Python over Perl...
Last week I was talking to an infosec guy from Australia, and we briefly spoke about programming/scripting languages that we were comfortable in. I mentioned that I am comfortable with C#, bash, PHP, Perl etc. He mentioned that a few guys at his office are into Python and I replied with...."who programs in tabs it makes no sense...curly brackets for the win!" He agreed with me and couldn't understand the whole thing about tabs too...
I mean really, tabs...tabs!
Anyways it got me thinking, perhaps I should try it before I diss it! I usually need some sort of motivation to start something new, especially learning/adapting to a new programming language. So I remembered a few years back, when I worked at SensePost, at the time Roelof Temmingh was working on a research project named Setiri which he demo'ed at BlackHat. Setiri was a smart trojan at the time, it pretty much opened an invisible Internet Explorer which it hooked and used it to communicate to the Command & Controller server. It bypassed all the firewall rules and beat proxies etc. because hey it was IE and IE was allowed out...
Here's a link to a BH presentation on Setiri, click
So I set the challenge to hard and figured if I can do a little something similar in Python then maybe it would grow on me...that is...if Python could even can do it.
I installed the latest version Python (3.4) and started Googling and putting a few lines of code together...and well before I knew it...I was mostly done...and I was only 2 hours into my freshly installed version of Python...surprised...yes! disappointed...hell no!
I am going to say that I am impressed, the original Setiri Trojan was about give or take 1,000 lines of CPP, I managed a Python version which works in the exact same way in about 65 lines of code.
I am not going to call it Trojan, because I do not write them...I am interested in them yes...I like to poke at malware and understand it but just not my cup of tea...so I am going to call it an agent (: And whats really awesome is that I can bundle everything into a standalone EXE (Py2Exe/PyInstaller/PwnInstaller)...so it runs on Windows even when Python is not installed on the Windows machine.
Opening up an invisible Internet Explorer is a simple module import and 2 lines of code, below is a sample with one or two more lines:
So obviously my version has a bit more to it...but Python really is that simple, for years people have been telling me whatever you can do in Perl or whatever other langauge you can do it in a lot less lines of Python...and I blew them off back then.
Here is just a sample of opening up Internet Explorer in CPP, 5 lines of code before you even browsed off to the command server:
Its so easy...everything is really much easier in Python, I have spent the weekend on and off in my spare time with Python and I am loving it...WHY HAS IT TAKING ME SO LONG?!?!
So I have a full on working agent and server (PHP) which runs really well, but it has spawned off a few more idea's for a testing tool (: So I have some more learning and playing to do! More on that in my next post...when I have something to show...