Thursday, November 7, 2013

Finished chapter 2

Yesterday, I finished did a few things in Python that were pretty fun. The first was writing some string and regex parsing scripts for my database class. My instructor wanted us to write 150+ lines of INSERT INTO.. statements trying to introduce us to SQL, but I've written plenty of SQL in the past and really don't need the practice writing INSERT statements. So I picked up the text and saw some basic patterns that were pretty easy to go through. All but one of the text format tables had fields as headers and values separated by ' '. Easy enough. String manipulation always makes me think a bit about how to go about it, so I'm pretty happy this went so smoothly.string[:-2] was a crowning moment too since it let me easily strip crap out. It feels lame talking about something so simple, but it made me happy.

I wrote up a socket based file transfer client and server yesterday because I didn't know how it was done. My idea was to connect, open the file, send it from the server to the client, client writes it to a file. Pretty simple. I'm not on my laptop right now and the code isn't sync'd between devices so I can't share it right now, but I plan on getting to it.

The third point is what I'm excited about. I came home for lunch and had a bit of extra time so I decided to look for a video on python networking. I found gold with Python Network Sniffer. This goes through the implementation of raw sockets on python's socket module and talks about how to deconstruct an IP header aided by the information at www.networksorcery.com.

The basic organization of an IP header is as follows (and borrowed from the above website):
0001020304050607080910111213141516171819202122232425262728293031
VersionIHLDifferentiated ServicesTotal length
IdentificationFlagsFragment offset
TTLProtocolHeader checksum
Source IP address
Destination IP address
Options and padding :::

What this taught me is bitwise operations and how they actually work with what I had learned about headers. The first line of this diagram is 32 bits: 4 bytes. When I receive an IP packet, I'm going to grab the first 20 bytes to cover the version to the dest IP. The first byte is VVVVIIII, so the first four bits from left to right are the version and the last four are the header length, but binary numbers start counting from right to left. This code shows how it is shifted four bits to the right then the header length is added.

version = 4 #IPv4
IHL = 5 #5 * 32-bit words = size of IP header
ver_IHL = (version << 4) + IHL

I'm excited about this. With some practice, I will be constructing my own packets and segments. In my information assurance and computer security class, we've been discussing, in an abridged format, network attacks and have mentioned TCP SYN flooding and ARP poisoning. This weekend, I want to write my own simple scripts to initiate these as proof of concept on my own network.

Onto today. I finished chapter 2 of Violent Python and started chapter 3 - Forensic Investigations. At the end of the pen testing stuff in chapter 2, I was way out of my league and need to revisit the chapter when I understand more about shell/assembly and have done some reading up on stack overflows. I understood ftp and ssh just fine, but when it came to what metasploit was actually doing, I was LOST. Like I said in my last post, I'm learning python right now and some concepts of how I can relate it to network security and pen testing. Python being the focus. I'll get back to the other stuff when I have time. Till next time (or later when I post my filetransfer stuff)

Tuesday, November 5, 2013

Redesign. Repurpose... again.

Once again, I deleted the old content. It's not something I felt like writing about and this site is tied to my primary web identity, so repurposing is to be expected. The new purpose is to document my experience and growth in network programming, vulnerability and exploitation learning, Python experiments, and penetration testing.

The first point to bring up about the redesign is that I have gone with a simple design of the site. I know I'm not hosting my own site. Maybe I will at some point, but not today or anytime in the plans coming up. White background, black text, archives on the right and some profile info for you should be enough. In fact, I enjoy it when I find a place that simple that has valid information for me. I don't have to dig through their design decisions to find the information I'm looking for. It leaves me looking at their content and manner of style in the writing - the meat of the site. And I like good meat.

Next up is my training/education that I've been going through. At the current time, I am in my second to last semester for my undergrad degree in Business Administration/Major in Computer Information Systems/Emphasis in Information Assurance and Computer Security. The program looks awesome and I'm sure it works well for many people, but I want to learn more. Abstract concepts of computing security don't make a system secure. How can you defend information and resources if you don't know how the protection schemes work? In this vein, I am learning about penetration testing. I played around with metasploit for a bit and felt comfortable moving around in the console, but really didn't understand what was going on; metasploit is automation with my current understanding. From there, I went to https://pentesterlab.com/bootcamp/ and started their program.

Week 1 and 2 were easy. Setup linux - I chose Debian 7 because I had never used Debian(Ubuntu doesn't count for me) - relearn the basics of python including basic syntax, classes, strings, files, etc. I played around with it a few years ago and went through a primer about a month and a half ago to remind me of how the language works. After this, I setup apache2 over both HTTP and HTTPS(SSL), wrote a client for HTTP through the python socket and httplib libraries. Setting up HTTPS was sort of a pain because I had to learn about openssl and it just didn't make sense. I wrote up a post about it explaining what I learned and what problems I had, but never posted it because I wanted to redo the site. This was a few weeks ago. Then I went through basic PHP(feels a lot like C++) and MySQL connecting to each other and got stuck on writing an SSL over HTTP client. The python docs just didn't make sense and I felt like I was getting nowhere over a week of trying to do it, so the focus shifted to learning and practicing in python.

Enter Violent Python. This book is meant to teach python libraries that are useful in the "breaking" aspect of computing. Right now, I'm in chapter 2 - Penetration Testing that covers Pexpect, ftplib, python-nmap, and some interaction with metasploit as well as other topics. My goal is to finish going through the book and understanding the libraries presented and the logic behind the code. Once I have finished that, I'm going to play around with pylibnet and pylibpcap to learn about injecting packets/segments/frames onto the network to solidify my understanding on networking. From there, I want to continue the pentestinglab.com bootcamp and move on from there.

A mouthful? Just a bit. I'll try to keep this up to date with what I learn and examples of how it works.