Author: Justin Seitz
Publisher: No Starch Press
Audience: Experienced Pythonistas
Reviewer: Alex Armstrong
A book that explains how to use Python to gain control and otherwise cause mischief isn't a good idea - is it?
There are three possible reasons you might want to read this book. The first is that you are a wannabe Black Hat, i.e. a malicious hacker; the second is that you want to learn enough to protect against a Black Hat and the third is that you are just interested in some advanced programming. If you want a book for the first two reasons you are almost certain to be disappointed or at least fooled into thinking that you have acquired super powers. At best a book of this sort can only tell you about things that are very well known. In practice finding and exploiting some weakness in a system is much more a matter of inventing new things and gaining access though social manipulation than it is about using a standard toolkit. Of course you do need to know the standard toolkit to get into the subject. This book does give you some of the tools but at the end of the day you are going to need much more to graduate in either profession.
What this sort of book is often good for is presenting very technical and often low-level coding techniques. The sort of things that you don't find in books that major on designing a database or creating a website. It is a shame that such low level information can't find an outlet without being wrapped up in the glamour of a cloak and dagger sort of world. For me programming is glamorous enough!
The book starts off with setting up Python and Kali Linux in a VM so that you can experiment. It also suggests using the WingIDE, which is a good idea. This is all the help you get with Python, however, as the rest of the book assumes you have a fair bit of Python skill. In other words, this is not a book you want if you are really trying to learn Python. It probably isn't even the book you need if you are trying to improve your Python.
From here the book goes on to examine Python networking in Chapters 2 and 3. This not much more than a tutorial on using TCP and UDP clients followed up with a look a raw sockets - nothing really difficult. It is worth knowing that the book doesn't really explain the inner workings of networking. You really do need to understand things like TCP and UDP and even lower level things like ICMP. Justin Seitz assumes that you have a basic idea of what a packet is and even familiarity with tools such as WireShark. The main task of the book is to get you to extend what you do to include custom Python code.
Chapter 4 is about using the Scapy library to do interesting things such as stealing email credentials by intercepting packets and ARP Cache poisoning. You don't get much of an explanation of what ARP or the ARP Cache is all about and if you don't realize that most networks are IP over Ethernet and use mac addresses not IP addresses this isn't going to be easy to understand. In addition most of the techniques are explained by presenting the code and making a few comments.
From here we move on to using an HTTP library - urlib2 - to do things like bruteforcing password pages and finding out about files that aren't correctly protected. Next we have a chapter on extending the Burp proxy. Again it is assumed that you have used Burp and know all about it.
Chapter 7 is about using GitHub and building a GitHub aware Trojan. Chapter 8 focuses on a sort of toolkit for Trojans on Windows - keystroke logging, taking screenshots and so on. Chapter 9 continues the Windows theme with a look at using IE for various tasks. Why IE? Simply because IE supports COM and hence automation is easy. Chapter 10 deals with Windows privilege escalation and the final chapter is on automating offensive forensics.
Overall there are lots of details missing from these accounts. For example, it is often assumed that you have managed to get into a network and then it discusses what to do next. It also tends to assume that you are going to run your creations as Python code when in practice converting them to an exe would be a much better idea. In other words, many of the exploits are not complete but could be made so.
This is not a book that will please everyone. It really isn't about real world routine penetration testing, for example. It does present a collection of technical projects and ideas that might please you if you want to use Python in this way. You might, however, be annoyed by the very idea of a book that deals with technical ideas in the same context as Trojans, stealing credentials and so on.
This is a good book if you want some fairly technical projects in Python and aren't put off, or better if you are attracted to, the black hat aspect of the presentation.