Python and Go

for
Hackers

v3
About the author:
Weidsom Nascimento

21 years old Gray Hat Hacker, born on 27/10/1997.

Studied Hacking as a Black Hat at 8 years old, at the
age of 10 he started his professional career working
for those who pay more!
A nomad who lives traveling to avoid being arrested
by the authorities, the creator of security company
The Cracker Technology and PayBack Security.
Developer in: C, C ++, Python, Go, Ruby, Java, Perl, PHP,
Lua, Assembly x86, Assembly x86_64, Assembly
MIPS and Assembly ARM.
Creator of penetration test distribution for Android
smartphones: ANDRAX. Creator of artificial
intelligence system for Hacking M.A.R.I.N.A.
Weidsom is an expert in networking and system administration, penetration tester, web
developer, security researcher and security consultant.
99% of the “professionals” nowdays are dumbs that use old tools created by outdated
people who follow outdated methodologies! Weidsom write your own tools for every
work so this give 100% of success in all invasions turning him one of few hackers in the
world that can penetrate in every systems including sophisticated systems like nuclear
grids and power plants!
One of few hardware hackers in the world, one of the few hackers who dominate satellite
hacking techniques!
Teacher of more than 30.000 professionals around the world!
Terminology
Black Hat: Bad Hacker who don’t give a shit for law, they work for money or only to
damage system, are guys without any type of ethic.
White Hat: Good hacker who work with ethic and want increase the security to prevent
Black Hat hackers take control of systems.
Grey Hat: Something between Black and White hat, is a person who work professionally
to increase the security but for money they can become Black Hats for some time! Never
touch these guys because they can be you worst nightmare.
Ethical Hacker: The same as White Hat.
Penetration Testers: Gray Hat hacker who work more to companies!
Python and GO languages
For many years python has been used as the major language for scripting in the Hacking
scenario but 99% of code hackers use it in the wrong way! Do you know? I’ll show you!

Python:

A pretty good programming language that innovate with your simplicity and your syntax
that turn easy to create powerful softwares with less efforts than others languages!
Advantages/Benefits of Python:

The diverse application of the Python language is a result of the combination of features
which give this language an edge over others. Some of the benefits of programming in
Python include:

1. Presence of Third Party Modules:

The Python Package Index (PyPI) contains numerous third-party modules that make
Python capable of interacting with most of the other languages and platforms.

2. Extensive Support Libraries:

Python provides a large standard library which includes areas like internet protocols,
string operations, web services tools and operating system interfaces. Many high use
programming tasks have already been scripted into the standard library which reduces
length of code to be written significantly.

3. Open Source and Community Development:

Python language is developed under an OSI-approved open source license, which makes it
free to use and distribute, including for commercial purposes.
Further, its development is driven by the community which collaborates for its code
through hosting conferences and mailing lists, and provides for its numerous modules.

4. Learning Ease and Support Available:

Python offers excellent readability and uncluttered simple-to-learn syntax which helps
beginners to utilize this programming language. The code style guidelines, PEP 8, provide
a set of rules to facilitate the formatting of code. Additionally, the wide base of users and
active developers has resulted in a rich internet resource bank to encourage development
and the continued adoption of the language.

5. User-friendly Data Structures:

Python has built-in list and dictionary data structures which can be used to construct fast
runtime data structures. Further, Python also provides the option of dynamic high-level
data typing which reduces the length of support code that is needed.
6. Productivity and Speed:
Python has clean object-oriented design, provides enhanced process control capabilities,
and possesses strong integration and text processing capabilities and its own unit testing
framework, all of which contribute to the increase in its speed and productivity. Python is
considered a viable option for building complex multi-protocol network applications.

Why use Python for Hacking?

Python has gained its popularity mostly because of its super powerful yet easy to use
libraries. Sure Python has awesome readability and it is really simple and all but nothing
really beats the fact your job as a developer is made super simple with these libraries.
These libraries find uses in all sorts of domains, for example, artificial intelligence has
Pytorch and Tensorflow while Data Science has Pandas, Numpy, Matplotlib.

For some tasks Python can be pretty good, in this book I’ll show you how you can perform
many hacking tasks!

Golang:

Go is a language designed by Google so like everything else from Google is perfect! Is

from my vision the most important language in 2000 age!

1. Companies that have already embraced Golang

• Google
• YouTube
• Apple
• Dropbox
• Docker
• BBC
• The Economist
• The New York Times
• IBM
• Twitter
• Facebook

2. Golang has good credentials

It is financed by Google. Its creators, Robert Griesemer, Rob Pike, and Ken Thompson, are
geniuses. They contributed to such influential things as C, B, Unix, JVM, and others.
Golang was created as a future-proof language to meet the challenges of the present and
anticipate challenges of the future.
3. Golang is open source by nature
It’s incredibly important for a programming language to be open-source to become
better, cleaner, and more efficient.
If a code has defects, gophers (that’s how Golang developers are called) will detect and
eliminate the problems.
4. Golang is fast
Go has a simple structure and syntax. It is devoid of classes and type inheritance. The
language is based on functions, so it is simple and fast to learn.  It’s compiled so it
provides faster feedback, shorter time to market, and saves time and money.  It’s simple,
so it is more maintainable, and development is faster and cheaper.
5. Golang is concurrent
Concurrency is extremely important at our time. It allows multiple processes running
simultaneously and effectively.
Golang has efficient concurrency, like C, C++, Java, and at the same time concurrency in Go
is done much easier thanks to goroutines, channels, and garbage collection.
6. Golang is cross-platform
It is used for different platforms, including Windows, Linux, Unix and BSD versions and
mobile devices ( starting from 2015). In addition, it compiles well on many OS’s.
7. Golang has a garbage collector
A form of automatic memory management which has a significant influence on
performance and helps to make concurrency more efficient.
8. Golang keeps the bugs away
Since it is a compiled language, with very strict typization, and it is statically typed,
developers have to be more accurate and attentive, so the code is neater and safer.

Why Go is better than Python for Hacking and everything else?

Simple, Go is extreme fast than python, has a grow level of coding with a better syntax to
understand and work, your default networking modules are more dynamic and provide a
easy way to work with low level API using a high level syntax!
And the best, Go is compiled by default, no need a interpreter so the same code who can
hack a Linux machine can hack a Windows machine, Android, devices with MIPS and
devices with ARM so… this for yourself makes Go better than Python, this is the reason
that Go is called “The programming language of the future”
Chapter 1: Python Hacking

Sockets
The first thing we need to know in Code Hacking is work with sockets because with
sockets we can manipulate some protocols and code some tools to hack using these
protocols, sockets in Python is pretty easy to understand and implement.

Socket TCP client

Lets create a simple socket TCP client to interact with a custom RAT (Remote
Administration Tool) that we will learn to code in next steps.

Methods in socket module

The socket module has the following class methods:

➢ socket.socket(family, type) : Create and return a new socket object

➢ socket.getfqdn(name) : Convert a string IP address to a fully qualified domain
name
➢ socket.gethostbyname(hostname) : Resolve a hostname to an IP address

Instance methods require a socket instance returned from socket . The socket module
has the following instance methods:

➢ sock.bind( (address, port) ) : Bind the socket to the address and port
➢ sock.accept() : Return a client socket with peer address information
➢ sock.listen(backlog) : Place the socket into the listening state
➢ sock.connect( (address, port) ) : Connect the socket to the defined host and port
➢ sock.recv( bufferLength[, flags] ) : Receive data from the socket, up to buflen
(maximum bytes to receive) bytes
➢ sock.recvfrom( bufferLength[, flags] ) : Receive data from the socket, up to buflen
bytes, also returning the remote host and port from which the data came
 ➢ sock.send( data[, flags] ) : Send data through the socket
➢ sock.sendall( data[, flags] ) : Send data through the socket, and continues to send
data until either all data has been sent or an error occurred
➢ sock.close() : Close the socket
➢ sock.getsockopt( lvl, optname ) : Get the value for the specified socket option
➢ sock.setsockopt( lvl, optname, val ) : Set the value for the specified socket option

A socket can be created by making a call to the class method socket() in the socket
module. This will return a socket in the domain specified. The parameters to the method
are as follows:
• Address family: Python supports three address families.
◦ AF_INET: Used for IP version 4 or IPv4 Internet addressing.
◦ AF_INET6: Used for IPv6 Internet addressing.
◦ AF_UNIX: Used for UNIX domain sockets (UDS).

• Socket type: Usually, socket type can be either SOCK_DGRAM for User Datagram
Protocol (UDP) or SOCK_STREAM for Transmission Control Protocol (TCP).
SOCK_RAW is used to create raw sockets.
• Protocol: Generally left at the default value. Default value is 0.
We can see that we can’t send a string directly in a network socket that is the reason that
we need “bytes(MESSAGE_TO_SERVER.encode(“UTF=8”))”. Every time that we want
send a string is need a conversion to bytes!

Blue Dragon RAT in Python

Blue Dragon RAT (Remote Administration Tool) is a type of RAT that I created around
2012 to use bytes in a full stack socket tunnel, I infected more than 5.000 servers in the
world with my Blue Dragon motherfucker RAT!

We can see some characteristics of a Blue Dragon RAT in this simple loader above, we are
using a subprocess as a PIPE to the shell to run some commands but as you can see we
are able to implement some custom commands like “elevate” directly in the RAT loader,
this is awesome because we can directly bypass a limited shell or a sanbox environment!
Above we can see how the server controller of the RAT looks like, this is the most
important part of the RAT because is our front to work, here we can implement some
function like “encrypt” to allow us bypass IDS and IPS systems!

DO YOU WANT KNOW HOW TO CREATE A ADVANCED RAT CAPABLE OF

BYPASS SECURITY SYSTEMS?
Join our FULL Training: Python and Go for Hackers!
Scapy: the Python Net Hackers module

Scapy is one of the best module to network hacking using python, scapy is capable of
manipulate almost all protocols and every single day is added more one to github master
branch!

Below we can see that scapy can easily work with all layers and in separated way too…
this is one of the best things in the world of networking hacking because we can easily
craft some tools for specific systems and environment or new types of attacks if you are
or want be a security researcher!
Creating a 3 way handshake Packet
For TCP protocol we need to know how to craft by hand a 3 way handshake packet, we
can see below that do this is pretty easy!
Create a SYN Stealth scanner
Everyone know that we have the powerful nmap, but some times we need a custom scan
for our tools, and we don’t will use a machine gun to kill a thing that is knife is better… for
these moments we can use scapy to do that!
Above we can see the steps to create a HALF-OPEN scan for our scripts and tools, we can
see these detailed results that is possible work with many options and change the flags
to do others type of scan.

Exploit XSS by Python

Now we will see a example of how easy is to find and exploit a XSS vulnerability from
Python3, in this example we will use mechanize to parse, find and inject our payloads,
then we will check of the exploit has been accepted and loaded by the web application.

We are loading the payloads from a .txt file and sending it to the web application!

The rest of this chapter is for training students only! Join our Training to learn more!

Join our FULL Training: Python and Go for Hackers!

How to compile Python to native code
Python is a interpreted language but people don’t know that is possible compile it to a
executable that no need a interpreter… so, what this mean?
This shit means that the same code capable of Hack a Windows machine can be compiled
to hack a Linux machine or a Android machine without python interpreter installed!
Some “professionals” say to encode using base64 to “bypass” AV… bullshit base64 never
will bypass nothing, if you really want bypass you need compile!
Some others motherfuckers on youtube and stack overflow say to use py2exe for
windows… other big bullshit because every AV will alarm about this shit! Is a simple
packer and don’t work for big scripts!
But, I found a method to full compile python scripts and modules to native code, portable
for a any platform! I’m using this for years and hacking machines and devices around the
world without problem!
We can see above that now our shell is compiled and we can share this bin package with
others machines who don’t have Python or some others modules that we need installed!
We can compile it to .exe files too, to hack windows machines, and… we can do it in
Android, IOS and a lot of others platforms!

Look that!!! Our shell is 100% undetectable, AntiVirus can’t do anything with us! But how
this work?
Pretty simple, motherfucker… with this method the code is re-embedded in yourself many
times, the result C code is impossible to understand, the dynamic links are loaded from
resources… And the most important part every time that we compile the code result is
completely different so AntiVirus never will be able to find this!
Wait… but and debuggers and tracers? Keep calm… debuggers, tracers, network analysis
tools and others things don’t work on binaries compiled using this method… so… you
never will be catched!

So… is perfectly possible to compile Python source codes to run without python
interpreter, is perfectly possible do it 100% undetectable, you need just know to code and
hack like a pro!

DO YOU WANT KNOW HOW TO COMPILE PYTHON TO ANY PLATFORM

AND HACK SECURITY SYSTEMS?
Join our FULL Training: Python and Go for Hackers!
Chapter 2: Hacking with GO

Go get links
Sometimes you will need get all links in the page that you are targeting do this in Go is
pretty easy.

With this code we will get all links in the page, if we add a loop inside the list we get a
powerful crawler in Golang. For our website hacking tools this is essential!
GO scripts finder
In Website hacking find scripts is a essential phase because we can hack the website by
these javascipt libs like ajax, bootstrap…

This will return all scripts in the page, we can combine it with our crawler to perform a
better action by FUZZING! That we give us the ability to exploit some functions and hack
the website!
Go Fuzzing to exploit
For a advanced hacker know to fuzz if required because you need know it to develop
exploit, write a fuzzer in Go is easy and pretty customizable.
Go Exploit “writable”
Now lets try make a exploit to find writable files on the machine, this is extreme useful in
a suid root search, when we found something like that we have instant root access in the
machine and this… this is the endgame!

The rest of this chapter is for training students only! Join our Training to learn more!

Join our FULL Training: Python and Go for Hackers!

Chapter 3: Advanced Hacking
with python

The rest of this chapter is for training students only! Join our Training to learn more!

Join our FULL Training: Python and Go for Hackers!

Chapter 4: Advanced Hacking
with GO

The rest of this chapter is for training students only! Join our Training to learn more!
Join our FULL Training: Python and Go for Hackers!