Scribd
Upload
21 views34 pages

SPSE Slides - Module2

Uploaded by

tyuusenkaa9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views34 pages

SPSE Slides - Module2

Uploaded by

tyuusenkaa9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

SecurityTube

 Python  Scrip1ng  Expert  


(SPSE)  

hAp://www.securitytube.net    
   

Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Module  2:  System  Programming  

Part  1:    File  Handling  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
File  I/O  in  Python  

• open(file_name,  access_mode,  buffering)  

• read(byte_count)  

• write(data)  

• close()  

• os.rename()  os.delete()  

©SecurityTube.net  
Exercise  

• Read  /var/log/messages  

• find  all  the  logs  in  it  which  pertain  to  USB  and  
print  them  out  selec1vely  

©SecurityTube.net  
Module  2:  System  Programming  

Part  1:    File  Handling  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Module  2:  System  Programming  

Part  2:    Directory  Naviga=on  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Directory  Details  

• Methods  for  traversing  directories  

• Lis1ng  files  and  their  informa1on  

• crea1ng  and  dele1ng  directories  +  files  

• test  to  check  if  something  is  a  file  or  directory  

©SecurityTube.net  
Exercise  

• Create  a  program  which  can  recursively  


traverse  directories  and  print  the  file  lis1ng  in  
a  hierarchical  way  
A  
-­‐-­‐-­‐-­‐a.txt  
-­‐-­‐-­‐-­‐b.txt  
-­‐-­‐-­‐-­‐B  
-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐-­‐c.out  
©SecurityTube.net  
Exercise  

• For  any  given  filename  list  out  all  the  stats  


related  to  the  file  such  as  size,  crea1on  1me,  
path  etc.  

©SecurityTube.net  
Module  2:  System  Programming  

End  of  Part  2:    Directory  Naviga=on  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Module  2:  System  Programming  

Part  3:    Process  Crea=on  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Forking  

• Cloning  of  a  process  

• Forking  creates  an  iden1cal  process  as  the  parent    

• the  thread  of  execu1on  is  duplicated  exactly  at  


the  point  of  call  to  fork()  
– returns  0  in  the  child  
– returns  pid  of  child  in  the  parent  

• PID  is  different  for  parent  /  child    

©SecurityTube.net  
Use  of  fork()  

• Dedicate  child  to  a  task  given  by  the  parent    

• parent  and  child  can  communicate  if  required  


using  IPC  

• parent  /  child  binary  remains  the  same  

©SecurityTube.net  
Spawning  New  Processes  

• os.exec*  func1ons  
– os.execl  
– os.execle  
– …  

• Overlays  parent  process  with  the  child    

©SecurityTube.net  
Module  2:  System  Programming  

End  of  Part  3:    Process  Crea=on  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Module  2:  System  Programming  

Part  4:    Python  Threads    

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Global  Interpreter  Lock  

Apart  from  I/O  Tasks  such  as  Network  reads,  Wri=ng  to  disk  etc.  Python  Threads    
are  not  too  useful.  

©SecurityTube.net  
Threads  in  Python  

• Simple  threads  using  the  thread  module  

• More  complicated  ones  using  the  threading  


module  

©SecurityTube.net  
Exercise  

• Based  on  the  knowledge  you  have  gained  in  


the  network  programming  module,  create  a  
mul1-­‐threaded  port  scanner  in  Python  which  
uses  SYN  Scanning  

©SecurityTube.net  
Module  2:  System  Programming  

End  of  Part  4:    Threading    

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Module  2:  System  Programming  

Part  5:    Threading  and  Queues  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Threading  and  Queues  

• Create  task  queues  

• Threads  receive  tasks  

• Threads  complete  tasks  and  inform  the  queue  

• All  threads  exit  once  queue  is  empty  

©SecurityTube.net  
Exercise  

• Create  a  list  of  FTP  sites  

• Create  a  WorkerThread  and  Queue  which  can  


login  to  these  sites  and  list  the  root  directory  
and  exit  

• use  5  threads  for  this  job  and  10  FTP  sites  

©SecurityTube.net  
Exercise:    Threads  and  Locks  

• There  is  a  locking  mechanism  available  in  the  


Thread  class  which  you  can  use  to  lock  
resources  for  dedicated  use  

• Create  a  sample  code  to  illustrate  this  concept  

©SecurityTube.net  
Exercise:  Mul1processing  

• Explore  the  mul1processing  module  in  Python  

• How  does  it  leverage  mul1-­‐core  setups?  

• Program  the  TCP  SYN  scanner  using  


mul1processing  

©SecurityTube.net  
Module  2:  System  Programming  

End  of  Part  5:    Threading  and  Queues  

hAp://www.securitytube.net    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Module  2:  System  Programming  

Part  6:  Signals  and  IPC  

hAp://www.securitytube.net    
hAp://www.securitytube-­‐training.com    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Signals  

• Allows  handling  of  Asynchronous  events  

• SIGKILL  is  what  gets  sent  when  you  use  “kill  


-­‐9”    

• programming  with  Signals  is  easy  

©SecurityTube.net  
Exercise  

• Create  a  TCP  server  which  listens  to  a  port  

• Implement  signals  to  ensure  it  automa1cally  


shuts  down  ajer  a  pre-­‐configured  dura1on,  
which  is  given  via  command  line  

• e.g.  tcp-­‐server  –s  100    

shutdown  ajer  listening  to  port  for  100  seconds  

©SecurityTube.net  
Module  2:  System  Programming  

End  of  Part  6:  Signals  and  IPC  

hAp://www.securitytube.net    
hAp://www.securitytube-­‐training.com    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
Module  2:  System  Programming  

Part  7:  Subprocess  

hAp://www.securitytube.net    
hAp://www.securitytube-­‐training.com    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  
subprocess  

• subprocess.call(    [‘ps’,  ‘aux’])  

• subprocess.check_output(  [  ‘ls’,  ‘-­‐al’])  

shell  =  False  
Why  is  shell  =  True  a  security  issue?  

©SecurityTube.net  
Advanced  Usage  

• Mapping  of    
– STDIN  
– STDOUT  
– STDERR  

• subprocess.Popen(…)  

©SecurityTube.net  
Module  2:  System  Programming  

End  of  Part  7:  Subprocess  

hAp://www.securitytube.net    
hAp://www.securitytube-­‐training.com    
   
Vivek  Ramachandran  
Course  Instructor  
©SecurityTube.net  

You might also like