Slide 1

Overview of Python Flying made simple without the Nyquil hangover

Slide 2

Agenda About me History of Python About Python Pythons uses Python basics (Python 101) CSAW Crypto Redux Extra credit Resources Tips, tricks, observations

Slide 3

Who am I? Husband/father/geek/gets distracted by shiny objects easy Career path switched to IT in 1999, professionally an IT guy since 2001 Started the infosec career path switch in 2009, officially an infosec professional since 2012(?) Vbscript 2007 Python 2011 About me

Slide 4

History of Python Conceived in the late 1980s by Guido van Rossum at CWI. Was designed to be a successor to the ABC programming language Benevolent Dictator for Life (BDFL) Currently employed by Google where he spends half his time working on Python development Python 2.0 was release on October 16 th, 2000 Contained many major new features Full garbage collector (automatic memory management) Unicode support Biggest change development process with a shift towards more transparent and community-backed process Python 3.0 was released on December 2008 Many major features have been back ported to Python 2.6 and 2.7

Slide 5

About Python What is Python? Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive. Its use of indentation for block delimiters is unique among popular programming languages.general-purposehigh-level programming languageuse of indentation for block delimiters Why is it called Python? When he began implementing Python, Guido van Rossum was also reading the published scripts from Monty Pythons Flying Circus, a BBC comedy series from the 1970s. Van Rossum thought he needed a name that was short, unique, and slightly mysterious, so he decided to call the language Python.Monty Pythons Flying Circus Fun fact - The built in IDE is named after Eric Idle, a member of Monty Python.

Slide 6

What is Python good for? Python comes with a large standard library that covers areas such as; string processing (regular expressions, Unicode, calculating differences between files) Internet protocols (HTTP, FTP, SMTP, XML-RPC, POP, IMAP, CGI programming) software engineering (unit testing, logging, profiling, parsing Python code) operating system interfaces (system calls, file systems, TCP/IP sockets) Artificial intelligence (because of similarities to Lisp) Extensive use in the information security industry, including exploit development. Network, debugging and reverse engineering, fuzzing, web, forensics, malware analysis, PDF, etc. Easy to write short scripts for system admin work. Python code is easy to understand. Once the basic syntax is learned, even the most complicated scripts can make sense. Python is cross platform!! It will work on Linux, Windows, Mac and most every other OS. Many, many resources and a big, friendly community

Slide 7

Pythons uses

Slide 8

Applications BitTorrent DropBox Video games Civilization IV Battlefield 2 Eve Online Vampire: The Masquerade Bloodlines Graphics Industrial Light & Magic "The Phantom Menace", "The Mummy Returns" and other productions as ones where Python was used. Walt Disney Feature Animation Science NASA National Weather Service GUI frameworks TKInter PyQt wxPython Embedded as a scripting language Amarok GIMP Autodesk Maya Commercial uses Google apps Reddit YouTube Government CIA.gov Python implementations Cpython IronPython Python for.NET and Mono platforms Jython Python coded in Java

Slide 9

Python basics Indentation does matter This will workBut this wont if True: print "True" else: print "False if True: print "Answer" print "True" else: print "Answer" print "False" If, If.. Else, If Elif (no Then) Syntax is easy If statement Else statement Elif statement if expression: statement(s) if expression: statement(s) else: statement(s) if expression1: statement(s) elif expression2: statement(s) else: statement(s) All scripts are considered modules All functions inside module can be used or only certain methods can be used inside script Entire modulePartial method import sys from sys import argv

Slide 10

Python basics Help is built in Help on modulesHelp on methods >>> Import sys, hashlib >>> help(sys) >>> help(hashlib) >>> pydoc sys >>> pydoc hashlib >>> Import sys, hashlib >>> help(sys.argv) >>> help(hashlib.sha512) >>> pydoc sys.argv >>> pydoc hashlib.sha512 It can be ran interactively Via command prompt Via IDLE or DreamPie python Python 2.72 Type help, copyright.. >>> IDLE is built in to Python installs DreamPie is a Python shell (best used on Linux)

Slide 11

Inspiration for the idea?

Slide 12

Post CSAW CTF

Slide 13

Slide 14

Slide 15

My approach Post CSAW crypto challenges Each challenge 1.Encrypted message inside script Output is decrypted 2.Encrypted message can be used as an argument when calling script Output is decrypted 3.Encrypted message can be read from a file for decrypting Overall 1.One module for all decrypting, each decryption style is a method

Slide 16

Challenge 1- Unicode Challenge 2 Hex Challenge 3 Binary Challenge 4 Base64 Challenge 5 ROT13 Challenge 6 - Script option 1 - inside script Done Done *Done Incomplete Script option 2 argument Done Done*Done Incomplete Script option 3 from file Done Done*Done Incomplete Script option 4 from input (scrapped, 255 character limit) n/a Incomplete Overall module with methods (CSAW_Crypto.py) Success Incomplete My overall scoreboard * Found the code excerpt online

Slide 17

CSAW Crypto Redux Crypto challenge # 1 Cipher text: 87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46

Slide 18

Answer Welcome to the 2011 NYU Poly CSAW CTF event. We have planned many challenges for you and we hope you have fun solving them all. The key for this challenge is cryptography.

Slide 19

Wolfgangs code private static string AsciiToString(string encodedString) { string[] encodedChars = encodedString.Split(' '); char[] decodedChars = new char[encodedChars.Length]; for (int i = 0; i < decodedChars.Length; i++) { // Convert the number expressed in base-10 to an integer int codeNum = Convert.ToInt32(encodedChars[i], 10); // Convert the integer to a character code decodedChars[i] = Convert.ToChar(codeNum); } return new string(decodedChars); }

Slide 20

Matts code $string=$null [int[]]$array = ("87 101 108 99 111 109 101 32 116 111 32 116 104 101 32 50 48 49 49 32 78 89 85 32 80 111 108 121 32 67 83 65 87 32 67 84 70 32 101 118 101 110 116 46 32 87 101 32 104 97 118 101 32 112 108 97 110 110 101 100 32 109 97 110 121 32 99 104 97 108 108 101 110 103 101 115 32 102 111 114 32 121 111 117 32 97 110 100 32 119 101 32 104 111 112 101 32 121 111 117 32 104 97 118 101 32 102 117 110 32 115 111 108 118 105 110 103 32 116 104 101 109 32 97 108 108 46 32 84 104 101 32 107 101 121 32 102 111 114 32 116 104 105 115 32 99 104 97 108 108 101 110 103 101 32 105 115 32 99 114 121 112 116 111 103 114 97 112 104 121 46").Split(" ") foreach($l in $array) { $string += [char]$l} $string

Slide 21

My code #!/usr/bin/python Import sys code1 = (87,101,108,99,111,109,101,32,116,111,32,116,104,101,32,50,48,49,49,32,78,89,85,32,80,111,108,121,32,67,83,65,87,32,67,84,70,32,101,118,101,110,116,46,32,87,10 1,32,104,97,118,101,32,112,108,97,110,110,101,100,32, 109,97,110,121,32,99,104,97,108,108,101,110,103,101, 115,32,102,111,114,32,121,111,117,32,97,110,100,32,1 19,101,32,104,111,112,101,32,121,111,117,32,104,97,1 18,101,32,102,117,110,32,115,111,108,118,105,110,103,32,116,104,101,109,32,97,108,108,46,32,84,104,101,32,107,101,121,32,102,111,114,32,116,104,105,115,32,99, 104,97,108,108,101,110,103,101,32,105,115,32,99,114, 121,112,116,111,103,114,97,112,104,121,46) for i in code1: code1a = int(i) codefinal = chr(code1a) sys.stdout.write(codefinal) Option # 1 Encrypted message inside script Output is decrypted

Slide 22

My code Option # 2 Encrypted message can be used as an argument when calling script Output is decrypted #!/usr/bin/python import sys if len(sys.argv)= A && codeNum = a && codeNum