Python has become the industry standard for vulnerability development, and readers will find that most proof-of-concept tools are written in Python (except for security vulnerability detection tools written in Ruby). Python allows developers to write scripts to handle remote services, process binary files, and interact with the C library (or Java's Jython/.Net's IronPython) in a quick and easy way. Its huge standard library of "built-in battery" principles saves development from relying on other frameworks or languages. I want to share my personal with readers. The Python programming experience, these may help you in your future work, making the world a bit safer (note: most of the examples are based on Python 3.0 and above, and some are compatible with all Python branches). Environmental configuration For most projects or scripts you're writing, it's a good idea to keep all dependencies in the same place (except for some dependencies that are used in special projects). In order to meet the above requirements, you need to use a tool called virtualenv (this tool has been included in Python 3.3). This tool has a simple function, which is to generate independent for your Python project without disturbing the global environment. The environment, the way to generate a new environment is as follows: $ virtualenv <path to the new environment> Or in an environment above Python 3.3: $ python3 -mvenv <path to the new environment> Before using this environment, you must activate it first: $ source <path to the new environment>/bin/activate The way to ban the environment is also simple: $ deactivate Installation dependency package Many times readers will find that personal tools written with the python library in the large python community can help us get results quickly. You can install these libraries through the Personal Software Management Pack or the available python package manager, the most authoritative of which is the pip tool. With pip, you can install these dependencies globally (#pip install There is a basic python package called iPython, usually I am not 100% sure how to solve the current task, I would install this dependency package when I want to try some experiments. IPython is a commonly used python command line. It is written in Python and has the following features: Dynamic object introspection Complete the local namespace through the Tab Continuous history Session log Path completion JIT debugger Automatic indentation As usual, installing via pip is also simple: $ pip install ipython If you want to create tutorials or other text files, the ipython notebook features (now provided by jupyter) allow users to interact with the IPython command line via a personal browser, including markdown, mathjax, matplotlib and more. (You can use them by installing jupyter (pip install jupyter) and turn on the jupyter notebook). If readers need to interact with an HTTP service that includes JSON/XML, I recommend a particularly useful request dependency library. The python library can handle various operations that interact with web pages, such as encoding, decoding, parameters, tags, redirects, and more. For example, the code to request and parse a JSON resource is as follows: Most HTML parsing and interworking can be handed over to the BeautifulSoup library, which can handle HTML input on any current browser, including repairing damaged code. Interact with the network Most of our goals are likely to be available on the web. The installed standard library already contains a generic, useful python library, which I will cover here briefly. The socket module is a thin wrapper based on the BSD socket API, which is available on all general purpose operating systems. So if you already have C socket programming experience, you can easily translate your code into python code. There are a number of particularly handy functions, such as the create_connection function that creates a TCP socket and establishes a connection between the machine and a given host or port. Another wrapper is the sendall method. Some data can only be transmitted on the line when all the given data is sent, or an error occurs, and the sendall method can try to retransmit the data. Adding a TSL encryption link is also very simple: The above functions can also be implemented in connections that have already been used: How do you not need these low-level service interactions, and some modules can provide high-level service interactions: Smtplib Ftplib Poplib Imaplib Httplib (http client for Python 3 or higher) Nntplib Telnetlib (applies to service development and later requires interactive command line sessions) Xmlrpclib (xmlrpc client for Python 3 and above) Binary operation or encoding When developing scripts that interact with services or files, you often find that you need to convert the data to a different format or encoding. In Python 2.x, the string is usually converted between different formats using the encode or decode methods. Unfortunately, this shortcut was removed in Python 3.x. The encode and decode methods currently only implement character encoding, such as UTF-8, cp1250, iso8859, big5, and so on. Instead, you can only implement hex encoding using two methods of the bytes type: For Base64 encoding, you need to use another module (also available in Python 2.x): URLs encoding or parsing can be implemented with the urllib.parse module (urllib in Python 2.x) The general conversion between Python common data types (such as int, float, str) and binary can be implemented in the stutt module: Python 3.2 can also get its binary representation directly using the int type: The ctypes module has a particularly nice feature. If you use cpython as an interpreter (which is usually the case), you can use ctypes.Structure to structure the C language and get their binary representation, just like from a C application. The same is true for the transfer. The ctypes module is usually a bridge between the Python assembly and the C library, and you don't need to write any Python wrappers. With the ctypes module, you can use any C library and its output functions: The Structure type mentioned above is mainly used for the interaction of the C language library, passing or getting the structure during the function call. Vulnerability development tool Many CTF groups provide their own CTF solution frameworks. I found the pwntools framework from Gallopsled to be especially useful, especially when developing remote elf binaries, which contain many convenient functions, such as displacement calculations (via cyclic mode), formatting characters. String development (generic data feeds and generated formatted strings), jump combinations (resolving elf binaries based on ropgadget and wrappers that generate simple jump combination calls) and all APIs (called pipes) for different transport channels. These allow the reader to develop the gdb compilation backend, and simply change a line of code to transfer to the target service. GUANGZHOU LIWEI ELECTRONICS CO.,LTD , https://www.gdliwei.com
