|
|
|
|
+++
|
|
|
|
|
title = "Black Hat Python: Python Programming for Hackers and Pentesters - Justin Seitz"
|
|
|
|
|
date = 2016-12-26
|
|
|
|
|
updated = 2021-02-12
|
|
|
|
|
|
|
|
|
|
[taxonomies]
|
|
|
|
|
tags = ["books", "justin seitz", "python", "pentest", "reviews", "it",
|
|
|
|
|
"stars:2", "published:2014"]
|
|
|
|
|
+++
|
|
|
|
|
|
|
|
|
|
[GoodReads Summary](https://www.goodreads.com/book/show/22299369-black-hat-python):
|
|
|
|
|
When it comes to creating powerful and effective hacking tools, Python is the
|
|
|
|
|
language of choice for most security analysts. But just how does the magic
|
|
|
|
|
happen?
|
|
|
|
|
|
|
|
|
|
<!-- more -->
|
|
|
|
|
|
|
|
|
|
{{ stars(stars=2) }}
|
|
|
|
|
|
|
|
|
|
The very first chapter give me high hopes for this book: Since Python is
|
|
|
|
|
basically part of every single Linux install, you could do a shitton
|
|
|
|
|
retrieving system and user information by just using the normal packages. You
|
|
|
|
|
won't even need to install nmap or similar; using plain Python packages, you
|
|
|
|
|
could check which services are running and such.
|
|
|
|
|
|
|
|
|
|
But then, things go downhill.
|
|
|
|
|
|
|
|
|
|
After the first chapter, you start to add Python packages, which means you
|
|
|
|
|
need to have root access -- and even if you use something like a virtualenv,
|
|
|
|
|
you still would announce yourself by requesting things over the net using
|
|
|
|
|
<code>easy_install</code> (the book never mentions <code>pip</code> -- heck,
|
|
|
|
|
it doesn't even *mentions* virtualenv to avoid being root), which could be
|
|
|
|
|
easily blocked by sysadmins if your company doesn't have anything with Python.
|
|
|
|
|
|
|
|
|
|
And it doesn't stop at that: after these starting chapters, it start hacking
|
|
|
|
|
Windows machines. Heck, Python is not installed by default on Windows and a
|
|
|
|
|
py2exe executable weights something like 15Mb, which isn't much in bandwidth,
|
|
|
|
|
but it's noticeable. And then it starts installing packages and more packages
|
|
|
|
|
and requesting to run things as administrator, which would surely be a hassle.
|
|
|
|
|
|
|
|
|
|
The Python code itself is simplistic, to say the least. At the very first
|
|
|
|
|
chapters I noticed that the code was basically C code translated to Python,
|
|
|
|
|
which wouldn't be a problem if you're thinking about replacing basic hack code
|
|
|
|
|
with Python code -- because it is easier to find Python installed than GCC,
|
|
|
|
|
for example -- but with the problems cited above actually make me think that
|
|
|
|
|
the author never really cared about Pythonic code, just did the very minimum
|
|
|
|
|
to make code run and that's it.
|
|
|
|
|
|
|
|
|
|
So, it's a bad book about hacking because it requires privileged access
|
|
|
|
|
beforehand and it's a bad book about Python because it doesn't follow Python
|
|
|
|
|
good practices. In the end, it's just a book with a few interesting Python
|
|
|
|
|
libraries, nothing more.
|
