|Programming for Hackers - Preview.pdf|
Today's issue of Hakin9 is dedicated to programming. There is an ongoing question whether programming skills are essential to being a good hacker. Most agree that knowing how to code is necessary, although not obligatory to become a hacker, as it will definitely help you understand some techniques and processes. If you know how to code, you will be able to dissect code and analyze it, and to write your own scripts or your own hacking tools.
We decided to focus mostly on Python. Why? Because Python is an extremely powerful language and it easy to learn at the same time. With Python you can achieve your results with minimal coding, and it does not need to be compiled. I strongly recommend reading Python for hackers: Extract gold from systems by Adrian Rodriguez Garcia and The dangers of metadata by Verónica Berengue. In the first one you will learn about data extraction from Microsoft Windows systems and the second one will focus on extraction images and PDF documents. More about Python and its capabilities can be found in Programming In Python, Forensic Analysis For Network and Programming for hackers.
Samrta Das and Prasoon Nigam prepared two tutorials about Burp Suite, one of the most popular tools for performing security testing of web applications. Their step-by-step articles will help you use Burp’s features easily and efficiently.
There are a lot more articles inside, and I hope that you will find something interesting for yourself there.
We want to thank you for all your support, we appreciate it a lot. If you like this publication you can share it and tell your friends about it! Every one of your comments is important to us. Special thanks to Beta Testers and Proofreaders who helped with this issue.
See you next month!
Enjoy your reading,
Useful links and sources
Python for hackers: Extract gold from systems
by Adrian Rodriguez Garcia
First, we’re going to talk about what kind of information it’s useful to extract from a system and why it’s important. Then, with Python language and the enormous power of its libraries, we will demonstrate how to extract basic information from a system and how to monitor and extract data from the file system, processes, network connections and keyboard. Finally, we will talk about a possible way to manage the data extracted using Big Data technologies, like Apache Kafka.
What is Burp Suite?
by Pprasoon Nigam
The Burp Suite or a (Manual) Proxy tool is an intercepting proxy tool that intercepts all the traffic (Request and Response) which is sent from Client to Server and vice versa. The primary job of the Burp Suite Proxy tool is to intercept regular web traffic, which goes over Hypertext Transfer Protocol (HTTP), and with additional configuration, encrypted HTTP (HTTPS) traffic as well. Burp Suite can be used to intercept any client-server communication that goes over HTTP.
“I always tell people: learn a programming language that will help you achieve your goals”
Interview with Laurence Bradford, the creator of Learn to Code With Me
Understanding CyberCrime and CyberCriminals
by Colin Renouf
In this article we will look at what we mean by cyber crime and set its boundaries, i.e. what distinguishes cyber crime from other types of crime; and look at the criminals that commit such crimes and their motivations. This understanding is needed to deter the criminals from attacking in the first place; and after they have attacked, determine what forensic information is required and what approach is needed to be able to successfully prosecute the perpetrator.
Programming for Hackers
by Amit Ranjan
When an input transfigures a use case to an abuse case, it's become a successful hack. A successful hack signifies that the software program isn’t coded with resilience against that input; it may be an inherent vulnerability in the programming language (crashes that can become exploits) or an insecure implementation (bugs and flaws) by an ignorant programmer. The thought process in hacking has long been dominated by payloads that can subvert barriers put in an implementation. Of course, there are practices of developing exploits that need a hacker to be aware about programming languages, probably more than a developer.
The dangers of metadata
by Verónica Berenguer
The extraction of metadata is one of the biggest dangers that exist related to the files and that people ignore. Metadata extraction will be addressed and advice will be given to avoid risks. In this article, we will introduce the world of programming for hackers, specifically, the extraction of metadata using Python from images or PDF documents.
Harnessing the lesser known “Burp macros” for Penetration Testing Web Apps
by Samrat Das
In my penetration testing career so far, while performing fuzzing of parameters and page field in web applications, I did encounter some challenges relating to session handling. In multiple cases, the application used to terminate the session being used for testing, this either happened due to some security countermeasures (for example: getting unsafe input, the session used to get logged out) or in other cases, say the Burp spider/ crawler used to fuzz the logout page parameters and terminate the session.
“Python developers are such a large and diverse group, how could they not have a podcast?”
Interview with Michael Kennedy, the creator of Talk Python To Me Podcast
Source Code review
by Atul Singh
Source Code review is a process which discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented. Code review helps developers learn the code base, as well as help them learn new technologies and techniques that grow their skill sets. In source code review, we are using a combination of scanning tools and manual review to detect insecure coding practices, backdoor, injection flaws, cross site scripting errors, insecure handling of resources, weak cryptography, etc.
Wireless Hacking Tools
by Souvik Mal
We know that everyone is curious about Wireless/Wi-Fi hacking. Even I was curious about Wi-Fi hacking when I was a teenager. But before hacking something, we need to be familiar with the working mechanism of Wi-Fi technology. So before starting, Here’s a little a bit of information about Wi-Fi technology, mainly its security. And one more thing, this is totally for educational purposes only. Let’s start…
Programming In Python Forensic Analysis For Network
by Julio César Pérez Barbosa
Much has been said about Python being a programming language that is too easy and very efficient for programming, in our case, for hackers.We will not go into detail in the syntax, nor in the programming structure with Python, but it is necessary to see a little of the great range of the forensic analysis.Within the forensic analysis, there are several application points: mobile, networking, cloud, or local equipment.In our case, we will use forensic analysis at the networking level programming with Python, so let's start. We will be making a small sniffer and we will do it little by little, strengthening it as we go.