Web Security with Python | Setting Up Your Environment

Cyber Security Python
Transcript

English (Auto-generated)

everyone. So I promised in the last video we would do one about, we would do a cast about setting up the environment the way I have it, like where you have python three where you have flask where am I getting this code from? And also that I would give you guys a link to this github repo that I created which I'm gonna do. That's that should be in the description. I mean in a comment, it'll be in a comment and then the description because it's not ready yet, but I'll edit this description. So if it's not in the description yet, just wait like 10 minutes after this comes out and it will be there um but it will be there shortly. And in the meantime, let's look at everything else. So you can see that right here we have a Linux terminal. Um we can see what probably dash or dash do they run? I'm just gonna look so we see that here. You can just do this. So let's see what we can already see. It's bash. But just to show you don't know how much you guys have worked with Linux. Let's assume that it's nothing. And we can see we're running bash it's probably a cooler way to find it. But So you might notice this is just a terminal. The reason for that is I'm actually on this like M1 Mac that's not compatible with anything and it's taken some damage since I bought it. So I don't want to press it to like run hard, like I don't want to show you guys how to set this stuff up from scratch on a Mac because it's a nightmare. So I'm gonna show you want a boon to instead. But I can't run a boon to with a gooey because there's no way this computer would be able to handle that. And on windows, I've been using a regular user and I didn't know the admin password, so I have to like, find out where I wrote that down cause I never use it Anyway. So the point is we're doing this in a virtual machine on Linux and since I'm on M1, I had to install this AMG like server version of a go into that doesn't have a graphical user interface and I don't want it to have one because who knows if my my laptop can handle running that on top of its actual operating system. So this is what we're stuck with anyway. It doesn't really matter because we're gonna be using the command line, we will browse the web, but we'll use links, which is a command line based Sudo apt, install command line based web browser. I have no idea if this is really gonna work. The only thing I'm gonna need to show you with that is how you can find the Hello World app I started with by just googling for it basically. I think links works with google ah if it doesn't, then this is going to be a very interesting podcast. So I mean I can always just google it on my main desktop, like passing the link or something. Okay, so I just installed links. Um let's see what version of python We have none. Okay. Anything but you have Python three. So let me just try Python two. So we have python three installed but not python two, which is fine. But I'm gonna install this package that it suggested up here called Python is Python three installed. Python is Yeah. Oh it'll just whenever we say python or pip or anything, there won't be any confusion. Okay, so we should say python, we should be able to say pip. No, we gotta install that as well. So let's install kit pip. Is the python something, you know? NPM is node package manager. Right? But what's pip? It's like the something packages definitely involved in sort of python but I can't remember the specifics but the point is we gotta install python three. Let's see how long it takes to install it for. 2%. 12 minutes. Whoa. That is so much time. Okay. It seems like it's getting like 65. Let me see if it's actually gonna take that long. Like could it really? I mean clearly it hasn't been two minutes already since I started six years percent but if nothing else, like, since this is a code cast, I can't just like cut through that but let me just give it a chance to see how crazy it's gonna get. Yeah do do do do do do do do do do do do do do do do do do do do do. Yeah it's stuck around there so this might not be feasible for us. Oh man. Well who knew pip was such a serious install right here. I'm gonna go ahead and shut that off. The point is you're in it, we're gonna have to install pip. We're also gonna have to install temperatures. Yeah it's gonna make us install it and I don't think we can do it like something. We can do it with this. I know not happening. Okay I'm gonna google it real quick just to see like this tip you guys can't see this. But I'm gonna literally willing why does pip? It takes so long to install hot because some packages need to compile. So we have to like wait for those things to compile. Yeah. Alright so I guess it's it's compiling a bunch of stuff from source which makes it suck. Obviously were not already enough. Oh I can install flask by itself as a package from my operating system instead of via pick. I mean realistically like if you're gonna be doing stuff in python, you have to install pip. I just want to show you in this video. You already saw the command. Right so you guys are good to go let's see so much faster which is it's kind of weird but whatever. Sorry I have the sniffles lately by the way, it's super lot of allergens going on around you. Okay, so we now have flask. Yes, wonderful. Now I'm gonna show you where I got that Hello world code from. So let's do links google dot com. This is a command line based browser I was telling you guys about and we have a problem which is that the cab key, I don't think it's going to work here and the reason for that. Oh no it does work. Okay, so whoa okay so this is this is google in links, Mannlein based browser, obviously no images but it tries its best to render html and javascript which is kind of a plus, so we're just gonna look up flask. Hello world, this is what I did. This was the magic. Alright um and I went to this quick start I think probably and then I went down some and there was already somewhere I think that was that Yeah, there it is true routing, I don't know it's somewhere on here. I'm gonna google it on my main browser just to see because I'm not used to the formatting, I want to make sure I give you guys the right thing. So flats. Hello world, get that quick start and yeah, we have something about a minimal flask app so let's take a look. Oh there it was. Okay, so there it is actually yeah, so we have to see where it says previous flash documentation, quick start and our I'm I'm so sorry. Okay, this is a mess. Alright. So if you notice here it says a minimal minimal application, a minimal a minimal flask. Application looks something like this and then it says from flask, import flask, um app equals flask, name, app dot rob slash def. Hello world return. Hello world, that's the car. Can't copy and paste it here. So I'm gonna have to write it. But that is it. Whoa. We did it guys. So since we actually have flask installed, let's do it. Let's make our thing called like hello dot py. I didn't say it right from flask import flask. And I'm looking at the other code here in another window because I just had this one giant single user like commandments actually not single user but you know I have I have the os maps to a keyboard that I'm not actually using. Like I'm using a latin american keyboard and right now I haven't mapped to us because when I installed it, I didn't specify the keyboard I was using, that was being lazy. So that's some instant karma for me. And that said the uh a robot is what's called the at sign. It's so much easier to get to on on the US keyboard layout, half that route slash I lived for a long time in the US so I can kind of remember like like slash for me it's the dash symbol, so I know where it's at kind of thing. Alright. Call back all those all instincts and then we have Hello world. You continue making all these random mistakes. That's that's the reason. So there's a little bit of lore for all your hard core fans, the show that I know are out there. I hope. Maybe not yet. Soon. Soon. And then we have Hello? Hello World. Yes, that's in the same spot. At least. Beautiful. And I got to close this true church. We're just there we go. That's our Hello world. Our Now let's look at it running. So we're gonna say this isn't gonna work, but we're gonna say flask run and it's gonna say could not locate a flask. Application. Did you not provide the flask app? Environment variable. And a w S G I dot pi or pi module is not found in the current ranking. Okay. That's some kind of weird grammar there. But what they're saying is when you say flask run, what file is it supposed to run? What's like your main file? Um The way you do that is by setting an environmental variable or probably other ways. That is the way I know how to do it. That's equal to the name of your main file without dot right. So we made our file called hello dot pi. Therefore our flask run variables should just be called Hello and now for you because I forgot to tech support it. So it wasn't made available to other processes. Okay. And it's still mad because I said I called it flask run, but if you read the texas that flask app, here we go, it's running, I'm gonna put it in the background. I don't think you can do that, I don't think it keeps running, it actually stops, but I'm gonna try it. It's been a while since I was really into UNIX and UNIX stuff. Yeah, it doesn't work. So I'm gonna pack foreground to bring it back and I'm gonna kill it. So what you can do in that case to run something in the background on Linux, for those of you who don't know, I don't know where the ampersand is on this keyboard. There we go. Sorry, I know it is on my keyboard, but as I was saying, unfortunately, um unfortunately I was gonna tell you guys, I mean I have the wrong keyboard layout, so expect a lot of wacky areas like this. So for one I'm gonna take okay, so I'm gonna take all input and output and send it to dev dot no, which means ignore it. And I'm gonna run this process in the background. There we go. So now I have to do that with I am a newbie, so this gets rid of all input and output and runs the process in the background and if you wanted to keep running after you're gone, you can run no hop first, there's no hang up. So when the terminal tends to like, hey, I've disconnected symbol, the president stop. This is basically how you make, what's called a demon and Linux something that just keeps running in the background without needing a chef or user session or anything like that. We don't do no harm because we're actually gonna, we're gonna kill us right now. But first we're gonna run it, it's probably running that created it should, it should create some kind of file for the output that we can normally look at, but I don't see any anything so whatever because I sent all the input output to dev null. So anyway, we should be able to use curl now how we're going to curl? Local host and we get Hello world. OMG what it works. That's it. That's all you need to know. Um we will use other tools later in the series like N map will you use ssh to use all kinds of stuff. A lot of that stuff is gonna be preinstalled on Linux, but not on windows Or it might be um easy to do on some operating system and not on another. Usually Linux will be the easy one. not, it's not some like design inherent part of the design of Linux. It's just a lot more Linux. Users tend to be interested in this. And so when they're thinking about the ux of a Linux operating system, they tend to facilitate this kind of work a lot. And the way that they're just not going to do for Mac and Windows. If you're on Mac, I highly recommend you use brew, which is a great package manager system for mac. They probably have something newer and better you can look into. But I know about Peru. It's a way to install packages that similar. Similar using Apt, install the final thing. You might wonder why use Aps instead of Apt. Get Apt. Get is a version that's like non interactive. That's meant more for scripting. And when you're using it manually using Apt install or sudo apt install if you're not root, which you shouldn't. All right. I think you should have a decent idea of this setup. Hopefully that helped you. I'm super excited to get to the next video which will have more vulnerabilities and like I said, I will put that gIT repo in the description. In fact, you know what I can edit the description like while I'm doing this live. So I'm gonna go get that. Get report right now. It's not ready yet, but who cares? Okay, load it up. Get hub and it's called python second cast with dashes. I'm gonna put it right here repo for this series. It was boom, can't spell All right. I have updated it and I am going to end the stream signing out. See you all
25 Views 0 Likes 0 Comments

Installing and running a flask app on Ubuntu to follow along with my other videos Github repo for this series: https://github.com/JesusAlexV/Python-Sec-Cast

Comment
Leave a comment (supports markdown format)