Here is the Day 1 Video: https://s3.amazonaws.com/StrategicSec-Videos/_2015_5_5_rec-lw-us-4_240269_recording.mp4 Here is the Day 2 Video: https://s3.amazonaws.com/StrategicSec-Videos/_2015_5_7_rec-hq-3_241310_recording.mp4 Here is the Day 3 Video: https://s3.amazonaws.com/StrategicSec-Videos/_2015_5_11_rec-lw-us-7_243144_recording.mp4 Here is the Day 4 Video: https://s3.amazonaws.com/StrategicSec-Videos/_2015_5_14_rec-hq-6_244377_recording.mp4 Here is the Day 5 Video: https://s3.amazonaws.com/StrategicSec-Videos/_2015_5_18_rec-hq-6_246395_recording.mp4 Here is the Day 6 Video: https://s3.amazonaws.com/StrategicSec-Videos/_2015_5_20_rec-hq-2_247633_recording.mp4 ######################################### # Here is the courseware for this month # ######################################### Class powerpoint slides: https://s3.amazonaws.com/StrategicSec-Files/Python/PythonV3-1.pptx Courseware Lab Manual https://s3.amazonaws.com/StrategicSec-Files/Python/Python-For-InfoSec-Pros-2015.pdf https://s3.amazonaws.com/StrategicSec-VMs/Strategicsec-Ubuntu-VPN-163.zip username: strategicsec password: strategicsec The youtube video playlist that I'd like for you to watch is located here: https://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA ############################## # Installing Python in Linux # ############################## The first thing that you will need to do is install dpkt. sudo apt-get install -y idle Open IDLE, and let's just dive right in. ############################# # Lesson 1: Simple Printing # ############################# >>> print "Today we are learning Python." ##################################### # Lesson 2: Simple Numbers and Math # ##################################### >>> 2+2 >>> 6-3 >>> 18/7 >>> 18.0/7 >>> 18.0/7.0 >>> 18/7 >>> 9%4 >>> 8%4 >>> 8.75%.5 >>> 6.*7 >>> 6*6*6 >>> 6**3 >>> 5**12 >>> -5**4 ####################### # Lesson 3: Variables # ####################### >>> x=18 >>> x+15 >>> x**3 >>> y=54 >>> x+y >>> g=input("Enter number here: ") 43 >>> g+32 >>> g**3 ################################### # Lesson 4: Modules and Functions # ################################### >>> 5**4 >>> pow(5,4) >>> abs(-18) >>> abs(5) >>> floor(18.7) >>> import math >>> math.floor(18.7) >>> math.sqrt(81) >>> joe = math.sqrt >>> joe(9) >>> joe=math.floor >>> joe(19.8) ################################## # Lesson 5: How to Save Programs # ################################## Run "IDLE (Python GUI)" File -> New Window print "Python for InfoSec" File -> Save as py4InfoSec.py Run -> Run Module or Press "F5" Create a file name.py x = raw_input("Enter name: ") print "Hey " + x raw_input("Press<enter>") Run -> Run Module or Press "F5" ##################### # Lesson 6: Strings # ##################### >>> "XSS" >>> 'SQLi' >>> "Joe's a python lover" >>> 'Joe\'s a python lover' >>> "Joe said \"InfoSec is fun\" to me" >>> a = "Joe" >>> b = "McCray" >>> a, b >>> a+b ########################## # Lesson 7: More Strings # ########################## >>> num = 10 >>> num + 2 >>> "The number of open ports found on this system is " + num >>> num = str(18) >>> "There are " + num + " vulnerabilities found in this environment." >>> num2 = 46 >>> "As of 08/20/2012, the number of states that enacted the Security Breach Notification Law is " + `num2` ####################### # Lesson 8: Raw Input # ####################### Run "IDLE (Python GUI)" File -> New Window joemccray=input("Enter name: ") print joemccray Run -> Run Module # Will throw an error or Press "F5" File -> New Window joemccray=raw_input("Enter name: ") Run -> Run Module # Will throw an error or Press "F5" NOTE: Use "input() for integers and expressions, and use raw_input() when you are dealing with strings. ################################# # Lesson 9: Sequences and Lists # ################################# >>> attacks = ['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include'] >>> attacks ['Stack Overflow', 'Heap Overflow', 'Integer Overflow', 'SQL Injection', 'Cross-Site Scripting', 'Remote File Include'] >>> attacks[3] 'SQL Injection' >>> attacks[-2] 'Cross-Site Scripting' ########################## # Level 10: If Statement # ########################## Run "IDLE (Python GUI)" File -> New Window attack="SQLI" if attack=="SQLI": print 'The attacker is using SQLI' Run -> Run Module or Press "F5" File >> New Window attack="XSS" if attack=="SQLI": print 'The attacker is using SQLI' Run -> Run Module or Press "F5" ############################# # Reference Videos To Watch # ############################# Here is your first set of youtube videos that I'd like for you to watch: https://www.youtube.com/playlist?list=PLEA1FEF17E1E5C0DA (watch videos 1-10) ##################################### # Lession 11: Intro to Log Analysis # ##################################### Login to your StrategicSec Ubuntu machine. You can download the VM from the following link: https://s3.amazonaws.com/StrategicSec-VMs/Strategicsec-Ubuntu-VPN-163.zip username: strategicsec password: strategicsec Then execute the following commands: --------------------------------------------------------------------------------------------------------- wget https://s3.amazonaws.com/SecureNinja/Python/access_log cat access_log | grep 141.101.80.188 cat access_log | grep 141.101.80.187 cat access_log | grep 108.162.216.204 cat access_log | grep 173.245.53.160 --------------------------------------------------------- Google the following terms: - Python read file - Python read line - Python read from file ######################################################### # Lession 12: Use Python to read in a file line by line # ######################################################### Reference: http://cmdlinetips.com/2011/08/three-ways-to-read-a-text-file-line-by-line-in-python/ --------------------------------------------------------- vi logread1.py ## Open the file with read only permit f = open('access_log', "r") ## use readlines to read all lines in the file ## The variable "lines" is a list containing all lines lines = f.readlines() print lines ## close the file after reading the lines. f.close() --------------------------------------------------------- Google the following: - python difference between readlines and readline - python readlines and readline ################################# # Lession 13: A quick challenge # ################################# Can you write an if/then statement that looks for this IP and print "Found it"? 141.101.81.187 --------------------------------------------------------- Hint 1: Use Python to look for a value in a list Reference: http://www.wellho.net/mouth/1789_Looking-for-a-value-in-a-list-Python.html --------------------------------------------------------- Hint 2: Use Python to prompt for user input Reference: http://www.cyberciti.biz/faq/python-raw_input-examples/ --------------------------------------------------------- Hint 3: Use Python to search for a string in a list Reference: http://stackoverflow.com/questions/4843158/check-if-a-python-list-item-contains-a-string-inside-another-string Here is one student's solution - can you please this code to me? #!/usr/bin/python f = open('access_log') strUsrinput = raw_input("Enter IP Address: ") for line in iter(f): ip = line.split(" - ")[0] if ip == strUsrinput: print line f.close() ------------------------------- Working with another student after class we came up with another solution: #!/usr/bin/env python # This line opens the log file f=open('access_log',"r") # This line takes each line in the log file and stores it as an element in the list lines = f.readlines() # This lines stores the IP that the user types as a var called userinput userinput = raw_input("Enter the IP you want to search for: ") # This combination for loop and nested if statement looks for the IP in the list called lines and prints the entire line if found. for ip in lines: if ip.find(userinput) != -1: print ip ################################################## # Lession 14: Look for web attacks in a log file # ################################################## In this lab we will be looking at the scan_log.py script and it will scan the server log to find out common hack attempts within your web server log. Supported attacks: 1. SQL Injection 2. Local File Inclusion 3. Remote File Inclusion 4. Cross-Site Scripting wget https://s3.amazonaws.com/SecureNinja/P...
qfx