Review of Udemy course – Python for Ethical Hacking: Develop Pentesting tools by hackersploit academy

Overview

If anyone starting out with either learning Python or cyber security there is a fantastic course on Udemy you should put serious consideration into buying. The Python for Ethical hacking course takes you step by step through coding your own tools for carrying out various security related tasks such as scanning for open ports and active IP addresses, transferring files between machines and even setting up a botnet which includes coding both the client and server side code.

Pros

  • The course covers a lot of different tools so if you are into security there is very likely going to be something relevant to you.
  • The instructor speaks very clearly and explains everything as he goes along.
  • Both Python 2 and 3 are used with discussion of some of the differences.
  • Each tool is coded live which also involves the debugging phase at the end, seeing a skilled coder going through the debugging process is invaluable knowledge which often gets skipped in other courses.
  • While the course is aimed at people with a little bit of experience in Python and coding I feel that anyone with general tech saviness should be able to jump in and follow.
  • The majority of the tools are left open to allow you to add features in the future if it’s something you start using for real world work.

Cons

  • The only con I could think of was that most of the tools weren’t demonstrated in a real world scenario. Watching some of these tools in action might have helped learners remember what they do on a deeper level.

Verdict

This is one of the best courses I have done so far. The experience I’ve gained from watching someone coding these tools and following along in real time far outweighs the learning I’ve gained from other basic python courses which teach things on a more conceptual level.

Some of these tools you create on this course are almost clones of popular tools from Kali Linux which allows you to carry on learning different penetration testing techniques but with a bigger sense of achievement at the end as you know you coded some of the tools yourself by hand.

I’m so impressed by this course that whatever the instructor releases next will likely go onto my wishlist to learn, regardless of the topic.

Finding saved wifi passwords from known hotspots

I recently did some work in a building where the tenants thought they were protecting their wifi by having one of their staff type in the wifi password for me instead of just telling me the password.

I think the logic was that it would stop me handing it out to other people which might then lead to them having lots of unknown users connecting. I’m not sure how much research went into testing how effective their technique was

Here’s how to see the password of any wifis you have previously connected to from your computer (even if you didn’t enter the password yourself)

open up command prompt and run: netsh wlan show profile

wifi1

This will bring up a list of all the wifi hotspots you have connected to. Then to display the password for one of them run : Netsh wlan show profile xxx key=clear (replace xxx with the name of the wifi from the previous step)

this should reveal the plaintext password in the key content field:

wifi2

Note: If the key is not shown and instead says something like “security key : present” make sure you are running cmd as administrator

If there are too many hotspots listed to do them manually here is some python to automate their extraction:

https://pastebin.com/embed_js/B1ri6W54

Python directory finder (dirb)

If for some reason you find yourself on a machine you cannot get dirb or dirbuster on here is some quick code for how to achieve similar results using python 3.

It takes a word list from your common.txt file (change the name in the code if needed) and tries to connect to the url you have given it + each line in the .txt file and then gives a positive result if the full url path gives back a response.

The code doesn’t have any sort of rate limiting so if your target has systems in place to block DOS attacks you may start getting false negatives.


#!/user/bin/python
#scans for web directories from a word list
#replace common.txt with your wordlist
#for python 3

import requests

def requests(url):
    try:
        return requests.get("http://" + url)
    except requests.exceptions.ConnectionError:
        pass

target_url = input("Enter Target URL: ")

file = open("common.txt","r")
for line in file:
    word = line.strip()
    full_url = target_url + "/" + word
    response = request(full_url)
    if response:
        print("Discovered directory at this link: " + full_url)

The code comes courtesy of a course on Udemy taught by the very eloquent Eduardo Rosas

Interview with Burpsuite creator Dafydd Stuttard

Here’s an old video from 2015 showing an interview with the creator of burpsuite answering a few questions about how it started and why he initially started developing the tool. Like a lot of security applications it seems to have started its life as a hobby project which kept growing with new features until enough people found it useful for it to become mainstream.

Here are some useful timestamps:

6:30- interview starts
13:10 – how burp got its name
29:30 – Burp spider
32:45 – Server side template engines
40:00 – pricing
45:00 – the wider security community
46:30 – Recommendations for vulnerable test applications

Its interesting to note the difference in presentation between Dafydd who most likely spends his days presenting security ideas to IT managers at corporate jobs compared to the two podcast hosts who seem to be trying to create some sort of cross between the stereotypical hoodied hacker and Joe Rogan. As the security industry matures I’m expecting we’ll come across more of the former.

Hints and Tips for PythonChallenge level 8

This is a page of hints for the Pythonchallenge.com level 8 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Think of the noise small insects make when they fly around.

Expand for hint 2

Have you found the username and password text in the source?

Expand for hint 3

The start of the text may give you a clue as to how it is encoded/compressed

Expand for hint 4

This compression needs to use bytes instead of strings

Expand for hint 5

If you know the compression library but can’t get the decompression working try compressing some sample text to give you a better idea of what it should look like.

Hints and Tips for PythonChallenge level 7

This is a page of hints for the Pythonchallenge.com level 7 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

Concentrate on the image.

Expand for hint 2

The code is in the grey pixels in the image, ignore the coloured bits.

Expand for hint 3

What ways are there to store data in colour values?

Expand for hint 4

Have a look at the PIL python library

Expand for hint 5

Can you automatically extract the colour values of each block?

Expand for hint 6

If the values are all within a certain range, could that be converted using a character map?

Hints and Tips for PythonChallenge level 6

This is a page of hints for the Pythonchallenge.com level 6 challenge

It does not contain the answer so you can use as many hints as you want but still have to put everything together yourself to complete it

Note: A lot of these challenges have multiple different ways of solving them, the hints here might not match to what you have found already.

Expand for hint 1

The picture is a clue to a filetype which contains the challenge.

Expand for hint 2

The Paypal link isn’t a trick, it has nothing to do with the challenge.

Expand for hint 3

Can you use code from a similar challenge to automatically navigate these?

Expand for hint 4

Check out the comments in each of the files.

Expand for hint 5

Can you collect the data from the comments in the correct order and map it?

Expand for hint 6

All the comments in the correct order should show a word