Questions about this topic? Sign up to ask in the talk tab.

User:Rorschach/Python

From NetSec
Jump to: navigation, search

Python talk logs: 

02:00 < rorschach> ok 
02:00 < rorschach> here goes nothing
02:01 < rorschach> so if you want to run python there's two ways to do it
02:01 < rorschach> you can run straight into an interpreter
02:01 < rorschach> like so
02:01 < rorschach> rorschach@bastille:~$ python
02:01 < rorschach> Python 2.6.6 (r266:84292, Dec 26 2010, 22:31:48) 
02:01 < rorschach> [GCC 4.4.5] on linux2
02:01 < rorschach> Type "help", "copyright", "credits" or "license" for more information.
02:01 < rorschach> >>> print "test"
02:01 < rorschach> test
02:01 < rorschach> >>> 
02:01 < rorschach> or you can input a python file
02:02 < rorschach> rorschach@bastille:~$ cat test.py 
02:02 < rorschach> print "test"
02:02 < rorschach> rorschach@bastille:~$ python test.py
02:02 < rorschach> test
02:02 < rorschach> rorschach@bastille:~$ 
02:02 < rorschach> I find directly into the interpreter handy for testing code or a quick calculator
02:03 -!- ctOph13 [[email protected]] has left #CSIII []
02:03 -!- ctOph13 [[email protected]] has joined #CSIII
02:03 < rorschach> to print in python < 3.0 you use 'print "string"'
02:03 < rorschach> in 3.0 < you use print("string")
02:03 < rorschach> to declare variables you 
02:03 < rorschach> variable_name = ""
02:04 < rorschach> you don't state the variable type, and you can dynamically change them
02:04 < rorschach> >>> test = "test"
02:04 < rorschach> >>> test = 1
02:04 < rorschach> >>> print test
02:04 < rorschach> 1
02:04 < rorschach> >>> 
02:04 < rorschach> python is reliant on whitespace
02:05 < rorschach> so instead of braces like in C, you use indentation (or spacing, it doesn't matter as long as it stays the same)
02:05 < rorschach> so an example of a conditional:
02:05 < rorschach> >>> if "test" == "test":
02:05 < rorschach> ...   print "test"
02:05 < rorschach> ... else:
02:05 < rorschach> ...   print "no"
02:05 < rorschach> ... 
02:05 < rorschach> test
02:05 < rorschach> >>> 
02:06 < rorschach> (the "..." are added by the interpreter)
02:06 < ktbonefish> 4 spaces = 1 tab, 1 tab = 1 whitespace generally?
02:06 < rorschach> no
02:06 < rorschach> whitespace could be 1 space
02:06 < rorschach> or it could be 3 tabs
02:07 < rorschach> it doesn't matter as long as in that block it remains the same
02:07 < ktbonefish> gotcha
02:07 < rorschach> example for good measure
02:07 < rorschach> >>> if "test" == "test":
02:07 < rorschach> ...     print "test"
02:07 < rorschach> ... else:
02:07 < rorschach> ...   print "no"
02:07 < rorschach> ... 
02:07 < rorschach> test
02:07 < rorschach> >>> 
02:07 < rorschach> a while loop would look like:
02:07 < rorschach> while a < 10:
02:08 < rorschach> so basically just like in C
02:08 < rorschach> you can even put () around the statements if that floats your boat
02:08 < rorschach> while (a < 10):
02:08 <@p00pi3> which do you primarily use, 2.7? or 3.0? i know they're different, and not many devs seem to like 3.0
02:08 < rorschach> is valid
02:08 < rorschach> I use < 3
02:08 < rorschach> just depends on what the distro comes with
02:09 < rorschach> I actually usually
02:09 < rorschach> mv /usr/bin/python /usr/bin/python3; ln -s /usr/bin/python27 /usr/bin/python
02:09 < rorschach> on a new install if it comes with python3 by default
02:09 < rorschach> a for loop is where it gets interesting
02:10 < rorschach> you would
02:10 < rorschach> (here's an example)
02:11 < rorschach> >>> # to iterate over a list with a for loop:
02:11 < rorschach> ... 
02:11 < rorschach> >>> list_a = ("123", "abc", "456", "def")
02:11 < rorschach> >>> for a in list_a:
02:11 < rorschach> ...   print a
02:11 < rorschach> ... 
02:11 < rorschach> 123
02:11 < rorschach> abc
02:11 < rorschach> 456
02:11 < rorschach> def
02:11 < rorschach> >>> 
02:11 < rorschach> actually that's a tuple, but the point remains
02:12 < rorschach> if you want to declare a tuple or list you would:
02:12 < rorschach> >>> tuple_a = ()
02:12 < rorschach> >>> list_b = []
02:12 < rorschach> >>> 
02:12 < rorschach> an empty one that is
02:12 -!- dem [[email protected]] has joined #CSIII
02:12 < ktbonefish> what is a tuple compared to a list?
02:12 < rorschach> you can declare them like I did above if you want (probably preferred)
02:12 < rorschach> umm
02:13 < rorschach> I think a tuple is an unordered list? but don't take my word for it
02:13 < rorschach> I'm not totally sure
02:13 < rorschach> (if someone does know, please jump in)
02:13 < ctOph13> http://tinyurl.com/tuplevslist
02:14 < rorschach> http://news.e-scribe.com/397
02:14 < ctOph13> pretty good description there
02:14 < rorschach> python also has dictionaries
02:14 < rorschach> which is a key:value set
02:15 < rorschach> example:
02:15 < rorschach> >>> dictionary_a = {"123":1, "abc":2, 3:"567"}
02:15 < rorschach> >>> print dictionary_a['123']
02:15 < rorschach> 1
02:15 < rorschach> >>> print dictionary_a[1]
02:15 < rorschach> Traceback (most recent call last): File "<stdin>", line 1, in <module>
02:15 < rorschach> KeyError: 1
02:15 < rorschach> >>> print dictionary_a['abc']
02:15 < rorschach> 2
02:15 < rorschach> >>> 
02:16 < rorschach> note that trying to access the value like that triggers an error
02:16 < rorschach> do dictionaries make sense?
02:16 < ctOph13> do you need to use double quotes when declaring, and single quotes when accessing?
02:17 < rorschach> umm
02:17 < rorschach> pretty sure it doesn't matter
02:17 < ktbonefish> ^
02:17 < ctOph13> k
02:17 < rorschach> double quotes is probably better form though
02:17 < rorschach> >>> print dictionary_a['abc']
02:17 < rorschach> 2
02:17 < rorschach> >>> print dictionary_a["abc"]
02:17 < rorschach> 2
02:17 < rorschach> >>> 
02:17 < rorschach> python don't give a shit
02:17 < rorschach> :3
02:17 < ctOph13> haha, cool
02:17 < rorschach> ok
02:17 < ktbonefish> what about quotes within quotes
02:17 < ktbonefish> isn't it single has to be outside?
02:17 < rorschach> for that
02:17 < rorschach> you could do single quotes (which is easier)
02:18 -!- Sparkles [[email protected]] has quit [client exited: :3]
02:18 < rorschach> or you can \"
02:18 < rorschach> escape the quote
02:18 < rorschach> single quotes makes it easier to read though
02:18 < ktbonefish> k
02:18 < rorschach> in the for loop example, you may have noticed the "in" operator
02:19 < rorschach> in a for loop
02:19 < rorschach> that will iterate through a list / tuple
02:19 < rorschach> and assign each value to that variable specified
02:19 < rorschach> so in:
02:19 < rorschach> for a in tuple_a:
02:20 < rorschach> each time it iterates a will contain the value of the element
02:20 < rorschach> that probably doesn't make sense
02:20 < rorschach> but look at the example of a for loop from above
02:20 < rorschach> in an if statement
02:20 < ctOph13> makes sense, kinda like for each statements
02:20 < rorschach> you can find a substring or an element
02:20 < rorschach> yeah basically ctOph13 
02:21 < rorschach> so 
02:21 < rorschach> >>> tuple_a = ("123", "abc", "456", "def")
02:21 < rorschach> >>> if "123" in tuple_a:
02:21 < rorschach> ...   print "\o/"
02:21 < rorschach> ... 
02:21 < rorschach> \o/
02:21 < rorschach> >>> string_a = "blahblahtestblah"
02:21 < rorschach> >>> if "test" in string_a:
02:21 < rorschach> ...   print "\o/"
02:21 < rorschach> ... 
02:21 < rorschach> \o/
02:21 < rorschach> >>> 
02:21 < rorschach> get it?
02:22 < rorschach> it's a very handy operator once you get used to it
02:22 < rorschach> ok
02:22 < rorschach> string contatenation can be done with the + operator
02:23 < rorschach> you can also use += to append to the end
02:23 < rorschach> >>> string_a = "blahblahtestblah"
02:23 < rorschach> >>> string_a = "123" + string_a + "test"
02:23 < rorschach> >>> print string_a
02:23 < rorschach> 123blahblahtestblahtest
02:23 < rorschach> >>> string_a += "567"
02:23 < rorschach> >>> print string_a
02:23 < rorschach> 123blahblahtestblahtest567
02:23 < rorschach> >>> 
02:24 < rorschach> if you want to add an int to a string
02:24 < rorschach> wrap it with str() before you do so
02:24 -!- bacq [[email protected]] has quit [Ping timeout]
02:24 < rorschach> >>> string_b = "abc"
02:24 < rorschach> >>> int_a = 1
02:24 < rorschach> >>> string_b += str(int_a)
02:24 < rorschach> >>> print string_b
02:24 < rorschach> abc1
02:24 < rorschach> >>> 
02:25 < rorschach> to define a function in python
02:25 < rorschach> you use
02:25 < rorschach> def function_name(arg1, arg2):
02:25 < ktbonefish> question about int to string, can you pull a int out of a string and convert it to such easily?
02:25 < rorschach> (you don't have to specify a return type, either)
02:25 < rorschach> yes
02:26 < rorschach> >>> string_c = "1"
02:26 < rorschach> >>> int_a = int(string_c)
02:26 < rorschach> >>> print int_a
02:26 < rorschach> 1
02:26 < rorschach> >>> 
02:26 < ktbonefish> gotcha
02:26 <@mutiny> How does python handle regular expressions?
02:26 < rorschach> import re
02:26 < rorschach> re.compile("regular_expression")
02:26 < mike> you have to important them? @_@
02:26 < rorschach> http://docs.python.org/library/re.html
02:26 < rorschach> yeah
02:27 < rorschach> import is the equivalent of an #include in c
02:27 < rorschach> for those who don't know
02:27 < mike> i don't use c
02:27 < mike> :)
02:27 < rorschach> :3
02:27 < rorschach> what do you use?
02:27 < mike> perl.
02:28 < rorschach> erm
02:28 < rorschach> one sec
02:28 <@mutiny> Perl's engine has regex built in.
02:28 < mike> yes.
02:28 < mike> exactly.
02:28 <@mutiny> mike: A lot of languages didn't have support for regex at first, and were later added into the engine
02:28 <@mutiny> Anyways, that's off track :3
02:28 < rorschach> it's like using
02:28 < rorschach> mike
02:29 < rorschach> I believe
02:29 < rorschach> I can't remember what the actually terminology would be
02:29 < rorschach> :3
02:29 < rorschach> err "use"
02:29 < rorschach> ok
02:29 < rorschach> classes
02:30 < mike> I would call that use.
02:30 < rorschach> let me write a quick class
02:30 <@mutiny> pastebin that code, for ease of use :3
02:30 <@mutiny> or put it on a wiki page or smth
02:30 < rorschach> yeah I will
02:30 < mike> like using a package/module?
02:30 < rorschach> yeah or a header file
02:33 < rorschach> http://pastie.org/private/sv4fspthmqu2mggelmw
02:33 < rorschach> every function in a class has to have the self variable pased to it
02:34 < rorschach> self contains all of the variables that you want to be accessed by any function in the class
02:34 < rorschach> but you have to set that variable in self like I did in the class
02:34 < mike> what's a class?
02:35 < rorschach> god dammit
02:35 < rorschach> :3
02:35 < rorschach> hold on
02:35 < mike> D: did I miss something
02:35 < rorschach> no
02:35 < rorschach> I can't think of a good explanation
02:35 <@mutiny> He's probably looking up the perl equivalent
02:35 < rorschach> hold on
02:35 < mike> It looks like a really complicated array the way you have it set up
02:36 < rorschach> http://en.wikipedia.org/wiki/Class_%28computer_programming%29
02:36 < rorschach> basically
02:36 < rorschach> fuck
02:36 < rorschach> I can't explain it
02:36 < rorschach> :3
02:36 < rorschach> just read the wikipedia article
02:37 <@mutiny> a class is an object
02:37 <@mutiny> that's the tl'dr
02:37 < rorschach> yeah
02:37 < rorschach> :3
02:37 < ctOph13> ^
02:37 < rorschach> is everyone following so far?
02:37 < ctOph13> yup
02:37 < corvus> yes
02:37 < mike> it's an object that does what
02:37 < mike> like hashes blew my mind at first
02:38 < mike> What circumstance would you use a class?
02:38 <@mutiny> If you don't know what an object is or why they are useful, we may arrange a class specifically to discuss OOP
02:38 < rorschach> do you need anymore explanation on syntax?
02:38 < rorschach> anyone?
02:38 < ctOph13> no looks good
02:38 < rorschach> mike
02:38 < rorschach> a class basically contains functions that are only accessible by an instance of that class
02:38 < rorschach> in this case
02:38 < rorschach> inst
02:39 < rorschach> it helps keep the code simple and organized
02:39 < mike> sort of like a subroutine?
02:39 < rorschach> you don't have to pass around shit tons of variables 
02:39 < ctOph13> Lets see if I can kind of explain it
02:39 < ctOph13> Lets say you have a kitchen program
02:39 < rorschach> since they are all contained in a variable called self that is passed to each function in the class automatically
02:39 < ctOph13> in the kitchen you have stuff, like a microwave, a fridge, a stove, etc
02:39 < rorschach> mike: a subroutine is a function
02:40 < rorschach> :3
02:40 < ctOph13> each object would be a class, so like a microwave class, a fridge class, etc
02:40 < mike> so cascading it would be outside a subroutine
02:40 < ctOph13> because those things have their own properties (size, color, etc) you write them as their own seperate class or object. they can also perform routines/functions/methods
02:41 < mike> so if you had like a button that you wanted to do things independently
02:41 < mike> you'd give it a class
02:41 < ctOph13> right
02:41 < mike> understood.
02:41 < ctOph13> a button has a size, color, text
02:41 < rorschach> but a class can be for anything
02:41 < ctOph13> ^
02:42 < rorschach> I am writing a fuzzer
02:42 < rorschach> and I wrote a class for it
02:42 < rorschach> that holds all of the functions the fuzzer would need
02:42 < rorschach> all of the variables, etc
02:42 < rorschach> which simplifies passing around a shit load of variables to every function that it might not need
02:43 -!- raxen [[email protected]] has joined #CSIII
02:43 < rorschach> so within the fuzz class
02:43 < rorschach> there are functions for socket fuzzing
02:43 < rorschach> or debugging
02:43 < rorschach> whatever
02:43 < rorschach> that I can call when I need to
02:43 < rorschach> make sense, kinda?
02:43 < mike> but it won't touch the functions unless the class is called
02:43 < mike> saves effort
02:43 < rorschach> (OOP took me a while though)
02:43 < rorschach> yeah basically
02:44 < rorschach> ok so now the fun stuff
02:44 < mike> what are big languages that aren't object oriented?
02:44 < rorschach> umm
02:44 < rorschach> C
02:44 < mike> I thought
02:44 < mike> okay nevermind
02:44 < rorschach> C++ is object oriented, but C isn't
02:44 < mike> thanks lol
02:44 < mike> oooo kay
02:44 < mike> got it
02:44 < rorschach> np
02:44 < rorschach> other than that, I can't think of any
02:44 < rorschach> is PHP OOP?
02:44 < raxen> assembly.
02:45 < mike> lol assembly
02:45 < raxen> that is assembly isn't oop as well.
02:45 < rorschach> assembly
02:45 <@mutiny> I think most modern languages support OOP, though you always can choose not to use it :3
02:45 < rorschach> there you go
02:45 < mike> mutiny: that's what I was thinking.
02:45 < rorschach> I just barely started using classes
02:45 < rorschach> and most people call me a masochist because of it
02:45 < rorschach> :3
02:46 < ctOph13> haha
02:46 < rorschach> I also usually code in pure c
02:46 < rorschach> which also contributes to that title.
02:46 < rorschach> anywho
02:46 < rorschach> so there are some good packet capture libraries in python
02:46 < rorschach> they have libpcap for python
02:46 < rorschach> but you can also use scapy
02:47 < rorschach> which can basically do anything
02:47 < rorschach> here's a script that uses scapy for packet capture that I wrote a while back
02:48 < rorschach> http://pastebin.com/G0VydTHG
02:48 < rorschach> you'll see on line 157
02:48 < rorschach> the sniff() function
02:48 < rorschach> basically 
02:49 < rorschach> sniff(prn=lambda pkt:takedownParse(pkt, ips), store=0)
02:49 < rorschach> it tells sniff not to store any packets
02:49 < rorschach> but everytime it receives one
02:49 < rorschach> to call takedownParse()
02:49 < rorschach> and prn= lambda pkt:
02:49 < rorschach> tells it that the packet is called pkt, so you can call you function and pass the argument
02:49 < rorschach> which is pretty simple
02:50 < rorschach> I wrote an icmp chat client with scapy as well
02:50 < rorschach> https://github.com/v0rbis-dev/ICMP-Chat
02:51 < rorschach> (this uses a class, too)
02:51 < rorschach> receive_message() on line 130 is sniffing
02:52 < rorschach> send_command() on line 140 constructs and sends an icmp packet
02:52 < rorschach> scapy is confusing at first but it's actually really simple
02:52 < rorschach> here's the scapy docs http://www.secdev.org/projects/scapy/doc/
02:52 < rorschach> and there's all sorts of things you can do with it
02:53 < rorschach> they have tons of examples here http://www.secdev.org/projects/scapy/doc/usage.html#recipes
02:53 < rorschach> another handy library is ip_addr by google
02:54 < rorschach> http://code.google.com/p/ipaddr-py/
02:54 < rorschach> the documentation is here: http://code.google.com/p/ipaddr-py/wiki/Using3144
02:54 < rorschach> and it's really straight forward
02:55 < rorschach> but say you want to make a list of every IP address in a given range
02:55 < rorschach> you can do
02:55 < rorschach> ipaddr.IPv4Network('192.168.0.1/24')
02:55 < rorschach> ip_list = ipaddr.IPv4Network('192.168.0.1/24')
02:55 < rorschach> then you could
02:55 < rorschach> for ip in ip_list:
02:55 < rorschach>   print ip
02:55 < rorschach> or do some kind of scan for every IP whatever
02:56 < rorschach> and it's a lot simpler than trying to calculate what a /32 might be 
02:57 < rorschach> there's also pydbg
02:57 < rorschach> which I don't use because it's only for windows
02:57 < rorschach> unfortunately
02:57 < rorschach> but if you want to write a debugger in python on windows
02:57 < rorschach> http://wikisecure.net/security/pydbg-an-installation-guide
02:57 < rorschach> that's a great library
02:58 < rorschach> they do have ptrace for python though
02:58 < rorschach> http://pypi.python.org/pypi/ptrace/
02:58 < rorschach> but basically there are tons of great libraries for python
02:58 < rorschach> for everything you can imagine
02:59 < rorschach> those are the useful ones I can think of off teh top of my head
02:59 < rorschach> but yeah
02:59 < rorschach> any questions?
02:59 < rorschach> or did I lose you all? :p
03:00 < corvus> pretty interesting libraries, encouragement to play around with python more than I have
03:01 -!- hackerhousemom [[email protected]] has quit [client exited: hackerhousemom]
03:01 < rorschach> yeah they are interesting
03:01 < rorschach> and they have tons of them too
03:01 < rorschach> pretty much just google
03:01 < rorschach> python is annoying as fuck for writing any kind of interfaces though
03:01 < corvus> Thanks rorschach, glad I made it home intime for this! :3
03:02 < rorschach> :)
03:02 < rorschach> np
03:03 < rorschach> so if there's no more questions I'm gonna go have a smoke
03:06 < rorschach> by the way
03:06 < rorschach> scapy is in most repos
03:07 < rorschach> under scapy or python-scapy
03:12 < corvus> Thanks again, hope you enjoyed your smoke!! :)
03:14 <@p00pi3> scapy rules.
03:15 < rorschach> that i did ^.^
03:16 <@p00pi3> you wrote scapy?
03:17 <@p00pi3> i'll have to shake your hand one day. =)
03:20 < rorschach> o.o
03:20 < rorschach> no i didn't lol
Retrieved from "http://nets.ec/index.php?title=User:Rorschach/Python&oldid=7797"