《Python灰帽子——黑客与逆向工程师的Python编程之道(Gray Hat Python)_Justin Seitz》pdf电子书免费下载

---

下载方式一：

百度网盘下载地址：https://pan.baidu.com/s/1LKkooAY0B2uoRffXzMP-sw

百度网盘密码：1111

下载方式二：

http://ziliaoshare.cn/Download/af_124178_pd_PythonHMZ——HKYNXGCSDPythonBCZD(GrayHatPython)_JustinSeitz.zip

 

---

作者：empty 页数：220 出版社：empty

《Python灰帽子——黑客与逆向工程师的Python编程之道(Gray Hat Python)_Justin Seitz》介绍

FOREWORDThe phrase most often heard at Immunity is probably，“Is it done yet? Common parlance usually goes some-thing like this：“T'm starting work on the new ELFimporter for Immunity Debugger. Slight pause.“Is itdone yet?”or“I just found a bug in InternetExplorer!”And then， Ts the exploit done yet Its this rapid pace of development， modi-fication， and creation that makes Python the perfect choice for your nextsecurity project， be it building a special decompiler or an entire debugger.T find it dizzying sometimes to walk into Ace Hardware herein SouthBeach and walk down the hammer aisle， There are around 50 different kindson display， arranged in neat rows in the tiny store， Each one has some minorbut extremely important difference from the next T'm not enough of a handyman to know what the ideal use for each device is， but the same principle holdswhen creating security tools.Especially when working on we h or custom-builtapps， each assessment is going to require some kind of specialized“hammer.Being able to throw together something that hooks the SQL APT has saved anImmunity team on more than one occasion.But of course， this doesn't justapply to assessments.Once you can hook the SQL APL you can easily write atool to do anomaly detection against SQL qu cries， providing your organiza-tion with a quickfix against a persistent attackerEveryone knows that it's pretty hard to get your security researchers towork as part of a team.Most security researchers， when faced with any sort ofproblem， would like to first rebuild the library they are going to use to attackthe problem.Let's say it'sa vulnerability in an SSL daemon of some kind.It'svery likely that your researcher is going to want to start by building an SSLclient.from scratch， because“the SSL library I found was a glyYou need to avoid this at all costs， The reality is that the SSL library isnot ugly—it just was n't written in that particular researcher's particular styleBeing able to dive into a big block of code， find a proble in， and fixit is thekey to having a working SSL library in time for you to write an exploit whileit still has some meaning.And being able to have your security researcherswork as a team is the key to making the kinds of progress you require.OnePython-enabled security researcher is a powerful thing， much as one Ruby-enabled one is.The difference is the ability of the Python ist as to worktogether， use old sourcecode without rewriting it， and otherwise operateas a functioning super organ is in.That ant colony in your kitchen has aboutthe same mass as an octopus， but it's much more annoying to try to kill!have tools to do some of what you want to do You say， Tv e got VisualStudioAnd here， of course， is where this book helps you.You probably alreadyIt has a debugger.Id on't need to write my own specialized debugger.Or.“Doesn'tWin Dbg have a plug-in interface?And the answer is yes， of courseWinDbg has a plug-in interface， and you can use that API to slowly puttogether something useful.But the none day you lIsa y， “Heck， this wouldbe alot better if I could connect it to 5， 000 other people using WinDbg andwe could correlate our results. And if you'reusing Python， it takes about100 lines of code for both an XML-RPCclient and a server， and now everyoneis synchronized and working off the same pageBecause hacking is not reverse engineering—your goal is n of to comeup with the original sourcecode for the application， Your goal is to have agreater understanding of the program or system than the people who built it.Once you have that understanding.no matter what the form， you will be ableto penetrate the program and get to the juicy exploits inside.This meansthat you're going to become an expert at visualization， remote synchron i-zation， graph theory， linear equation solving.statistical analysis techniquesand a whole host of other things.Immunity's decision regarding this hasbeen to standardize entirely on Python， so everytime we write a graphalgorithm， it can be used across all of our tools.In Chapter 6.Justin shows you howto write a quick hook for Firefox tograb usernames and passwords.On one hand， this is something a malwarewriter would do-and previous reports have shown that malware writers douse high-level languages for exactly this sort of thing(htp：//philosecurity.org/2009/01/12/iter view-with-an-adu are-suthor) .On the other hand， this isprecisely the sort of thing you can whip up in 15 minutes to demonstratexiv F uw wird

to developers exactly which of the as sum np tions they are making about theirsoftware are clearly untrue.Software companies invest alot in protecting theirinternal memory for what they claim are security reasons but are really copyprotection and digital rights i anagement(DRM) related.So here's what you get with this book：the ability to rapidly create softwaretools that manipulate other applications.And you get to do this in away thatallows you to build on your success either by yourself or with a team.This isthe future of security tools：quickly implemented.quickly modified， quicklyconnected.I guess the only question left is， “Ts it done yet?”Dave AitelMiami Beach， FloridaFebruary 2009Fow word

ACKNOWLEDGMENTSI would like to thank my family for tolerating me throughout the wholeprocess of writing this hook.My four beautiful children， Emily， Carter， Cohen，and Brady， you helped give Dada reason to keep writing this book， and I loveyou very much for being the great kids you are， My brothers and sister， thanksfor encouraging me through the process.You guys have written some tomesyourselves， and it was always helpful to have someone who understands therigor needed to put out any kind of technical work-Iloveyou guys.To myDad， your sense of humor helped me through alot of the days when I didn'tfeel like writing-I love ya Harold； don't stop making everyone around youlaughFor all those who helped this fledgling security researcher along theway-Jared DeMott， Pedram A mini， Cody Pierce， Thomas Heller(the uberPython man) ， Charlie Miller-I owe all you guys a big thanks.Team Immunity，without question you've been incredibly supportive of me writing this book，and you have helped me tremendously in growing not only as a Python dudebut as a developer and researcher as well A big thanks to Nico and Dami forthe extra time you spent helping me out.Dave Aitel， my technical editor，helped drive this thing to completion and made sure that it makes sense andis readable； a huge thanks to Dave.To another Dave， Dave Falloon， thanks somuch for reviewing the book， making me laugh at my own mistakes， savingmy laptop at Can Sec West， and just being the oracle of network knowledgethat you areFinally， and 1knowtheyalwaysgetlsted last， the tea nat No StarchPress.Tyler for putting up with me through the whole book(trust me， Tyleris the most patient guy you'll ever meet) ， Bill for the great Perl mug and thewords of encouragement， Megan for helping wrapup this book as painlesslyas possible， and the rest of the crew who I know works behind the scenes tohelp put out all their great titles A huge thanks to all you guys； I appreciateeverything you have done for me.Now that the acknowl edgie nts have takenas long as a Gram in y acceptance speech， I'T wrap it up by saying thanks to allthe rest of the folks who helped me and who I probably forgot to add to thelist—you know who you are.

---

《Python灰帽子——黑客与逆向工程师的Python编程之道(Gray Hat Python)_Justin Seitz》目录

CNTENTS

Freward by Dave Aitel

Acknwledgments.

Intrductin.

Chapter I：Seting Up Yur Deval pment Envir an mant.

Chapter2：DebuggersandDebuggrDesign.

Chapter3：BuildingaWindwsDebugger.

Chapter 4PyDbg-A Pure Pythn Windws Debug g.

Chapter5：ImmunityDebugger-TheBestfBthWrlds.

Chapter6：Hking.

Chapter7：DLLandCdeInjectin.

Chapter B：Fuzzing.

Chapter9：Suliey-

Chapter10：FuzzingWindwsDrivers.

Chapter11：IDAPythn-ScriptingIDAPr.

Chapter12：PyEmu-TheScrilableEmulatr-

7.2.2 Cding the Back d.

7.2.3Cmpilgwithpy2exe.

8.1.3 Frmat String At lacks.

8.3.1 Cde Cverage.

8.3.2Autmaled Static Analysis.

SETTING UP YUR DEVELPMENT ENVIRNMENT

1.1 peratingSystem Require me nfs.

1.2 brining and Instl igy hn 2.5

1.3SeltingUpEclipseandPy Dev.

1.2.1Instaling Pythn n Windws.

1.2.2Ins tlling Pythn fr Linux.

13.1TheHekeriBestFrnd.cyp es-

1.3.2 Using Dynamic Libraries.

1.3.5 Defining Structures and Unins.

DEBUGGERS AND DEBUGGER DESIGN

2.1 General Purpse CPU Registers.

22The Stack.

2.3Debug Even ls.

2.4 Breakpints.

3.1Debuggee， Where Art Thu 3.

3.2btiningCPU Register Stale

3.5 Cnclusin.

3.2.1 Thread Enumeratin.

3.2.2PutingIt All Tgether.

3.4.1Sfr Breakpints.

3.4.2Hrdw are Breakpints.

3.4.3 Memry Breakpints.

4

4.1Ex lending Breakpint Handlers.

4.2Access Vilatin Handlers.

4.3 Prcess Snapshts.

4.3.1 btaining Prcess Snapshts.

4.3.2PutingIt All Tgether.

5

5.1 Installing Immunity Debugger.

5.2 Immunity Debugger 101.

5.3 Explit Develpment.

5.4DefeatngAntDebuggngRu ines in Mal are.

5.2.1Py Cmmands.

5.2.2PyHks.

5.3.2Bad-Character Filtering.

5.3.3BypssingDEPn Windws

.5.4.1Is Debugger Present.

5.4.2 Defeating Prcess He ratin.

6.1SftHkingwthPyDbg.

6.2 Hard Hking with Immunity Debugger-

9.1Sulley Installatin.

9.2SulleyPrimihves.

9.2.3 Static and Randm Primitives.

9.2.4BinaryDa t.

9.2.5Integers.

9.2.6 Blcks and Grup.

9.3.1FTP 101.

9.3.2Crean gtheFTPPrlclSkeleln.

9.3.3Sulley Sessins.

9.3.4 Netwrk and Prcess Mnitring.

9.3.5FuzzingandtheSleyWeb Interf ce.

10.3.1 Discvering Device Names i.

10.3.2 Finding