تحميل كتاب برمجة بايثون للقرصنة السوداء Black Hat Python: Python Programming for Hackers and Pentesters

تحميل كتاب برمجة بايثون للقرصنة السوداء Black Hat Python: Python Programming for Hackers and Pentesters استكمالا لسلسلة تعلم بايثون للمبدئين Learn Python نقدم لكم في هذه المقالة كتاب برمجة بايثون للقرصنة السوداء Black Hat Python: Python Programming for Hackers and Pentesters ، من تأليف Justin Seitz .

Introduction the book Black Hat Python: Python Programming for Hackers and Pentesters

Windows COM automation serves a number of practical uses, from interacting with network-based services to embedding a Microsoft Excel spreadsheet into your own application. All versions of Windows from XP forward allow you to embed an Internet Explorer COM object into applications, and we’ll take advantage of this ability in this chapter. Using the native IE automation object, we’ll create a man-in-the browser-style attack where we can steal credentials from a website while a user is interacting with it. We’ll make this credential-stealing attack extendable, so that several targe websites can be harvested. The last step will use Internet Explorer as a means to exfiltrate data from a target system. We’ll include some public key crypto to protect the exfiltrated data so that only we can decrypt it. 

Internet Explorer, you say? Even though other browsers like Google Chrome and Mozilla Firefox are more popular these days, most corporate environments still use Internet Explorer as their default browser. And of course, you can’t remove Internet Explorer from a Windows system — so this technique should always be available to your Windows trojan.

So you’ve popped a box inside a nice juicy Windows network. Maybe you leveraged a remote heap overflow, or you phished your way into the network. It’s time to start looking for ways to escalate privileges. If you’re already SYSTEM or Administrator, you probably want several ways of achieving those privileges in case a patch cycle kills your access. It can also be important to have a catalog of privilege escalations in your back pocket, as some enterprises run software that may be difficult to analyze in your own environment, and you may not run into that software until you’re in an enterprise of the same size or composition. In a typical privilege escalation, you’re going to exploit a poorly coded driver or native Windows kernel issue, but if you use a low-quality exploit or there’s a problem during exploitation, you run the risk of system instability. We’re going to explore some other means of acquiring elevated privileges on Windows.

System administrators in large enterprises commonly have scheduled tasks or services that will execute child processes or run VBScript or PowerShell scripts to automate tasks. Vendors, too, often have automated, built-in tasks that behave the same way. We’re going to try to take advantage of highprivilege processes handling files or executing binaries that are writable by low-privilege users. There are countless ways for you to try to escalate privileges on Windows, and we are only going to cover a few. However, when you understand these core concepts, you can expand your scripts to begin exploring other dark, musty corners of your Windows targets.

We’ll start by learning how to apply Windows WMI programming to create a flexible interface that monitors the creation of new processes. We harvest useful data such as the file paths, the user that created the process, and enabled privileges. Our process monitoring then hands off all file paths to a file-monitoring script that continuously keeps track of any new files created and what is written to them. This tells us which files are being accessed by high-privilege processes and the file’s location. The final step is to intercept the file-creation process so that we can inject scripting code and have the high-privilege process execute a command shell. The beauty of this whole process is that it doesn’t involve any API hooking, so we can fly under most antivirus software’s radar.

Click Here TO Download The BOOK PDF