Table of Contents for
Python Web Penetration Testing Cookbook
Python Web Penetration Testing Cookbook
Published by
Packt Publishing, 2015
- Cover
- Table of Contents
- Python Web Penetration Testing Cookbook
- Python Web Penetration Testing Cookbook
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Disclamer
- Preface
- What you need for this book
- Who this book is for
- Sections
- Conventions
- Reader feedback
- Customer support
- 1. Gathering Open Source Intelligence
- Gathering information using the Shodan API
- Scripting a Google+ API search
- Downloading profile pictures using the Google+ API
- Harvesting additional results from the Google+ API using pagination
- Getting screenshots of websites with QtWebKit
- Screenshots based on a port list
- Spidering websites
- 2. Enumeration
- Performing a ping sweep with Scapy
- Scanning with Scapy
- Checking username validity
- Brute forcing usernames
- Enumerating files
- Brute forcing passwords
- Generating e-mail addresses from names
- Finding e-mail addresses from web pages
- Finding comments in source code
- 3. Vulnerability Identification
- Automated URL-based Directory Traversal
- Automated URL-based Cross-site scripting
- Automated parameter-based Cross-site scripting
- Automated fuzzing
- jQuery checking
- Header-based Cross-site scripting
- Shellshock checking
- 4. SQL Injection
- Checking jitter
- Identifying URL-based SQLi
- Exploiting Boolean SQLi
- Exploiting Blind SQL Injection
- Encoding payloads
- 5. Web Header Manipulation
- Testing HTTP methods
- Fingerprinting servers through HTTP headers
- Testing for insecure headers
- Brute forcing login through the Authorization header
- Testing for clickjacking vulnerabilities
- Identifying alternative sites by spoofing user agents
- Testing for insecure cookie flags
- Session fixation through a cookie injection
- 6. Image Analysis and Manipulation
- Hiding a message using LSB steganography
- Extracting messages hidden in LSB
- Hiding text in images
- Extracting text from images
- Enabling command and control using steganography
- 7. Encryption and Encoding
- Generating an MD5 hash
- Generating an SHA 1/128/256 hash
- Implementing SHA and MD5 hashes together
- Implementing SHA in a real-world scenario
- Generating a Bcrypt hash
- Cracking an MD5 hash
- Encoding with Base64
- Encoding with ROT13
- Cracking a substitution cipher
- Cracking the Atbash cipher
- Attacking one-time pad reuse
- Predicting a linear congruential generator
- Identifying hashes
- 8. Payloads and Shells
- Extracting data through HTTP requests
- Creating an HTTP C2
- Creating an FTP C2
- Creating an Twitter C2
- Creating a simple Netcat shell
- 9. Reporting
- Converting Nmap XML to CSV
- Extracting links from a URL to Maltego
- Extracting e-mails to Maltego
- Parsing Sslscan into CSV
- Generating graphs using plot.ly
- Index
This recipe will allow us to extract messages hidden in images by using the LSB technique from the preceding recipe.
As seen in the previous recipe, we used the LSB of the Red value of an RGB pixel to hide a black or white pixel from an image that we wanted to hide. This recipe will reverse that process to pull the hidden black and white image out of the carrier image. Let's take a look at the function that will do this:
#!/usr/bin/env python
from PIL import Image
def ExtractMessage(carrier, outfile):
c_image = Image.open(carrier)
out = Image.new('L', c_image.size)
width, height = c_image.size
new_array = []
for h in range(height):
for w in range(width):
ip = c_image.getpixel((w,h))
if ip[0] & 1 == 0:
new_array.append(0)
else:
new_array.append(255)
out.putdata(new_array)
out.save(outfile)
print "Message extracted and saved to " + outfile
ExtractMessage('StegTest.png', 'extracted.png')First, we import the Image module from the Python image library:
from PIL import Image
Next, we set up the function that we will use to extract the messages. The function takes in two parameters: the carrier image file name and the filename that we want to create with the extracted image:
def ExtractMessage(carrier, outfile):
Next, we create an Image object from the carrier image. We also create a new image for the extracted data; the mode for this image is set to L because we are creating a grayscale image. We create two variables that will hold the width and height of the carrier image. Finally, we set up an array that will hold our extracted data values:
c_image = Image.open(carrier)
out = Image.new('L', c_image.size)
width, height = c_image.size
new_array = []Now, onto the main part of the function: the extraction. We create our for loops to iterate over the pixels of the carrier. We use the Image objects and getpixel function to return the RGB values of the pixels. To extract the LSB from the Red value of a pixel, we use a bitwise mask. If we use a bitwise AND with the Red value using a mask of 1, we will get a 0 returned if the LSB was 0, and 1 returned if it was 1. So, we can put that into an if statement to create the values for our new array. As we are creating a grayscale image, the pixel values range from 0 to 255, so, if we know the LSB is a 1, we convert it to 255. That's pretty much all there is to it. All that's left to do is to use our new images putdata method to create the image from the array and then save.
So far, we've looked at hiding one image within another, but there are many other ways of hiding different data within other carriers. With this extraction function and the previous recipe to hide an image, we are getting closer to having something we can use to send and receive commands through messages, but we are going to have to find a better way of sending actual commands. The next recipe will focus on hiding actual text within an image.