This review was originally printed in the June 2015 edition of the UKUUG newsletter, which is now defunct.
Title: Black Hat Python (1st edition)
Authors: Justin Seitz
As a developer and system administrator, I’m always interested in how I can probe systems and software under my control for vulnerabilities. Python seems as good a choice as any, so this book sounded like it would be right up my street.
The first chapter takes us through setting up a sandboxed environment to write and test Python code. This was disappointing in three ways: the choice of VMWare (open source alternatives are available and packaged for most distributions), telling readers download an image from an untrusted website without SSL (an odd suggestion for a security book) and selecting a commercial IDE when there are excellent open source alternatives available. I decided to fire up a Debian install instead, which seemed to meet all the requirements.
Chapter two covers the various network functions available in Python, on the grounds that many Linux distributions may not have advanced network tools but Python is often installed by default. Simple client and server examples using both TCP and UDP are used as starting points, followed up by an implementation of Netcat and a TCP proxy. Whilst these are interesting, there is a lot of time spent on the code and very little on how to use it either for testing or exploitation. The author then moves on to discuss a library for accessing the SSH protocol on the basis that an SSH client is not always installed, but such a machine probably won’t allow you to use the ‘pip install’ command either.
The next chapter takes us through the creation of raw sockets and sniffing traffic on the network. The author gradually builds up a script for sniffing network traffic, although this kept failing with various errors on my test VM. Script problems aside, the chapter provides a reasonable overview of IPv4 headers and ICMP messages (IPv6 is not even mentioned at this stage).
Chapter four introduces Scapy, a Python library for manipulating network packets. An example using ARP poisoning is given, although the details of how this technique works at a lower level are omitted so the reader will need to go elsewhere to fully understand it.
Chapter five covers web applications, and is where I would expect the bulk of information of interest to reside. Unfortunately there was very little detail with only two examples, one general and obvious (looking for ‘interesting’ files by trying URLs) and another which effectively involves brute forcing a login form for a specific application, but with no information on how to generate a useful wordlist.
The next two chapters cover Burp and GitHub, and were a little too specific for my liking. Not only is a lot of knowledge assumed (e.g. that the reader has used Burp before) but the topics are rushed through in a few pages (a grand total of nine for GitHub) and I came away none the wiser.
Chapters eight, nine and ten focus solely on Windows, demonstrating how to log keystrokes, take screenshots and control Internet Explorer, as well as privilege escalation techniques. These were by far the most interesting chapters of the book, and it’s a shame that similar ones weren’t included for Linux given its popularity as a server operating system and the need for root privileges if you want to place an interface in promiscuous mode.
The final chapter swerves in a totally different direction, covering what the author terms ‘offensive forensics’. Whilst an interesting topic, it doesn’t seem to fit with the other chapters and ten pages isn’t enough to do much more than provide a very general introduction.
Overall this book feels rushed, with lots of low level knowledge assumed and major topics skimmed over in just a few pages. It needs more focus, ideally sticking to one area (web applications, operating systems, computer forensics) instead of trying to cover them all in under 200 pages.