WEBVTT 00:00.410 --> 00:03.140 In numerous instances during penetration tests. 00:03.170 --> 00:10.970 We as hackers have found ourselves in situations where we urgently required a TCP client, whether it 00:10.970 --> 00:17.060 was to test services, send malformed data, perform fuzzing or tackle a range of other tasks. 00:17.060 --> 00:21.050 So the need for TCP client has been prevalent. 00:21.080 --> 00:27.290 However, operating within the confines of large enterprise environments often means forfeiting the 00:27.290 --> 00:30.140 luxury of creating our tools. 00:30.230 --> 00:35.080 So now we will write our code and I will explain. 00:35.090 --> 00:38.120 First, we will import the sockets here. 00:38.720 --> 00:44.030 Socket is a socket here and we will, for example, let's make the target host. 00:44.060 --> 00:45.800 Target host. 00:45.830 --> 00:50.280 Let's make the google w-w-w dot google.com. 00:50.300 --> 01:01.320 Of course, the port of Http is 80 target target port here is 80 http protocol. 01:01.320 --> 01:04.020 And now we will create a socket object. 01:04.020 --> 01:08.560 So client here we will socket dot socket here. 01:08.580 --> 01:12.030 So firstly we will here, let's try it. 01:12.030 --> 01:16.530 And the second first that it gets address family and then socket kind. 01:16.530 --> 01:17.040 Right. 01:17.040 --> 01:18.330 So socket. 01:19.470 --> 01:24.690 That a of init here and socket. 01:26.920 --> 01:28.690 But sock stream. 01:28.900 --> 01:32.230 And here then we will connect the client. 01:32.230 --> 01:34.720 So client dot. 01:36.520 --> 01:37.600 Connect. 01:39.750 --> 01:42.270 Connect here and now. 01:42.270 --> 01:47.100 Firstly, we will enter the target host and target port, right? 01:47.850 --> 01:50.580 And here we will send some data. 01:51.180 --> 02:00.480 In order to do that, we will use the client dot send method and here we will get we will enter B here 02:00.510 --> 02:01.350 get. 02:03.480 --> 02:09.930 Http and 1.1 R and n host. 02:11.800 --> 02:17.950 Now we will enter Google.com and after that we will inside this. 02:18.860 --> 02:19.450 Print. 02:19.880 --> 02:21.560 N r n here. 02:21.770 --> 02:26.960 And after that we will after sending, we will need to receive data to show print on the screen. 02:26.960 --> 02:27.380 Right? 02:27.380 --> 02:30.560 So now we will print the response. 02:30.590 --> 02:33.470 Response dot decode. 02:33.470 --> 02:35.240 And after that. 02:36.100 --> 02:38.110 It will add another here. 02:38.960 --> 02:40.580 Client that clause. 02:40.610 --> 02:41.480 That's it. 02:42.100 --> 02:46.200 So here we after that we send sending some data. 02:46.210 --> 02:49.450 Of course, we need to get the create this response here. 02:49.450 --> 02:55.870 And in order to do that, of course, we need to personally do this like that. 02:55.870 --> 03:00.580 And after that, getting the response from the client. 03:00.610 --> 03:04.570 We will open the here and now we will get the response. 03:04.570 --> 03:06.460 So response. 03:06.460 --> 03:09.040 Client client. 03:10.680 --> 03:13.860 Client that rests here. 03:13.860 --> 03:16.110 And 4096. 03:16.440 --> 03:17.250 That's it. 03:18.560 --> 03:20.270 So here, let's run this. 03:22.190 --> 03:24.140 And as you can see here, we got this. 03:24.140 --> 03:28.460 Let's actually change this to double, double, double dot. 03:29.540 --> 03:30.140 Auxilia. 03:30.170 --> 03:32.930 Com and here. 03:37.790 --> 03:38.150 House. 03:42.980 --> 03:46.520 And as you can see here, we got a bad request here. 03:47.270 --> 03:49.340 We have a firewall on our website. 03:49.460 --> 03:53.860 So to create a TCP client, we begin by initializing this. 03:53.870 --> 03:58.130 Actually, I'll get my pen, my pen here, and I will draw things on the screen. 03:58.720 --> 04:01.600 So to create a TCP client. 04:02.510 --> 04:05.420 We begin by initializing. 04:06.080 --> 04:07.550 A socket object. 04:08.210 --> 04:10.850 A socket object with n parameters. 04:10.880 --> 04:14.780 A if init and sock stream. 04:16.270 --> 04:29.560 And the af init parameter signifies the use of the standard IPV four ipv four protocol and the address 04:29.560 --> 04:30.220 or hostname. 04:30.220 --> 04:38.680 While the SOC stream here indicates that this is t c p protocol. 04:38.800 --> 04:39.640 Right. 04:39.670 --> 04:45.310 So and indicates that the client will operate over TCP. 04:45.520 --> 04:50.560 Next, we establish a connection between the client and server here. 04:50.590 --> 04:53.380 Connect with this code here. 04:54.940 --> 04:55.330 Actually. 04:55.690 --> 04:56.280 Yes. 04:56.290 --> 05:02.590 So we next we establish the connection with client and server, ensuring that they can communicate to 05:02.590 --> 05:04.120 send data to the server. 05:04.120 --> 05:10.000 We convert the we convert data into bytes by bytes and transmitted. 05:10.000 --> 05:14.830 So the final statement was receiving a response from the server which is here. 05:15.640 --> 05:20.020 So the and after that we are printing out here, right? 05:20.020 --> 05:23.110 So and after that we are closing that. 05:23.460 --> 05:28.240 So the code here provides a simple and commonly used form of TCP client. 05:28.240 --> 05:34.150 However, it's important to acknowledge that certain assumptions made by these quotes, this code here 05:34.150 --> 05:36.130 regarding sockets here. 05:36.130 --> 05:39.670 So firstly, it assumes that the connection will always succeed. 05:39.670 --> 05:45.430 Secondly, it assumes that the server expects the client to send data first, even though some servers 05:45.430 --> 05:48.910 may anticipate sending data to the client and the waiting a response. 05:48.940 --> 05:56.560 Lastly, it assumes that the server will consistently return data promptly so these assumptions are 05:56.560 --> 05:58.570 primarily made for the sake of simplicity. 05:58.570 --> 06:03.670 So while there are various approaches to handling, blocking sockets, exception handling and similar 06:03.670 --> 06:09.940 aspects, penetration testers often prioritize efficiency and expedience when building quick and dirty 06:09.970 --> 06:13.150 tools for reconnaissance or exploitation purposes. 06:13.180 --> 06:18.940 Consequently, in this lecture we will omit the inclusion inclusion for more advanced socket handling 06:18.970 --> 06:19.720 techniques.