Python基础杂点

 

 

Black Hat Python

 

Python Programming for Hackers and Pentesters

by 

Justin Seitz

December 2014, 192 pp.

ISBN-13: 

978-1-59327-590-7

Print Book and FREE Ebook, $34.95

Ebook (PDF, Mobi, and ePub), $27.95

Add to cart

• Contents
• Reviews
• Updates

• Download Chapter 7: GitHub Command and Control
• Download the resources and code samples from the book
• Download the Kali Linux virtual machine used in the book (i486)

“The difference between script kiddies and professionals is the difference between merely using other people's tools and writing your own.”
—Charlie Miller, from the Foreword

Featured in ZDNet's list of "Cybersecurity reads for every hacker's bookshelf"

When it comes to creating powerful and effective hacking tools, Python is the language of choice for most security analysts. But just how does the magic happen?

In Black Hat Python, the latest from Justin Seitz (author of the best-selling Gray Hat Python), you’ll explore the darker side of Python’s capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more. You’ll learn how to:

• Create a trojan command-and-control using GitHub
• Detect sandboxing and automate com­mon malware tasks, like keylogging and screenshotting
• Escalate Windows privileges with creative process control
• Use offensive memory forensics tricks to retrieve password hashes and inject shellcode into a virtual machine
• Extend the popular Burp Suite web-hacking tool
• Abuse Windows COM automation to perform a man-in-the-browser attack
• Exfiltrate data from a network most sneakily

Insider techniques and creative challenges throughout show you how to extend the hacks and how to write your own exploits.

When it comes to offensive security, your ability to create powerful tools on the fly is indispensable. Learn how in Black Hat Python.

Uses Python 2

Author Bio 

Justin Seitz is a senior security researcher for Immunity, Inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python. He is the author of Gray Hat Python (No Starch Press), the first book to cover Python for security analysis.

Table of contents 

Introduction

Chapter 1: Setting Up Your Python Environment
Chapter 2: The Network: Basics
Chapter 3: The Network: Raw Sockets and Sniffing
Chapter 4: Owning the Network with Scapy
Chapter 5: Web Hackery
Chapter 6: Extending Burp Proxy
Chapter 7: GitHub Command and Control
Chapter 8: Common Trojaning Tasks on Windows
Chapter 9: Fun With Internet Explorer
Chapter 10: Windows Privilege Escalation
Chapter 11: Automating Offensive Forensics

Index

View the detailed Table of Contents (PDF)
View the Index (PDF)

Reviews 

"Another incredible Python book. With a minor tweak or two many of these programs will have at least a ten year shelf life, and that is rare for a security book."
—Stephen Northcutt, founding president of the SANS Technology Institute

"A great book using Python for offensive security purposes."
—Andrew Case, Volatility core developer and coauthor of The Art of Memory Forensics

"If you truly have a hacker’s mindset, a spark is all you need to make it your own and do something even more amazing. Justin Seitz offers plenty of sparks."
—Ethical Hacker (Read More)

"Whether you're interested in becoming a serious hacker/penetration tester or just want to know how they work, this book is one you need to read. Intense, technically sound, and eye-opening."
—Sandra Henry-Stocker, IT World (Read More)

"Definitely a recommended read for the technical security professional with some basic previous exposure to Python."
—Richard Austin, IEEE Cipher (Read More)

"A well-written book that will put you on track to being able to write powerful—and potentially scary—tools. It’s up to you to use them for good."
—Steve Mansfield-Devine, editor of Elsevier's Network Security Newsletter

"A well implemented read with lots of good ideas for fun offensive Python projects. So enjoy, and don't forget it's all about the code!"
—Dan Borges, LockBoxx

"A useful eye-opener."
—MagPi Magazine

Updates 

The download location for Kali Linux has changed. You can grab various virtual machines here:

https://www.offensive-security.com/kali-linux-vmware-arm-image-download/

 

 

 

 

 

import math

dir（math）    列出math全部的...

help(math.sin)          q  #退出

exit（）   #退出命令行

---------------二进制存储----------------

>>> 1.1+2.2
3.3000000000000003

由于二进制只能表示2的n次方的数，n能够取负值，3.3没法用2的n次方的数组合计算出来，因此没法精确表示：3.3=1*2+1*1+0*1/2+1*1/4+0*1/8+0*1/16+1*1/32+...
其中分式的分母只能是2的倍数(二进制所限)，3.3的二进制表示是11.01001.....
有些数好比1/3就没法精确计算，只能无限逼近

 

 

bin()、oct()、hex()的返回值均为字符串，且分别带有0b、0o、0x前缀

---------------**幂次运算------------------------------

2**2**3      #  2的2次方的3次方  =256

‘abc’**3       # abc的三次方        = abcabcabc或者‘abcabcabc’

 -------------and or not--逻辑与或非  false true-----------优先级：非与或（由高到低----

123and456     #456 
123or456     #123 

and: 若是全部值都为真，那么 and 返回最后一个值。

   若是某个值为假，则 and 返回第一个假值。

or  若是有一个值为真，or 马上返回该值。

   若是全部的值都为假，or 返回最后一个假值。

通俗讲就是程序读到哪里可以被知足而后就能够结束，而后返回最后的知足值。

>>> help('and')
Boolean operations
******************

or_test ::= and_test | or_test "or" and_test
and_test ::= not_test | and_test "and" not_test
not_test ::= comparison | "not" not_test

In the context of Boolean operations, and also when expressions are
used by control flow statements, the following values are interpreted
as false: "False", "None", numeric zero of all types, and empty
strings and containers (including strings, tuples, lists,
dictionaries, sets and frozensets). All other values are interpreted
as true. (See the "__nonzero__()" special method for a way to change
this.)

The operator "not" yields "True" if its argument is false, "False"
otherwise.

The expression "x and y" first evaluates *x*; if *x* is false, its
value is returned; otherwise, *y* is evaluated and the resulting value
is returned.

The expression "x or y" first evaluates *x*; if *x* is true, its value
is returned; otherwise, *y* is evaluated and the resulting value is
-- More --

 -----------------------------标识符----

首：字母、下划线

含:字母 下划线 数字 不能关键字（查看关键字类型的    x = '10.0'  print type(x)        --程序结果--<type 'str'>）

 

标准【控制台输入输出：  raw_input("prompts")   print

for instance

1.

pi = 3.14

radius = float(raw_input ('Radius:'))   #The default is a character string , here requires a cast float.

area = pi * radius ** 2

print area

----

2.

input =   raw_input()

>>>123

print input * 3

123123123

-----------------------------

input = int (raw_input())

>>>123

print input * 3

369

---------------------

数据量比较大时,使用生成器表达式     并不建立列表而是返回一个生成器    # ()

数据量不太大时,考虑使用列表解析      #{}

[i+1 for i in range(10)]

Out[1]: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]

[i+1 for i in range(10) if i%2 == 0]
Out[2]: [1, 3, 5, 7, 9]

(i+1 for i in range(10) if i%2 == 0)
Out[3]: <generator object <genexpr> at 0x09B648C8>

 -----------------

from random import randint

 

x = randint(0,300)

for count in range(0,5):

print 'please input a number between 0~300:'

digit = input()

if digit == x:

print'Bingo!'

elif digit > x:

print'too lare!'

elif digit < x:

print'too small!'

 -------------------

哥德巴赫猜测

2-100 prime

 

 ----第二周测试---------

3填空(1分)
对于一元二次方程，如有 ，则其解是什么？如有多个解，则按照从小到大的顺序在一行中输出，中间使用空格分隔。解保留2位小数（四舍五入）。

正确答案：-3.58 -0.42
4填空(1分)
假设你每一年初往银行帐户中1000元钱，银行的年利率为4.7%。
一年后，你的帐户余额为：
1000 * ( 1 + 0.047) = 1047 元
第二年初你又存入1000元，则两年后帐户余额为：
(1047 + 1000) * ( 1 + 0.047) = 2143.209 元
以此类推，第10年年底，你的帐户上有多少余额？
注：结果保留2位小数（四舍五入）。

total = 0
for x in xrange(0,10):
　　total = (total + 1000) * (1 + 0.047)
print total

　　
正确答案：12986.11
5填空(1分)
Python提供了众多的模块。你能找到一个合适的模块，输出今天的日期吗？格式为“yyyy-mm-dd”。能够查找任何搜索引擎和参考资料，并在下面的空白处写出相应的模块名。

正确答案：datetime 或 time 或 calendar

 

 

------------二分法求平方根-------

x = 2

low = 0

high = x

guess = (high+ low) / 2

while abs(guess ** 2 -x) >1e-4:

　　if guess ** 2 > x:

　　　　high = guess

　　else :

　　　　low  guess

 

guess = (low + high)/2

print "the root of x is :", guess

------

x<0?  

x<1?

ERROR: execution aborted

 

 ----------------------prime----

x = 8
for i in range(2,x):
if x % i == 0:
print'x is not a prime!'
break
else:
print'x is a prime'

---------------enhanced edition prime-

x = 8
for i in range (2, int(math.sqrt(x)+1)):
if x % i == 0:
print'x is not a prime!'
break
else:
print'x is a prime'

 

假设一个合数c（非素数）能够因式分解成两个大于其开方结果的数a，b

则有以下表达式：c=a*b

a*b>c

与假设c=a*b矛盾

因此假设不成立

即合数的因式分解时，至少有一个结果不大于该数开方结果。

不存在这个结果，就说明是素数。

------python格式等快捷键----

-----前50个素数-------

x = 2
count = 0

while count < 50:
for i in range(2,x):
if x%i == 0:
#print x,' is not a prime'
break
else:
print x,'is a prime!'
count += 1
x += 1

-------回文数---

num = 123

num_p = 0

num_t = num

while num != 0:

　　num_p = num_p * 10 + num% 10

　　num = num / 10 

if num_t == num_p :

　　print'yes!'

else:

　　print'NO!'

------

 

 

  

 

----------------------先存着------------

Python | 静觅
http://cuiqingcai.com/category/technique/python

零基础写python爬虫之爬虫编写全记录_python_脚本之家
http://www.jb51.net/article/57161.htm

--------------------------------------------

 

感受电脑神经兮兮的，明明下的正版，还一遍一个样。。。。

妈卖批，刚才真的试了好屡次不行，重启，tm的就行了。。。。。

好吧，这种状况不少软件都会有，，，٩(๑òωó๑)۶

 

还有版本不一样有些东西还真tm的彻底不一样。。。。。

绝逼有问题，往右一动，再回来曾经被覆盖的就不再出现了，妈卖批。。。。。

 

 

 

 

粘贴的正确姿式：

 

 ------------------------------

也不知这是进了什么模式仍是安装包有问题，真恶心。。。

 

 

------------------2运行不出来准备换3或者在虚拟机中运行----------------------

import requests
from bs4 import BeautifulSoup
import bs4

def getHTMLText(url):
try:
r = requests.get(url,timeout = 30)
r.raise_for_status()
r.encoding = r.apparent_encoding
return r.text
except:
return""
#return""


def fillUnivList(ulist,html):
soup = BeautifulSoup(html,"html.parser")
for tr in soup.find('tbody').children:
if isinstance(tr,bs4.element.Tag):
tds = tr('td')
ulist.append([tds[0].string,tds[1].string,tds[2].string])
#pass

def printUnivList(uList,num):
# print("Suc"+str(num))
print("{:^10}\t{:^6}\t{:^10}".format("排名","学校","总分"))
for i in range(num):
u = ulist[i]
print("{:^10}\t{:^6}\t{:^10}".format(u[0],u[1]),u[2])
#print("Suc"+str(num))


def main():
uinfo = []
url = 'http://www.zuihaodaxue.cn/zuihaodaxuepaiming2016.html'
html = getHTMLText(url)
fillUnivList(uinfo,html)
printUnivList(uinfo,20) # 20 univs
main()

------------------------------------------

如何打开requests库get方法的源代码？
-------------------------------
-------------若是有Python3你还用2 那我就呵呵呵了-----------

安装Python3_没毛病，就是不识字。。。。。
http://jingyan.baidu.com/article/a17d5285ed78e88098c8f222.html?st=2&net_type=&bd_page_type=1&os=0&rst=&word=www.10010

安装python2-这个别用了除非你有毛病！！！还要配置环境变量，3貌似不用了，，，，
http://jingyan.baidu.com/article/7908e85c78c743af491ad261.html

 

3.6.1rc1 Documentation
https://docs.python.org/3.6/index.html

---------------------

慢的要死

-------------------

 

--------------------------

 

有坑-----------------------

 

----呵呵卸载了python立刻就行了-----

千万别把两个功能相同的软件同时安装，指不定就出什么毛病，毕竟操做系统等等好多内容都不会

 

 -----------------------------------好特么慢！！！！---------------------

 

 -----------------3.21------------------

conda list  列出自带的库

1.Python3

Q：

pip install scrapy（失败！！！！）

A：

我安装了一个C++ 14.0的编译器，而后安装就不报错了
从 http://www.lfd.uci.edu/~gohlke/pythonlibs/这个网站上下载编译好的库

下载好的是一个whl文件

而后pip install xxx.whl就好了

 

把它放D盘，而后pip install D:\Scrapy-1.3.3-py2.py3-none-any.whl 

为啥..我用whl仍是提示我没有c库..

那就须要安装一下缺乏的库了，我刚安装完，而后再次pip install 就不报错了

-------------------------

2.

anaconda

conda install scrapy（成）

 

 

 

--------------结论：版本不一样，不少东西都tm不一样----------------------要是本身玩，会死的很惨--------

 

 

------------Python3的33个关键字----------

-------------3.27.2017------

四种遍历方式：

--------------

--------------------------------

Q: if __name__ == "__main__":

A：

__name__是指示当前py文件调用方式的方法。若是它等于"__main__"就表示是直接执行，若是不是，则用来被别的文件调用，这个时候if就为False，那么它就不会执行最外层的代码了。
好比你有个Python文件里面
def XXXX():
#body
print "asdf"
这样的话，就算是别的地方导入这个文件，要调用这个XXXX函数，也会执行print "asdf"，由于他是最外层代码，或者叫作全局代码。可是每每咱们但愿只有我在执行这个文件的时候才运行一些代码，不是的话（也就是被调用的话）那就不执行这些代码，因此通常改成
def XXXX():
#body
if __name__="__main__":
print "asdf"

这个表示执行的是此代码所在的文件。 若是这个文件是做为模块被其余文件调用，不会执行这里面的代码。 只有执行这个文件时， if 里面的语句才会被执行。 这个功能常常能够用于进行测试。

 

 

>>> import re
>>> match = re.match(r'[1-9]\d{5}','100081 BIT')
>>> if match:
... match.group(0)
...
'100081'
>>> print(match.group(1))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
IndexError: no such group

------------------------

>>> import re
>>> re.split(r'[1-9]\d{5}','BIT100032 BIO100067 BOF100025 BFC100027',maxsplit =2)
['BIT', ' BIO', ' BOF100025 BFC100027']
>>>

------------------------

>>> import re
>>> re.sub(r'[1-9]\d{5}',':zipcode','BIT100032 BIR100065 BSM123035')
'BIT:zipcode BIR:zipcode BSM:zipcode'

。即。
\. 即任意字符
【】里只取一个字符
{n}前一字符重复n次

 

-------------------------

函数性用法：一次性操做

>>> rst = re.search(r'[1-9]\d{5}','BIT 100081')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 're' is not defined
>>> import re
>>> rst = re.search(r'[1-9]\d{5}','BIT 100081')
>>>
>>> rst
<_sre.SRE_Match object; span=(4, 10), match='100081'>
>>>

------------------------

 面向对象的用法：编译后的屡次操做(regex可换成其余英文变量表示)

 

re型字符串编译成正则表达式类型生成regex对象；而后直接调用regex的search方法

>>> import re
>>> regex = re.compile(r'[1-9]\d{5}')
>>> rst = regex.search('BIT 100049')
>>>
>>> rst
<_sre.SRE_Match object; span=(4, 10), match='100049'>
>>>