Python 3 For Offensive PenTest: A Complete Practical Course

Explore tcp reverse shell concepts, why a reverse connection bypasses host and corporate firewalls, and how a client binds a socket to exchange commands and results.

Build a Python TCP server on Kali to accept a client connection, send commands, and handle termination using socket, bind, listen, accept, encode/decode, and a 1024-byte receive loop.

Code a Python TCP reverse shell client that connects to a Kali Linux host on port 8080, executes received commands via a shell, and returns output.

Demonstrates low level data exfiltration by transferring files over a single channel using a grab command, one kilobyte chunks, and a done flag.

Export your python script to a standalone exe for windows using pie installer. Learn to install it with pip and generate a single-file, no-console executable, then test result on windows.

Learn to build a Python reverse shell over http, where a callee hosts an http server, a client issues http get commands, and the target returns results via http post.

Build a simple http server that handles get and post requests with a handler class, while the client uses requests to fetch commands and post results for a reverse shell.

Upload files from the target via an http shell and multipart post to exfiltrate data, using url tagging (slash star) and CGI server handling to save the received file.

Explore how persistence mechanisms keep a backdoor alive after reboot, and examine a practical reverse-shell workflow, including system reconnaissance to locate user profiles and working directories.

Upgrade the http reverse shell to persist by copying the client executable to user documents folder and creating a startup registry entry with the shuttle library and Windows Registry library.

Learn to handle offline targets and connection failures with a resilient connect loop using random backoff between 1 and 10 seconds, tcp reset handling, and a terminate signal.

Learn how dynamic DNS with No-IP keeps a fixed domain name tied to a changing Kali Linux IP, enabling DNS lookups to establish a TCP reverse shell.

Learn how attackers use Twitter as a covert channel to transmit commands, and how Python with Beautiful Soup and regex can extract a tweet from a page source.

Teach target directory navigation in a reverse shell by handling the cd command, updating the script to use os.chdir, report the current directory, and manage errors with exceptions.

Automates capturing a screenshot from a target machine with Pillow, saves it to a temporary directory, and transfers the image over http to a Kali machine.

Replicate a metasploit search function to find pdf and image files on a target machine by extension, using python to automate discovery and post results back to the attacker machine.

Learn to build and integrate a basic port scanner into a script, scan a target IP with a comma separated port list, and report results to Kali Linux.

Explore bypassing a host-based firewall by using a Python-driven COM object to automate Internet Explorer, making IE initiate a reverse connection from Kali Linux to attacker machine and relay commands.

Learn to automate internet explorer in the background with Python and Win32, issue commands in a pentest lab, and report results using an http reverse shell.

Explore bypassing reputation filtering in next generation firewalls and how attackers use trusted sites like Twitter, Google form, and SourceForge to issue commands and exfiltrate data.

Upload files to a SourceForge repository using SCP over SSH by configuring a Python script with Paramiko and SCP libraries, including handling first-time host key acceptance and authentication.

Learn how to submit text to a Google form using Python requests, discovering the form name (entry.x) from the page source and posting a data dictionary to the form URL.

Bypass IPS by masking clear text traffic with a hand-made xor encryption in Python, using a 1024-byte random key to encrypt and decrypt messages like ipconfig, exposing IPS sensor limitations.

Explore the basics of encryption, contrast symmetric and asymmetric algorithms, and learn how a hybrid approach uses a session key to secure data over a tunnel.

Protects a tcp tunnel by implementing aes in CBC mode to encrypt 16-byte blocks with an initialization vector and padding, then decrypts on the receiving side to ensure bidirectional communication.

Protect a tunnel using rsa encryption by generating 4096-bit key pairs and exporting pem public/private keys. Encrypt messages in blocks with pkcs1 padding and decrypt with the corresponding private keys.

Demonstrate a hybrid encryption workflow where the attacker uses the target's public key to encrypt a random 32-byte symmetric key, decrypted by the target's private key to secure shell commands.

Code a simple keylogger in Python 3 using the Pi input keyboard library to capture keystrokes and log them to a file, including backspace, by installing the library with pip.

Explore how KeePass credentials can be hijacked via clipboard activity, using a Python script to monitor and log copied usernames and passwords.

Explore how Chrome stores and decrypts saved passwords using the Windows logon password and the logon data database, enabling remote extraction of credentials.

In this bonus exercise, learners simulate dumping saved Chrome passwords and assess antivirus detection in a controlled lab.

Explore the man-in-the-browser attack, revealing how attackers intercept browser process API calls to extract sensitive data in memory before it reaches the network.

The lecture demonstrates how to use Immunity Debugger to attach to the Firefox process, locate the write function, set breakpoints, inspect memory dumps, and reveal login credentials.

Explore a Python-based proof-of-concept for debugging Firefox processes using the dbd library, attaching to Firefox, setting breakpoints, and reading memory to reveal credentials.

This exercise demonstrates exporting a credential-harvesting script as a standalone executable, testing local memory extraction of usernames and passwords across websites, and validating results from Facebook, Yahoo, and Twitter.

Learn how to perform DNS poisoning by editing the hosts file to map a hostname to an IP, require admin privileges, flush the DNS cache, and automate steps with Python.

Demonstrates redirecting Facebook traffic to a phishing page, capturing credentials with a modified login form, and storing data on a Kali Linux Apache setup.

Enable two-factor authentication with one-time passwords, and monitor login alerts for suspicious activity. Use updated devices and a trusted VPN on untrusted networks to guard against phishing and certificate errors.

Examine privilege escalation through service file permission weaknesses, where a standard user can replace a service executable to gain system privileges after restart.

Explore privilege escalation by preparing vulnerable software from exploit databases, creating a non-admin account, and testing service vulnerabilities with a Python-based approach.

Explore privilege escalation by examining how a malicious Windows service communicates with the Windows service control manager to escalate to admin privileges.

Explore privilege escalation by creating a new admin account and adding it to the administrators group. Demonstrate erasing tracks by clearing Windows event logs to hide activity.