Python Scripting for Hackers, Part 2: Building a Banner Grabbing Tool

Python

In an earlier tutorial, I introduced you to probably the most popular scripting language for hackers, Python. To become a professional hacker, you need to have some scripting skills and Python is a good choice if you want to master just one. In this latest guide, I will expand your background in Python and offer you a tidbit of Python code to whet your appetite for all of the hacking to come.

Please understand that learning any programming language takes time and much hard work. Be patient with yourself and attempt to master each small module I provide you with here on Hackers-Arise. This series is likely to run many, many modules as we attempt to convey the necessary skills to become a Master Hacker.

Object-Oriented Programming (OOP)

Before we delve deeper into Python, it’s probably worth taking a few minutes to discuss the concept of object-oriented programming (OOP). Most programming languages today (C++, Java, Ruby, etc.) try to adhere to this model of coding and Python is no exception. Some of the older programming languages were developed before this coding model was popular and therefore don’t adhere to it, but some have been updated attempting to comply with this model.

The image below shows the basic concept behind OOP. We have an object and that object has properties (attributes and states) and methods (something it does).

The idea behind OOP is to create a programming language that kind of acts like things in our real world. A car is an object that has properties (wheels, color, size, engine, windshield) and methods (it moves, doors open). From a the perspective of language, an object is a noun, a property is a adjective, and a method is generally a verb.

A car object with its methods.

Objects are a member of a class. For instance, our car is a member of the class of vehicles. In the image below, you can see that we have a class named “vehicle,” a subclass “bike,” and a sub-subclass “trike.” The “motor” and “pedal” are properties of the bike.

Object-oriented objects inherit the characteristics of their class.

Variables

Now, on to some more practical concepts in Python. A variable points to data stored in a memory location. This memory location, in Python, can store different values such as integers, real numbers, strings, floating point numbers, Booleans, lists, and dictionaries.

In Python, each variable type is treated like a class. In the script below, I have attempted to demonstrate a few of the types of variables.

Let’s create this script in any text editor. Then, let’s save it as “secondpythonscript.py” and give ourselves permissions to execute it.

kali > chmod 755 secondpythonscript.py

When we run this script, it prints the value of the string variable (HackersAriseStringVariable),

the integer variable (HackersAriseIntegerVariable),

and and the floating point number variable (HackersArisePointVariable).

Note: In Python, there is no need to declare a variable before assigning a value to it like in some other programming languages.

Functions

Python has a number of built-in functions that you can immediately import and use. Most of them are available on your default installation of Python in Kali Linux, although many more are available from the downloadable libraries. Let’s take a look at a few of the thousands that are available to you.

  • exit() – exits from a program

  • float() – returns its argument as a floating point number

  • help() – displays help on the object specified by its argument

  • int() – returns the integer portion of its argument (truncates)

  • len() – returns the number of elements in a list or dictionary

  • max() – returns the maximum value from its argument (a list)

  • open() – opens the file in the mode specified by its arguments

  • range() – returns a list of integers between two values specified by its arguments

  • sorted() – takes a list as an argument and returns it with its elements in order

  • type() – returns the type of its argument (e.g., int, file, method, function)

Lists

In many programming and scripting languages, we have arrays. Arrays are great for storing a list of objects. Arrays are a list of various values that we can retrieve by referencing the particular value in the array by its position. So, for instance, if we wanted the third value in the array, we could use it by array[2]. Python works similarly, but this functionality is called a “list.”

Lists in Python are referred to as being iterable. This means that the list can provide successive elements when we use a looping structure like a “for” statement (see Python 3).

So, let’s imagine that we needed to display the fourth element in our list (HackersAriseList) from our script above. We can access that element and print it by calling the list’s name, HackersAriseList, followed by the number of the element we want to access enclosed with brackets. It’s important to note that Python, like many other programming environments, assigns the numeral 0 to the first element in a list. For instance, in our list above, the first element is element 0. If we want element 0, we will get 1, if we want element 1 we will get 2, and so on.

To test this, let’s add a line to our script to print element at position 3 in our HackerAriseList.

print HackersAriseList[3]

When we run this script again, we can see that the new print statement prints “4.”

Networking with Python

To create a network connection in Python, we need to use the “socket” module. We learned in the previous Python tutorial that Python comes with a library of modules for a multitude of tasks. In this case, we will need the socket module to create a TCP connection.

The socket module takes two options, the socket family and the socket type. The socket family is AF_INET, the IPv4 socket (IPv6 family is AF_INET6). The second option is the socket type, in this case SOCK_STREAM or TCP-style sockets.

First, we need to import the socket module (Line 3), then instantiate a new variable from the socket class (Line 5). We will call that new variable “s” here. We then need to use the connect() method (Line 7) to make a network connection to a particular IP and port. In this case, IP address 192.168.1.109 and port 22.

Once we make the connection, there a number of things we can do. We can use the receive (recv) method to read 1024 bytes of data from the socket (Line 9) and store it in a variable named “answer”; we can print the contents of that variable (Line 11); and we close the connection (Line 13).

Let’s save this script as “HackersAriseSSHBannerGrab” and then change its permissions using the chmod command so that you can execute it.

Let’s run this script and connect to another Linux system to port 22. If SSH is running on that port, we should be able to read the banner into our “answer” variable and print it to the screen.

Essentially, we have created a simple banner grabbing script! In this way, we now know what application, version and operating system is running at that IP address.This is essentially what the website, Shodan, does for nearly every IP address.

A Taste of Things to Come

As we explore and expand your capabilities in Python, we will be building a password cracker, port scanner, banner grabber, vulnerability tester, and exploits—all in Python.