1
00:00:00,000 --> 00:00:01,028
[No audio]

2
00:00:01,053 --> 00:00:03,029
The last scripting environment we're going to look

3
00:00:03,029 --> 00:00:07,019
at is Python. Now Python, like Ruby is way bigger

4
00:00:07,019 --> 00:00:09,719
than just a scripting language. It's actually a

5
00:00:09,719 --> 00:00:13,559
full featured high level multipurpose language.

6
00:00:13,679 --> 00:00:17,279
It's also either object oriented and/or

7
00:00:17,309 --> 00:00:19,469
procedural, you can do both or you can do either

8
00:00:19,469 --> 00:00:22,769
or. So it allows or supports different programming

9
00:00:22,769 --> 00:00:26,519
paradigms. You can do a lot of work very rapidly

10
00:00:26,519 --> 00:00:29,279
in Python. It's a great language as an

11
00:00:29,279 --> 00:00:31,799
introductory language as well. It's easy to learn,

12
00:00:31,949 --> 00:00:34,589
easy to use, and there's a tremendous number of

13
00:00:34,589 --> 00:00:37,079
libraries out there. So you don't have to re-invent

14
00:00:37,079 --> 00:00:39,581
the wheel every time you want to do something. You just go out,

15
00:00:39,606 --> 00:00:41,879
find the library you want, include

16
00:00:41,879 --> 00:00:44,966
it, and boom, you've got access to lots of pre written code.

17
00:00:45,145 --> 00:00:47,699
That's why Python is such a good fit

18
00:00:47,729 --> 00:00:50,969
for penetration testing. It's easy to learn, easy

19
00:00:50,969 --> 00:00:54,179
to use, fast to prototype, and you can create some

20
00:00:54,179 --> 00:00:57,209
really powerful scripts with just a little bit of

21
00:00:57,209 --> 00:00:59,789
source code. So let's take a peek under the hood

22
00:00:59,789 --> 00:01:02,759
and look at some Python code. So here is a simple

23
00:01:02,759 --> 00:01:06,120
Python script. This, again, is a port scanner.

24
00:01:06,438 --> 00:01:08,579
So if we start from the very beginning, we're going

25
00:01:08,579 --> 00:01:11,609
to import two libraries, the sys library and the

26
00:01:11,609 --> 00:01:14,849
socket library. The first thing we do is we grab

27
00:01:14,849 --> 00:01:17,909
our input arguments, we grab argv 1, put it in

28
00:01:17,909 --> 00:01:20,669
target, and we grab argv 2 and argv 3 and put

29
00:01:20,669 --> 00:01:23,339
them in min and maxport. Now, I will tell you

30
00:01:23,459 --> 00:01:26,879
that this is not the most elegant way to bring

31
00:01:26,909 --> 00:01:29,639
input arguments into Python, it's actually kind of

32
00:01:29,639 --> 00:01:32,069
a brute force way. There's much more elegant way

33
00:01:32,069 --> 00:01:34,769
that only takes a little bit more code. But we're

34
00:01:34,769 --> 00:01:36,809
trying to make everything really simple and

35
00:01:36,809 --> 00:01:39,509
accessible here, so that the scripts look as much

36
00:01:39,509 --> 00:01:42,839
like the other languages as possible. So be aware,

37
00:01:42,989 --> 00:01:45,419
you shouldn't write your scripts this way. But

38
00:01:45,569 --> 00:01:48,689
this works for now. Once we assigned target,

39
00:01:48,719 --> 00:01:51,239
minimum, and maximum port, then we're going to

40
00:01:51,239 --> 00:01:54,689
create a function. In Python, we create functions

41
00:01:54,689 --> 00:01:57,929
by using the def keyword, so it's define or

42
00:01:57,929 --> 00:02:00,989
def porttry, that's the name of the function.

43
00:02:01,109 --> 00:02:04,349
We're going to try current_target and port. A

44
00:02:04,349 --> 00:02:06,839
couple of things to notice that make Python

45
00:02:06,839 --> 00:02:09,329
different than other languages. First off, you'll

46
00:02:09,360 --> 00:02:12,270
notice that in my blocks, there's no in statement.

47
00:02:12,508 --> 00:02:14,909
I have a defined statement for my function, and at

48
00:02:14,909 --> 00:02:17,549
the bottom, here's my for block. There's no in

49
00:02:17,549 --> 00:02:20,699
statement. Python doesn't use block headers and

50
00:02:20,699 --> 00:02:23,429
block terminator statements. Python uses

51
00:02:23,429 --> 00:02:27,089
indentation, and the indentation dictates what

52
00:02:27,089 --> 00:02:30,179
belongs to what block. It's extremely important

53
00:02:30,179 --> 00:02:32,759
that you get your indents correct, or Python will

54
00:02:32,759 --> 00:02:35,279
get confused. Let's look at the for block.

55
00:02:35,939 --> 00:02:38,729
Everything that's indented, in this case, we used

56
00:02:38,729 --> 00:02:42,479
four characters, the s equals socket, value, and the

57
00:02:42,479 --> 00:02:45,179
whole if block are part of the for block because

58
00:02:45,179 --> 00:02:48,869
they're indented. The print statement is part of

59
00:02:48,869 --> 00:02:51,659
the if block or the if statement because it's been

60
00:02:51,659 --> 00:02:55,799
indented. So indentation dictates actual syntax.

61
00:02:56,069 --> 00:02:59,039
So it's very important, if the Python interpreter

62
00:02:59,039 --> 00:03:00,959
yells at you because your indentation is wrong,

63
00:03:00,989 --> 00:03:02,237
you've got to go in and fix it,

64
00:03:02,261 --> 00:03:04,863
and you have to be a little bit careful when you use a different editor,

65
00:03:05,091 --> 00:03:07,024
because if you indent four spaces one

66
00:03:07,049 --> 00:03:09,779
place, and then use a tab somewhere else, it may

67
00:03:09,779 --> 00:03:11,759
look the same, but Python will actually tell you,

68
00:03:11,759 --> 00:03:14,369
you know, you've got to be consistent. So a little

69
00:03:14,369 --> 00:03:16,829
frustrating at first, but once you get the hang of

70
00:03:16,829 --> 00:03:19,019
it, it's a lot less code because I never have to

71
00:03:19,019 --> 00:03:22,079
worry about ending my statements. It reads the way

72
00:03:22,079 --> 00:03:25,800
that it's going to be executed. Error handling

73
00:03:25,824 --> 00:03:29,931
is using try and except, the way we implement error handling rather.

74
00:03:29,955 --> 00:03:33,899
So what happens is in a block, we try certain statements, if

75
00:03:33,899 --> 00:03:37,109
there's an error, we run the except. So this is

76
00:03:37,109 --> 00:03:40,109
the way our function works. We invoke the

77
00:03:40,109 --> 00:03:43,919
function, we try a particular port on a target, we

78
00:03:43,919 --> 00:03:46,919
attempt to connect. If we connect without error,

79
00:03:46,949 --> 00:03:50,009
we return a True, if there's an error, it drops

80
00:03:50,009 --> 00:03:52,949
into the except block and returns None. Alright,

81
00:03:52,949 --> 00:03:56,249
so let's go into our main block. for i in range of

82
00:03:56,274 --> 00:03:59,034
minport to maxport+1, well, that's pretty easy.

83
00:03:59,134 --> 00:04:01,294
We simply go from whatever the user types in from

84
00:04:01,319 --> 00:04:05,778
minport up to maxport+1. We define a socket,

85
00:04:07,111 --> 00:04:09,869
and then we say value is equal to porttry

86
00:04:09,899 --> 00:04:13,109
target and i, so basically, we try the target, and

87
00:04:13,109 --> 00:04:16,228
we range our ports from minimum to maximum

88
00:04:16,228 --> 00:04:19,469
one at a time, and for each try, we get back

89
00:04:19,499 --> 00:04:24,418
either a None or a True. If the value is not None,

90
00:04:24,449 --> 00:04:27,059
we could have said the value equals True, then we

91
00:04:27,059 --> 00:04:31,079
print Port open. Otherwise, we're done. We go to

92
00:04:31,079 --> 00:04:33,839
the next iteration of the for block, and notice

93
00:04:33,869 --> 00:04:36,869
the output for Python is simply the print

94
00:04:36,869 --> 00:04:38,999
statement. So that's a little bit different than

95
00:04:38,999 --> 00:04:41,969
other languages as well. All right, so enough

96
00:04:41,969 --> 00:04:43,859
digging through code. Let's see the thing

97
00:04:43,889 --> 00:04:47,909
operating. The way we run it, we type in python,

98
00:04:48,777 --> 00:04:53,787
python portscan.py 10.10.1.10 and we'll

99
00:04:53,819 --> 00:04:55,589
go from port 20 to 80,

100
00:04:56,670 --> 00:04:59,040
and there we go. It's done. It shows us which

101
00:04:59,040 --> 00:05:01,020
ports are open and that's pretty much the same

102
00:05:01,020 --> 00:05:04,770
ports that we saw in the other port scanners. So

103
00:05:04,800 --> 00:05:07,260
that wraps up our summary of the different

104
00:05:07,260 --> 00:05:09,270
languages. You've looked at four different

105
00:05:09,270 --> 00:05:11,340
environments, and you've seen a port scanner

106
00:05:11,340 --> 00:05:14,220
written in each environment. There's similarities,

107
00:05:14,250 --> 00:05:16,560
but there's also some differences. Now, let's dig

108
00:05:16,560 --> 00:05:18,450
down a little bit further, and let's look at some

109
00:05:18,450 --> 00:05:21,030
of the specific differences between each of these

110
00:05:21,030 --> 00:05:23,490
environments. It'll help you decide which one is

111
00:05:23,490 --> 00:05:26,040
most comfortable for you. But regardless of which

112
00:05:26,040 --> 00:05:28,290
one you like the best. Make sure that you can

113
00:05:28,290 --> 00:05:31,770
recognize syntax from all the four basic languages

114
00:05:31,980 --> 00:05:35,250
because that's what the PenTest+ exam is going to ask you about.

115
00:05:35,274 --> 00:05:45,666
[No audio]