Breaking Code

August 31, 2009

Using diStorm with Python 2.6 and Python 3.x, revisited

Filed under: Tools — Tags: , , , , , , , , , , — Mario Vilas @ 10:01 pm

In a previous post, we’ve seen how to wrap the diStorm disassembler library in Python, using ctypes. This still left us with the task of building the dynamic link library for our platform and installing it manually, which is not as easy as it may seem – among other small problems you may find, the new versions of Visual Studio try to force the use of the latest C++ runtime redistributables, which may not be present in most Windows installations.

Today, I’m introducing a new ctypes wrapper for diStorm, this time with all binaries prebuilt and packaged together. The installer script automatically detects the target platform and installs the right binary. It comes with the following prebuilt binaries:

  • Windows on x86 and AMD64 processors
  • Linux on x86 and AMD64 processors (built using Ubuntu, but should work in other distros)
  • Mac OS X on x86 and PowerPC processors (untested, I don’t have a Mac to play with yet)

Since the installer code is pretty much generic, it should be easy to add new platforms by simply creating the corresponding subdirectory and placing the python code and prebuilt binary in it. Contributions are welcome! :)

Download

Python 2.x

Python 3.x

March 23, 2009

Netifera 1.0 released!

Filed under: Tools — Tags: , , , , , , , — Mario Vilas @ 9:23 am

After a long wait, Netifera version 1.0 was released. I talked about this tool in a previous post. The feature list seems to have remained pretty much the same, with some new bruteforcing modules – most notably the remote OS and architecture detection was drastically improved, and as expected contains many bugfixes compared to the previous betas.

Here’s the full feature list:

Tools

  • Full IPv6 support
  • TCP and UDP network scanning
  • Service detection
  • Operating system identification
  • Reverse DNS scanning
  • DNS name brute forcing
  • DNS zone transfer information gathering
  • Geographical information about network addresses
  • Authentication brute force attack (against HTTP, FTP,IMAP and POP3)
  • Web crawler discovers applications, collects email addresses and adds the site structure to the model
  • Integrated terminal for connecting to and interacting with network services

Passive Tools

  • Modular packet capture service
  • Capture packets on multiple interfaces simultaneously
  • Parse ’pcap’ format capture files as input to sniffing modules
  • HTTP traffic analysis
  • DNS information gathering from captured responses
  • Network stack fingerprinting
  • Service detection from captured banners and protocol packets
  • Client application detection
  • Credential sniffing for many protocols

Data Model

All information discovered by the netifera platform is persistently
stored in a workspace database. Our extension design allows for
developers to easily create their own data types and integrate them
into the platform.

User Interface

The platform provides an intuitive and professional quality graphical
user interface for using the tools written for our platform and
navigating the information they produce. Different tasks in our
application such as sniffing information from the network, or actively
collecting information by scanning networks, or exploring the local
environment of a remotely deployed probe (coming soon! ) each have a
specialized configuration of the user interface called a ’perspective’

Programming API

The netifera platform brings together high quality programming APIs
for tasks such as:

  • High performance asynchronous socket connection and communication
  • Link level packet capture and raw socket injection
  • 802.11 monitor mode packet capture and injection (coming soon! )
  • Network protocol header construction and analysis (ethernet, ip, tcp, etc…)
  • Application layer protocol libraries (http, dns, ftp, etc…)

December 23, 2008

Working with Property List files in Python

Filed under: Tools — Tags: , , , — Mario Vilas @ 7:25 pm
Update: Python 2.6 now supports .plist files using the plistlib module, check it out!

Hi all. Today we have a tool I wrote some time ago to work with Mac OS Property List (.plist) files. This files have an XML based format, and can serialize high level objects like integers, floats, strings, arrays and dictionaries. There’s also a legacy plist format that doesn’t use XML and should also be easy to parse, but we won’t bother with it since it’s been deprecated in Mac OS 10.0. Here is the Wikipedia entry on Property List files for more details.

Here’s an example Property List file, taken from the Mac OS X Manual Page for plist:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
        "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
        <dict>
            <key>Year Of Birth</key>
            <integer>1965</integer>
            <key>Pets Names</key>
            <array/>
            <key>Picture</key>
            <data>
                PEKBpYGlmYFCPA==
            </data>
            <key>City of Birth</key>
            <string>Springfield</string>
            <key>Name</key>
            <string>John Doe</string>
            <key>Kids Names</key>
            <array>
                <string>John</string>
                <string>Kyra</string>
            </array>
        </dict>
    </plist>

As we can see, the data types supported by plist files are also supported natively by Python, so mapping Python objects as Property Lists should be quite straight forward, and it is. What I’m presenting here is a little tool that does the marshalling and unmarshalling, so you can use it pretty much like you would with Pickle, Shelve or Marshal.

A usage example. The following code reads the example plist file from above and produces a Python object, using the fromfile method.

    from PList import PList
    plist = PList.fromfile('example.plist')

Yeah, kinda simple, isn’t it :)

You can also load a plist from a string, using the fromstring method:

    from PList import PList
    data  = open('example.plist', 'r').read()
    plist = PList.fromstring(data)

Or from an ElementTree object, with the fromtree method:

    from PList import PList
    from xml.etree import ElementTree
    tree  = ElementTree.parse('example.plist')
    plist = PList.fromtree(tree)

In all cases the output is an ordinary Python object, tipically a dictionary or an array containing other objects. This is the Python object corresponding to the example plist shown above:

    {'City of Birth': 'Springfield',
     'Kids Names': ['John', 'Kyra'],
     'Name': 'John Doe',
     'Pets Names': [],
     'Picture': '<B\x81\xa5\x81\xa5\x99\x81B<',
     'Year Of Birth': 1965}

You can also write Python objects as Property List files. The output can be a string (the tostring method), an ElementTree tree (totree method) or a file (tofile method).

    from PList import PList
    PList.tofile('output.plist', plist)

Download the code: PList.py

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 2,480 other followers