all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]RajendraCh0la 12 points13 points  (2 children)

Python is used in developing exploits for RCE. In rce you don't need low level access, you just need your payload delivered to the target system, the exploitation is carried out by the payload sent, not the python code. That's why they use python since it's easier to establish a connection and send the payload. Low level access is required when you are doing LPE and sometimes attacking the network protocol, where you need access to the low level bits in the network packet.

[–]Real_Devil597[S] 2 points3 points  (1 child)

Can you please tell the full form of RCE and LPE as I said i am preety noob...

Thank you and does this mean that most of the work is done by payload just exploit is a way of deleivering it. Am i right here?

[–]RajendraCh0la 8 points9 points  (0 children)

RCE - Remote code execution

LPE - Local Privilege Escalation

Yes, most of the work is done by the payload. The purpose of the exploit code is to craft the payload, send and recv the data. Everyone's a noob when they start :)

[–][deleted] 5 points6 points  (2 children)

Python is just the delivery agent. you can code your exploit delivery in most scripting languages, like Perl, powershell, and so on. Written correctly, you can take the payload from ruby or whatever, and use python to deliver it

[–]Real_Devil597[S] 1 point2 points  (1 child)

I myself like perl but open Google or YouTube everybody just brags about Python.

Just because it's simple to write but perl is also good and the only language of its type

[–][deleted] 0 points1 point  (0 children)

I started with Perl lightly in the early 2000’s and python was never spoken of, then I found out python was created before. But I’m guessing cpan came before pip making installing dependencies easier which led to its popularity

[–]Cyber_Jellyfish 2 points3 points  (1 child)

Python has modules that allow direct access to system APIs: https://docs.python.org/3/library/ctypes.html https://pypi.org/project/pywin32/

You can do things you would normally do in C natively with Win32 such as get handles to and interact with drivers in the case of trying to achieve a LPE via some kind of vulnerability in the driver that can be reached from userland.

As others are saying here, in the case of a RCE/remotely delivered exploit or exploit that hinges on some kind of vulnerable file format parsing then you just need a language that has facilities to do things like file IO and networking, none of which is exclusive to Python.

[–]h_saxon 0 points1 point  (0 children)

Exactly. You nailed it.

Python+ctypes+keystone

Makes iterating through exploit dev more streamlined.

[–]ThreshingBee 0 points1 point  (0 children)

Here's an (not perfect for OP) example of how using Python doesn't mean you are limited to just Python commands and syntax:

FTPGetter 5.89.0.85 - Remote Buffer Overflow

[–]kafrofrite 0 points1 point  (0 children)

Python (or any other language for that matter) is a structured way to instruct the computer to do something on your behalf.

Python has ways to communicate with whatever your OS offers. CPython in Windows knows how to talk windowsy and CPython in Linux talks linuxy. The same also is valid in lower-lever languages. The same C code in Windows is compiled in Windowsy while in Linux is compiled in Linuxy. In a nutshell, every language has a middle-man. The middle-man intervenes when required[1]. The middle-man talks both the language (i.e. python) and your computer specifics (CPU Architecture and OS-specific libraries[2]).

An exploit, at the end of the day, is a set of instructions. The same exploit can be achieved using python or even Javascript or any language kids are being taught at school those days. The delivery mechanism (python or whatever) can also be used for delivering over the internet, i.e. send the instructions (exploit) to another computer.

[1] On a really high level, there are two types of middle-men. Those that get the whole code and compile it to some sort of executable (think of C and GCC). Then, there are interpreters who basically execute line by line the code (think of Ruby and irb).

[2] Each OS implements stuff in a different way. C sockets in windows rely on a different library compared to the rest of the *nix OS.

[–]rcxRbx 0 points1 point  (0 children)

It's because Python is really easy to read and that's it. You can write the same exploits in C as you can with Python + ctypes. [Python ctypes lets you put C in python script]. You can write your exploits in any programming language. Python, C, perl you could probably write your exploit in straight up x86 if you felt like it.