Join Malcolm Shore for an in-depth discussion in this video Using networking functions, part of Penetration Testing Essential Training.
- [Instructor] Another module we do need to understand when we're doing pen testing is the Python networking library. The socket module. To use the socket library we need to import it and then set its configuration. And then create an instance that we can use to call its functions. Let's use the connect and receive functions to get a banner from our metasploitable FTP sign. Okay we import the socket library so that we can use the socket networking features.
We set the default time out to one, that's more than enough for our test network. Then we open a socket and connect to the metasploitable server on 10.0.2.8 on port 21. And note the use of double brackets. We then receive up to 1,024 bytes back and print it. Okay let's run that. And there we see the banner from the FTP server. One of the standard diagnostic techniques once you've found an active host is to do port scanning.
There are many ways to scan for active ports. The simplest is to limit our scan to TCP and try to establish a full connection to the port. This can of course take a long time if we try all ports. I'll just scan for those in the range one to 1023 on my metasploitable server. As before we used the system in socket libraries this time inside a try block and a for loop. We check the response to see whether we did achieve a connection and if so, print a message.
Okay let's run it. And here we have a port scanner.
Cybersecurity expert Malcolm Shore reviews popular pen testing tools, as well as the Bash and Python scripting skills required to be able to acquire, modify, and re-use exploit code. He also provides a refresher on Kali Linux and introduces techniques for testing web services. At the end of this course, you'll be prepared to take more advanced training, and to pursue the popular Offensive Security Certified Professional (OSCP) certification.
- Pen testing overview
- Pen testing tools
- Bash scripting
- Python scripting
- Kali and Metasploit
- Web testing
- Finding exploit code