Skip to main content

OOP Strategy-Pattern usefull for IT-Sec?

· 3 min read
Strider

The Strategy pattern is a design pattern from Object Oriented Programming. Why is this pattern actually very useful in IT security?

What exactly is the Strategy Pattern? The easiest way to imagine it is to use a practical example. Let's imagine we want to buy something at Amazon. We go to the checkout and have to pay. We get many payment options listed, e.g. credit card, Paypal, bank transfer, etc. No matter what we choose there it works and the payment is made. This is exactly the strategy pattern. The UML below illustrates how the whole thing is structured.

uml.png

But what is it useful for in IT security? There are many possible applications for this pattern:

  • Hashcracking (MD5, SHA-1 ... SHA-512, NTLM, NTLMv2...)
  • Various listeners e.g. reverse shell listener
  • Encoder for e.g. shellcodes.
  • Exploit launcher to easily launch different exploits

There are other possibilities as well. The advantage of the pattern is that no matter which strategy is selected, parameters can be easily set. Another advantage is the quick change of strategies.

#!/usr/bin/env python
# -*- coding:utf-8 -*-
import abc


class Strategy(object):
__metaclass__ = abc.ABCMeta

@abc.abstractmethod
def foo(self, params):
raise Exception("Not implemented")

This is how the "Interface" Strategy looks like in Python. Here then the method foo, which is called by the context in the individual strategies where this "interface" was inherited, is defined as a prototype.

#!/usr/bin/env python
# -*- coding:utf-8 -*-
from Strategy import Strategy


class FirstStrategy(Strategy):
def foo(self, params):
#use params if needed and doo stuff
#Implement your strategy here

This is what a real strategy looks like, which inherits the interface Strategy and implements it. Here you can pass optional parameters, which can be used in the further course of the code. This can be, the payload of an exploit set e.g. the host address and port.

#!/usr/bin/env python
# -*- coding:utf-8 -*-
from Strategy import Strategy


class Context(object):
__strategy = None

def __init__(self, strategy):
if isinstance(strategy, Strategy):
self.__strategy = strategy

def runFoo(self, params = {}):
return self.__strategy.foo(params)

The Context class is passed the respective Strategy in the constructor. Here it is checked whether the strategy is of the class type Strategy. The strategy is then assigned to the private attribute __strategy. The method runFoo, calls the method foo, from the strategy. The return is required here if return values are expected. Otherwise it can be omitted.

#!/usr/bin/env python
# -*- coding:utf-8 -*-
from Context import Context
import FirstStrategy, SecondStrategy, ThirdStrategy

results = Context(FirstStrategy.FirstStrategy()).runFoo({key1: value, key2: value})
print(results)
results = Context(SecondStrategy.SecondStrategy()).runFoo({key1: value, key2: value})
print(results)
results = Context(ThirdStrategy.ThirdStrategy()).runFoo({key1: value, key2: value})
print(results)

Here we have the "Client" which instantiates the Context. Next, a strategy is selected and instantiated here. Our context starts our strategy, which we have passed to it.

I hope I could show well here how useful the pattern can be in IT security. 😄