Launching HTB CWEE: Certified Web Exploitation Expert Learn More

Introduction to Python 3

Automating tedious or otherwise impossible tasks is highly valued during both penetration testing engagements and everyday life. Introduction to Python 3 aims to introduce the student to the world of scripting with Python 3 and covers the essential building blocks needed for a beginner to understand programming. Some advanced topics are also covered for the more experienced student. In a guided fashion and starting soft, the final goal of this module is to equip the reader with enough know-how to be able to implement simple yet useful pieces of software.

4.59

Created by Fugl

Easy General

Summary

This module introduces programming with Python 3 and guides the reader through writing simple yet useful pieces of software, little by little. Starting gently with the essential building blocks, we will work our way through different techniques and functional data structures and end up with working software that is easy to modify and add new features to.

In this module, we will, among other topics, cover:

  • A short introduction to Python 3 as a language
  • Variables and simple data structures
  • Working with loops and program control
  • Working with functions, classes, and modules

The module is broken down into smaller sections in which we will cover not just the different, newly introduced concepts but also how we can utilize these to improve the code. The module contains small exercises that will help connect the dots, and most sections of the module will include a fair bit of code and thorough breakdowns of the additions and changes made to it. It is recommended to follow along by typing out everything by hand as additional practice.

The final goal of this module is to equip the reader with enough know-how to be able to implement simple pieces of software, for example, a website word extractor. Homemade tools like these will, in some situations, help the author overcome otherwise very challenging obstacles. The example program we will be making - the word extractor - will, in the end, enable us to generate a list of the most common words of a certain length found on a particular website. A list like this could be used to create a targeted word list for password spraying against an exposed company login page or brute force attacks when combined with other tools.

You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

The module is classified as "Easy". Still, it assumes a working knowledge of using a command-line terminal to perform basic operations such as running the code or installing a Python package. This module further assumes that Python version 3.7.x or later is installed on your local computer already for the full experience.

A firm grasp of the following modules can be considered prerequisites for successful completion of this module:

  • Learning Process
  • Linux Fundamentals

Introduction to Python 3


Welcome to Introduction to Python 3. This module will cover most of the essentials you need to know to get started with Python scripting. Whether you have a background in IT or just starting, this module will attempt to guide you through the process of creating small but useful scripts. This module will present to you an amount of code that will, depending on your previous experience, seem just enough or quite a lot. But fear not, we will get through this together.

So why even learn Python, one might ask? Python is one of the most popular scripting languages currently. This makes it a popular choice for automation of everyday tasks or the development of tools. In the InfoSec world, plenty of so-called PoCs (Proof of Concepts) are written in Python, as are many popular tools for penetration testing. The simplicity of the language makes it appealing to use when a need to "just write something quickly" arises. Yet, the language's flexibility and community support also make it a perfect candidate for larger projects. Whether you need to write a simple script that will automate a repetitive task on a website, crawling or analyzing large amounts of data, performing buffer overflow attacks, creating an interactive service, or something completely different, Python makes development easy.

Python is an interpreted language, which means the code itself is not compiled into machine code like C code. Instead, it is interpreted by the Python program, and the instructions in the script(s) are executed. Python is a high-level language meaning the scripts we produce are simplified for our convenience so that we do not need to worry about memory management, system calls, and so forth. Furthermore, Python is a general-purpose, multi-paradigm language that is a fancy way of saying "you can use it for most things with ease" and "it doesn't mind if you prefer one style or another."

As for the coding style, we will gently touch on the object-oriented style because this makes reasoning about code a lot simpler. Essentially, object-oriented programming will likely feel less intimidating if you've ever played with either blocks or bricks of either digital or physical form. Lastly, Python is rumored to be easy to read, especially in the beginning. This may be because of its close resemblance to the English language and its strict requirements for proper code indentation.

In this module, there will be code examples and lots of them. It is highly recommended that you type out all of the code by hand as you read along and refrain from copying and pasting. This will help you get in the flow and will help you remember what you learned. It is also highly recommended to explore and play around with the tools and techniques taught in this module. It is assumed that Python 3 is already installed on your system and that the Python 3 executable is in the PATH. A web-based virtual machine with Python 3 already installed and configured properly will be provided for all relevant sections.

Once again, welcome to the module.

Sign Up / Log In to Unlock the Module

Please Sign Up or Log In to unlock the module and access the rest of the sections.

Relevant Paths

This module progresses you towards the following Paths

Intro to Binary Exploitation

Binary exploitation is a core tenet of penetration testing, but learning it can be daunting. This is mainly due to the complexity of binary files and their underlying machine code and how binary files interact with computer memory and the processor. To learn the basics of binary exploitation, we must first have a firm grasp of Computer Architecture and the Assembly Language. To move into more advanced binary exploitation, we must have a firm grasp on basic buffer overflow attacks, principles such as CPU architecture, and CPU registers for 32-bit Windows and Linux systems. Furthermore, a strong foundation in Python scripting is essential for writing and understanding exploit scripts.

Hard Path Sections 62 Sections
Required: 170
Reward: +50
Path Modules
Easy
Path Sections 14 Sections
Reward: +10
Automating tedious or otherwise impossible tasks is highly valued during both penetration testing engagements and everyday life. Introduction to Python 3 aims to introduce the student to the world of scripting with Python 3 and covers the essential building blocks needed for a beginner to understand programming. Some advanced topics are also covered for the more experienced student. In a guided fashion and starting soft, the final goal of this module is to equip the reader with enough know-how to be able to implement simple yet useful pieces of software.
Medium
Path Sections 24 Sections
Reward: +20
This module builds the core foundation for Binary Exploitation by teaching Computer Architecture and Assembly language basics.
Medium
Path Sections 13 Sections
Reward: +10
Buffer overflows are common vulnerabilities in software applications that can be exploited to achieve remote code execution (RCE) or perform a Denial-of-Service (DoS) attack. These vulnerabilities are caused by insecure coding, resulting in an attacker being able to overrun a program's buffer and overwrite adjacent memory locations, changing the program's execution path and resulting in unintended actions.
Medium
Path Sections 11 Sections
Reward: +10
This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities on Windows machines.