Programming (part 4) Python for Port Scanning

00:04

Let's open up another one here. If I'm gonna call this one, let's see.

00:09

Let's call it

00:11

Python script dot pie. Or just call it quite on dot by

00:15

python.

00:17

Use your been python weaken you. Which price on and that will tell me that it's that use your been pike on. That's where my python interpreter is

00:28

of Nano price on that pie

00:31

and again, we want to give it an interpreter is going to be an interpreted language as opposed to Compiled on. The last thing we'll do is see

00:40

which is compiled for this one. We just need to give it an interpreter. As long as the system has a python interpreter, chances are if it's athletic system, it does,

00:50

then it will be able to run this. So we want Zhang.

00:55

Use your been python.

01:03

All right, so this time we're going to do

01:07

a basic little port scanner. Very basic. We'll see some much more intelligent port scanners when we move into port scanning later in the course, we'll look at kind of a basic simple example here.

01:19

So what we're going to do is see whether a port is open or closed. So we talked briefly about courts, and I mentioned I once had a boss who felt Porter. Actually, there's flock on the back of the machine, which certainly would go very far with our small machines we have today. In fact, you're

01:38

little phone has the ability to make

01:41

T p I p

01:42

sockets using poor DS. So certainly make for a big zone. They aren't just going to be network sockets. We make them with pieces of code just like this. In fact,

01:53

Thio, typical

01:55

exercise and programming and certainly one you could try. If you want to continue and learn Zamora's toe, set up a simple Web server on your programming language of choice of Beit and See Python, even we're not into a Ruby example. Here we will see a little bit of Ruby in the exploit development.

02:12

But it is. You know, I think I had to do it in school, you know, it was like make it serve a Web page, make it serve a J peg

02:19

servant, give things like that. So he set up a

02:23

listening socket

02:24

ends or pages. Ah, a little bit more advanced than what we're doing here. But that would be a good next exercise.

02:31

So let's go ahead and set up a little port scanner here.

02:37

Well, this time we're gonna take some user input, not from the command line for the last one. We had a command line argument. Could do that here in price on his well, of course. But this time we're going to do things a little bit differently. We're going to take input from the user, just with a prompt.

02:53

The first thing I wanna do ISS

02:58

import a library. We didn't have to do that with our bad script. But basically, what we want to do is states import

03:05

until it we want the socket library. So that way, we don't have to do all the underlying code of how to set up a network socket for a port scanning.

03:14

There's already a library and python that news how to do this? We can use that as a building block to make our lives much easier. So we always wanted your stuff that we can rather than reinventing the wheel, because otherwise we'd be here all day for sure. Particularly is beginning programmers.

03:30

All right, so now we want to dio variable. We haven't seen a variable yet. Basically, what we want to do is have variable

03:38

of whatever name we want and said it equal to a values is basically a way to store data.

03:44

So let's just call it if you're just gonna be the eye Peter are. So that's a good name. So I'm gonna create the variable called I P and said it equal to

03:53

called Raul underscore in court

03:58

again, that's a python construct. You can google it to find out more about it. It's just going to take input from the user.

04:05

And

04:06

when a total user enter the I P address

04:11

when this runs, it will prompt a user entered the I P address, and whatever they respond with will be stored on that I p Variables of my story it in the variable will be able to use it later in the program

04:25

on Let's also do Court. So we want an I P address and court for another variable called Court should equal to

04:34

this time we're just gonna do input. We want port to bay

04:41

a number

04:43

on DDE.

04:45

Then

04:46

I p address is actually gonna be a strain. That's just how the connection were

04:50

hands. We'll just do enter the porch number

04:56

and And we have a socket.

05:00

Well, it's not gonna suck it just yet. Let's do that next. It's actually see this run for

05:05

Don't get ahead of ourselves. So again we want to do our ch ma this time. Let's do plus X

05:12

profound up. I run Python. Don't pry this time, we don't need a command line argument. It does ask us for the i P address.

05:19

I'll give it to the I p address of my Windows X P system 76 on Port is 80.

05:28

Well, that's all it does at this point. What does prompt us, and it is going to store those two values for us.

05:33

All right, so now let's set up the socket,

05:35

sir. Again, we have that socket library so we can look up how to do this. This is one of those things. If you don't use it a lot, you probably have to look it up.

05:45

So I'm just going to set sock. So another variable. So sock equals

05:50

Sock it, Sock it.

05:54

Yeah, that totally makes sense.

05:56

Um, parentheses socket dot a f underscore. Finances just going to be a TCP socket. You can also make you VP sockets. One of our exploits and export development will actually be over the UDP protocols.

06:10

So we will actually be trivial. Ftp show udp port 2069 rather

06:17

here we will.

06:18

She had to make a UDP socket as well. A little bit different.

06:25

That is our syntax, right? Barrett again don't have about if you have to look that up unless you're doing a lot of python programming. I mean, even if you take a break from it, you may have to go but up.

06:36

So now you want an If statement here is well, so just like we did in the battle script, it's up. The syntax is going to be a little bit different, I think a lot easier to work with. I don't think this in tax and bash. Your thing is that

06:49

intuitive, whereas python is a bit more intuitive, I think. But really, it's a personal preference. What programming languages you like the best.

06:58

Everybody seems to have their own opinion on this One would just do if we don't need any braces or anything. So if

07:06

sock dot connect,

07:11

I would think it stopped connective thickly. We do use dot connect. There actually is another option.

07:17

So if we look at Python Connect, underscore E X,

07:25

there's a python documentation

07:29

about socket. Exactly what we're after is we look at connect,

07:32

so this is the typical construct that's used for connecting. They're connected. The sock it to a remote address

07:41

for I p sockets. The addresses. A pair host court

07:45

right under. We have connect Underscore E X

07:48

is the one I mentioned.

07:49

It's like connect, but it returns an error code

07:54

instead of raising an exception when an error occurred. So if it isn't able to connect, connect well, actually throwing error. So we would have to handle the exception

08:03

or else the program would crash. That's not good,

08:07

but with tact, underscore E X. It looks like it will throw an error code so it won't

08:13

doing Unhand, Aled exception. We won't have to do any error handling.

08:16

It'll just give us a specific error code. So if our goal is to see whether or not the port is open,

08:22

he's error codes might be ideal rather than crashing it with connect Well, let's try connect

08:30

underscore e X.

08:31

If sock dot connect underscore e X.

08:35

We want to give it

08:39

with double parentheses around it.

08:41

I pee in port. Remember, we asked the user for i p in court

08:46

giving it the i P address and port to connect to

08:50

we want a colon. That's gonna be our if statement.

08:52

What's interesting about Python is that it actually takes invention as law. It actually denotes loops with indention, who, as long as we are indented,

09:07

this would be part of our if statement this, however that's not indented. Would not, of course, both of those air rubbish and not really command, but

09:15

gotta be careful with your indentation, but it also makes it pretty easy to read. You can really tell where your lutes are with the indentation, but you just can't get off with your indentation or else you'll have a mess on your hands.

09:26

So if the connection

09:30

works

09:31

so if it's true,

09:33

which true is gonna be anything non zero. So any

09:37

error code that we get

09:41

is going to be true. So if it's true,

09:45

I want a print out

09:46

Port

09:50

in court

09:52

is closed.

09:56

But what is this here? So we're gonna print out to the screen. Print the word port. This has quotations around it. It's gonna be a literally string port.

10:05

And we tell it we want port from a report is your variables We're gonna take the value of court

10:11

and then it's gonna pronounce is closed. So if we do get a positive error value, that means the connection was not successful. Without court is closed, we're gonna print out that porters cooks.

10:24

All right,

10:26

we also haven't l statement here and again. We want

10:28

Colon. Didn't at the beginning of our distant else statements here again, indentation matters we need to in Denton. We need to make sure else's right against

10:41

column zero. But we do want to ended the outs.

10:46

So if we get a zero back instead of

10:48

a positive value, you want a print out?

10:52

Port

10:54

port

10:56

is

10:56

open.

10:58

So pretty primitive,

11:00

you know, it only takes one port

11:01

checked whether is open or closed. Certainly we'll see. We can do much better, but it's something good will exercise.

11:11

I was running it

11:13

I p address when I chewed up 1 to 8 at one up 76 in my case, and Port 80

11:18

who's Port 80 is open.

11:22

Go on it again

11:24

for 81 port, Anyone is closed. So it looks like my Windows X P system has something listening on Port 80

11:31

perhaps a Web server 80 is typically where Web servers listen, but nothing important. 81. I can't think of anything in particular that

11:39

listens on Port 81. So it's not

11:41

surprising

11:46

looking a little simple example here.

11:48

Not too much going on. So I encourage you to spend more time with Python as well. Again, we'll see Python

11:56

when we get to our exploit developments,

12:00

and some of the tools will look at have been written in Python. It is proved big language for information security.

12:09

All right, so last little bit on programming and then we'll actually move home to pin testing what we're here for. We're gonna look very, very briefly at the C programming language.

12:20

Hopefully not too many security tool the written and see what you're operating systems. All of them are written in C. So I hear

12:28

you're Lennox is written and see. One knows there's a lot of stuff and see,

12:33

like your android, whose Lnc

12:37

iPhone is to honestly, while

12:39

underlying system is anyway, some of it.

12:43

Um, So you've got a lot of see out there in terms of, like, their platforms we're gonna run into Unfortunately, C is one of those ones on.

12:54

Does have a tendency tohave security issues with memory corruption based on some sloppy programming.