Sign in Subscribe
By Motasem Hamdan

Python Basics For Penetration Testers | TryHackMe Walkthrough

Introduction

Python Basics For Penetration Testers | TryHackMe Walkthrough

Introduction

In this post, we covered Python programming basics for penetration testers and cyber security specialists. We focused first on covering the basics such as variables, data types, operator types, if statements and loops. In the next section, we covered practical applications of cyber security concepts using Python such as hash cracking, subdomain enumeration, directory enumeration,etc. This was part of TryHackMe walkthrough for two rooms; TryHackMe python basics and TryHackMe Python for pentesters.

Offensive Security Certified Professional Study Notes and Guide
This is a 1562 pages of notes that will guide and help you prepare for and pass the OSCP exam taking into account the…
HackTheBox Certified Penetration Testing Specialist (CPTS) Study Notes
Table of content:- About the CPTS exam- Tips to prepare- Recommended HackTheBox machines to practice- Information…

Introduction

Walkthrough of TryHackMe rooms focusing on relevant topics.

Overview of the video: Covers Python programming basics and its application in cybersecurity.

Learning Objectives

  • Build foundational Python skills.
  • Apply Python concepts to cybersecurity-related scenarios.
  • Gain familiarity with TryHackMe environments for hands-on learning.

Key Python Concepts Covered

Basic Python Syntax

  • Printing statements: Demonstrating basic print functionality.
  • Example: Printing “Learn security with TryHackMe.”

Mathematical Operations

  • Performing addition, subtraction, multiplication, and exponentiation directly in Python using the print function without variables.
  • Explanation of how Python handles mathematical expressions within print statements.

Variables and Data Types

  • Creating and manipulating variables.
  • Example: Setting height to 200, adding 50, and printing the updated value.
  • Emphasis on understanding integers and avoiding string usage when printing numerical values.

Conditional Statements

  • Developing logic for customer basket costs with if-else conditions.
  • Scenario:
  • If basket cost > 100: Free shipping.
  • Otherwise: Calculate shipping cost as $1.20 per kg of basket weight.
  • Step-by-step explanation of Python syntax and logic implementation.

Loops

  • Introduction to for loops:
  • Example: Iterating from 0 to 50.
  • Explanation of the range() function and its behavior.
  • Adjustments to starting values for customization.

Functions

  • Building reusable code blocks.
  • Example: Creating a function Bitcoin_to_USD to calculate the USD value of a given amount of Bitcoin.
  • Emphasis on parameter passing and return values.

File Handling

Using Python’s open() function to read and print a file’s content.

Python Projects

Shipping Cost Calculator

  • Program to calculate total basket costs including shipping.
  • Logic:
  • Free shipping for costs over $100.
  • Shipping cost $1.20 per kg for lower basket values.
  • Example: For a basket cost of $34 and weight 44kg, calculate the total cost as $86.80.

Bitcoin Conversion

Function Development

  • The function Bitcoin_to_USD takes two arguments:
  • Bitcoin amount: The number of Bitcoins owned.
  • Bitcoin value in USD: The current market value of Bitcoin.
  • The function calculates the total value of the Bitcoin investment and returns it.

Updating Bitcoin Value

  • Demonstration of updating the Bitcoin market value in code.
  • For instance, setting Bitcoin value in USD to $24,000 to check if the value drops below $30,000.

Conditionals for Monitoring

  • If the Bitcoin value is less than $30,000, an alert is printed.
  • If the value equals $30,000, a message of normalcy is printed.
  • If the value is above $30,000, the script indicates profit.

Subdomain Enumeration

Overview

  • A Python script is used to enumerate possible subdomains of a target domain.
  • Reads a wordlist containing potential subdomain names.

Steps in the Script

  • Libraries imported: requests and sys.
  • The wordlist is read and split line-by-line into a list of potential subdomains.
  • A for loop iterates through the subdomains, forming HTTP requests to verify their existence.

Output and Validation

  • A successful response (e.g., HTTP status 200) confirms the subdomain’s existence.
  • Error handling with try-except ensures robustness.

Alternative Protocol

  • Discussion of DNS as an alternative protocol for subdomain enumeration.

Directory Enumeration

Purpose

  • Identify files and directories on a web server during a penetration testing engagement.

Process

  • Read a wordlist of potential directory names.
  • Use HTTP requests to check for the existence of directories.
  • HTTP status codes:
  • 200 or 301: Valid directory.
  • 404: Directory not found.

Example Results

  • Found directories: index, Appollo, private, and server.
  • Specific findings:
  • Login page under /private.
  • Usernames and passwords under /server.

Network Scanning with Python

Objective

  • Identify live hosts in a network using ARP (Address Resolution Protocol).

Script Details

  • Importing the Scapy library for networking operations.
  • Defining variables:
  • Network interface.
  • IP range.
  • Broadcast MAC address.
  • The script sends ARP packets to scan the network.

Why ARP?

  • ARP is used because ICMP (ping) is often blocked on networks.

Video Walkthrough

Previous

OSCP vs COMPTIA Pentest+ : Detailed Comparison

 Next

Intermediate Linux Course | TryHackMe Linux Strength Training

You might also like...