If anyone starting out with either learning Python or cyber security there is a fantastic course on Udemy you should put serious consideration into buying. The Python for Ethical hacking course takes you step by step through coding your own tools for carrying out various security related tasks such as scanning for open ports and active IP addresses, transferring files between machines and even setting up a botnet which includes coding both the client and server side code.
The course covers a lot of different tools so if you are into security there is very likely going to be something relevant to you.
The instructor speaks very clearly and explains everything as he goes along.
Both Python 2 and 3 are used with discussion of some of the differences.
Each tool is coded live which also involves the debugging phase at the end, seeing a skilled coder going through the debugging process is invaluable knowledge which often gets skipped in other courses.
While the course is aimed at people with a little bit of experience in Python and coding I feel that anyone with general tech saviness should be able to jump in and follow.
The majority of the tools are left open to allow you to add features in the future if it’s something you start using for real world work.
The only con I could think of was that most of the tools weren’t demonstrated in a real world scenario. Watching some of these tools in action might have helped learners remember what they do on a deeper level.
This is one of the best courses I have done so far. The experience I’ve gained from watching someone coding these tools and following along in real time far outweighs the learning I’ve gained from other basic python courses which teach things on a more conceptual level.
Some of these tools you create on this course are almost clones of popular tools from Kali Linux which allows you to carry on learning different penetration testing techniques but with a bigger sense of achievement at the end as you know you coded some of the tools yourself by hand.
I’m so impressed by this course that whatever the instructor releases next will likely go onto my wishlist to learn, regardless of the topic.
I recently did some work in a building where the tenants thought they were protecting their wifi by having one of their staff type in the wifi password for me instead of just telling me the password.
I think the logic was that it would stop me handing it out to other people which might then lead to them having lots of unknown users connecting. I’m not sure how much research went into testing how effective their technique was
Here’s how to see the password of any wifis you have previously connected to from your computer (even if you didn’t enter the password yourself)
open up command prompt and run: netsh wlan show profile
This will bring up a list of all the wifi hotspots you have connected to. Then to display the password for one of them run : Netsh wlan show profile xxx key=clear (replace xxx with the name of the wifi from the previous step)
this should reveal the plaintext password in the key content field:
Note: If the key is not shown and instead says something like “security key : present” make sure you are running cmd as administrator
If there are too many hotspots listed to do them manually here is some python to automate their extraction:
If for some reason you find yourself on a machine you cannot get dirb or dirbuster on here is some quick code for how to achieve similar results using python 3.
It takes a word list from your common.txt file (change the name in the code if needed) and tries to connect to the url you have given it + each line in the .txt file and then gives a positive result if the full url path gives back a response.
The code doesn’t have any sort of rate limiting so if your target has systems in place to block DOS attacks you may start getting false negatives.
#scans for web directories from a word list
#replace common.txt with your wordlist
#for python 3
return requests.get("http://" + url)
target_url = input("Enter Target URL: ")
file = open("common.txt","r")
for line in file:
word = line.strip()
full_url = target_url + "/" + word
response = request(full_url)
print("Discovered directory at this link: " + full_url)
The code comes courtesy of a course on Udemy taught by the very eloquent Eduardo Rosas
Here’s an old video from 2015 showing an interview with the creator of burpsuite answering a few questions about how it started and why he initially started developing the tool. Like a lot of security applications it seems to have started its life as a hobby project which kept growing with new features until enough people found it useful for it to become mainstream.
Here are some useful timestamps:
6:30- interview starts
13:10 – how burp got its name
29:30 – Burp spider
32:45 – Server side template engines
40:00 – pricing
45:00 – the wider security community
46:30 – Recommendations for vulnerable test applications
Its interesting to note the difference in presentation between Dafydd who most likely spends his days presenting security ideas to IT managers at corporate jobs compared to the two podcast hosts who seem to be trying to create some sort of cross between the stereotypical hoodied hacker and Joe Rogan. As the security industry matures I’m expecting we’ll come across more of the former.