calls, file systems, TCP/IP sockets) Artificial intelligence
(because of similarities to Lisp) Extensive use in the information
security industry, including exploit development. Network,
debugging and reverse engineering, fuzzing, web, forensics, malware
analysis, PDF, etc. Easy to write short scripts for system admin
work. Python code is easy to understand. Once the basic syntax is
learned, even the most complicated scripts can make sense. Python
is cross platform!! It will work on Linux, Windows, Mac and most
every other OS. Many, many resources and a big, friendly
community
Slide 7
Pythons uses
Slide 8
Applications BitTorrent DropBox Video games Civilization IV
Battlefield 2 Eve Online Vampire: The Masquerade Bloodlines
Graphics Industrial Light & Magic "The Phantom Menace", "The
Mummy Returns" and other productions as ones where Python was used.
Walt Disney Feature Animation Science NASA National Weather Service
GUI frameworks TKInter PyQt wxPython Embedded as a scripting
language Amarok GIMP Autodesk Maya Commercial uses Google apps
Reddit YouTube Government CIA.gov Python implementations Cpython
IronPython Python for.NET and Mono platforms Jython Python coded in
Java
Slide 9
Python basics Indentation does matter This will workBut this
wont if True: print "True" else: print "False if True: print
"Answer" print "True" else: print "Answer" print "False" If, If..
Else, If Elif (no Then) Syntax is easy If statement Else statement
Elif statement if expression: statement(s) if expression:
statement(s) else: statement(s) if expression1: statement(s) elif
expression2: statement(s) else: statement(s) All scripts are
considered modules All functions inside module can be used or only
certain methods can be used inside script Entire modulePartial
method import sys from sys import argv
Slide 10
Python basics Help is built in Help on modulesHelp on methods
>>> Import sys, hashlib >>> help(sys)
>>> help(hashlib) >>> pydoc sys >>>
pydoc hashlib >>> Import sys, hashlib >>>
help(sys.argv) >>> help(hashlib.sha512) >>> pydoc
sys.argv >>> pydoc hashlib.sha512 It can be ran
interactively Via command prompt Via IDLE or DreamPie python Python
2.72 Type help, copyright.. >>> IDLE is built in to Python
installs DreamPie is a Python shell (best used on Linux)
Slide 11
Inspiration for the idea?
Slide 12
Post CSAW CTF
Slide 13
Slide 14
Slide 15
My approach Post CSAW crypto challenges Each challenge
1.Encrypted message inside script Output is decrypted 2.Encrypted
message can be used as an argument when calling script Output is
decrypted 3.Encrypted message can be read from a file for
decrypting Overall 1.One module for all decrypting, each decryption
style is a method
Slide 16
Challenge 1- Unicode Challenge 2 Hex Challenge 3 Binary
Challenge 4 Base64 Challenge 5 ROT13 Challenge 6 - Script option 1
- inside script Done Done *Done Incomplete Script option 2 argument
Done Done*Done Incomplete Script option 3 from file Done Done*Done
Incomplete Script option 4 from input (scrapped, 255 character
limit) n/a Incomplete Overall module with methods (CSAW_Crypto.py)
Success Incomplete My overall scoreboard * Found the code excerpt
online
Answer Welcome to the 2011 NYU Poly CSAW CTF event. We have
planned many challenges for you and we hope you have fun solving
them all. The key for this challenge is cryptography.
Slide 19
Wolfgangs code private static string AsciiToString(string
encodedString) { string[] encodedChars = encodedString.Split(' ');
char[] decodedChars = new char[encodedChars.Length]; for (int i =
0; i < decodedChars.Length; i++) { // Convert the number
expressed in base-10 to an integer int codeNum =
Convert.ToInt32(encodedChars[i], 10); // Convert the integer to a
character code decodedChars[i] = Convert.ToChar(codeNum); } return
new string(decodedChars); }
My code #!/usr/bin/python Import sys code1 =
(87,101,108,99,111,109,101,32,116,111,32,116,104,101,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,10
1,32,104,97,118,101,32,112,108,97,110,110,101,100,32,
109,97,110,121,32,99,104,97,108,108,101,110,103,101,
115,32,102,111,114,32,121,111,117,32,97,110,100,32,1
19,101,32,104,111,112,101,32,121,111,117,32,104,97,1
18,101,32,102,117,110,32,115,111,108,118,105,110,103,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32,107,101,121,32,102,111,114,32,116,104,105,115,32,99,
104,97,108,108,101,110,103,101,32,105,115,32,99,114,
121,112,116,111,103,114,97,112,104,121,46) for i in code1: code1a =
int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) Option #
1 Encrypted message inside script Output is decrypted
Slide 22
My code Option # 2 Encrypted message can be used as an argument
when calling script Output is decrypted #!/usr/bin/python import
sys if len(sys.argv)= A && codeNum = a &&
codeNum