Python for Cybersecurity Using Python for Cyber

Offense and Defense 1st Edition Howard E. Poston

pdf download

https://ebookmeta.com/product/python-for-cybersecurity-using-
python-for-cyber-offense-and-defense-1st-edition-howard-e-poston/

Download more ebook from https://ebookmeta.com

We believe these products will be a great fit for you. Click
the link to download now, or visit ebookmeta.com
to discover even more!

Python for Cybersecurity Using Python for Cyber Offense

and Defense 1st Edition Poston Iii

https://ebookmeta.com/product/python-for-cybersecurity-using-
python-for-cyber-offense-and-defense-1st-edition-poston-iii/

Python Programming for Cybersecurity A Comprehensive

Handbook for Beginners 1st Edition Bytebazzar
Publications

https://ebookmeta.com/product/python-programming-for-
cybersecurity-a-comprehensive-handbook-for-beginners-1st-edition-
bytebazzar-publications/

Python Tools for Scientists An Introduction to Using

Anaconda JupyterLab and Python s Scientific Libraries
1st Edition Lee Vaughan

https://ebookmeta.com/product/python-tools-for-scientists-an-
introduction-to-using-anaconda-jupyterlab-and-python-s-
scientific-libraries-1st-edition-lee-vaughan/

DK Eyewitness The Greek Islands Dk Eyewitness

https://ebookmeta.com/product/dk-eyewitness-the-greek-islands-dk-
eyewitness/
The NFT Handbook How to Create Sell and Buy Non
Fungible Tokens 1st Edition Matt Fortnow

https://ebookmeta.com/product/the-nft-handbook-how-to-create-
sell-and-buy-non-fungible-tokens-1st-edition-matt-fortnow/

You re So Dead 1st Edition Ash Parsons [Parsons

https://ebookmeta.com/product/you-re-so-dead-1st-edition-ash-
parsons-parsons/

Putting Psychology in Its Place Critical Historical

Perspectives 4th Edition Graham Richards

https://ebookmeta.com/product/putting-psychology-in-its-place-
critical-historical-perspectives-4th-edition-graham-richards-2/

HR Here and Now The Making of the Quintessential People

Champion 1st Edition Ganesh Chella

https://ebookmeta.com/product/hr-here-and-now-the-making-of-the-
quintessential-people-champion-1st-edition-ganesh-chella/

Callum s Hope A Curvy Girl Holiday Romance Silver Spoon

Falls 1st Edition Nichole Rose

https://ebookmeta.com/product/callum-s-hope-a-curvy-girl-holiday-
romance-silver-spoon-falls-1st-edition-nichole-rose/
Special Issue Law and the Imagining of Difference 1st
Edition Austin Sarat

https://ebookmeta.com/product/special-issue-law-and-the-
imagining-of-difference-1st-edition-austin-sarat/
Python® for Cybersecurity
Using Python for Cyber Offense
and Defense

Howard E. Poston III

Copyright © 2022 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

978-­1-­119-­85064-­9
978-­1-­119-­85070-­0 (ebk.)
978-­1-­119-­85065-­6 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108
of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization
through payment of the appropriate per-­copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers,
MA 01923, (978) 750-­8400, fax (978) 750-­4470, or on the web at www.copyright.com. Requests to the Publisher for
permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ
07030, (201) 748-­6011, fax (201) 748-­6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with
respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including
without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or
promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work
is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional
services. If professional assistance is required, the services of a competent professional person should be sought. Nei-
ther the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website
is referred to in this work as a citation and/or a potential source of further information does not mean that the author
or the publisher endorses the information the organization or Website may provide or recommendations it may make.
Further, readers should be aware the Internet Websites listed in this work may have changed or disappeared between
when this work was written and when it is read.

For general information on our other products and services or for technical support, please contact our Customer Care
Department within the United States at (800) 762-­2974, outside the United States at (317) 572-­3993 or fax (317) 572-­4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available
in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2021951037

Trademarks: WILEY and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or
its affiliates, in the United States and other countries, and may not be used without written permission. Python is a
registered trademark of Python Software Foundation. All other trademarks are the property of their respective owners.
John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Cover image: © Alexander/Adobe Stock

Cover design: Wiley/Michael E. Trent

To Rachel
 About the Author

Howard E. Poston III is a freelance consultant and content creator with a focus
on blockchain and cybersecurity. He has developed and taught more than a
dozen courses exploring and explaining various aspects of cybersecurity and
has written hundreds of articles on the subject on different outlets. Howard
Poston is also the author of several academic articles on security topics, and has
spoken on blockchain and cybersecurity at international security conferences.

Acknowledgments

Thanks to my technical editor, Ben Heruska, and the amazing team at Wiley
without whom this book would not have been possible.

iv
 About the Technical Editor

Benjamin Heruska is a military officer and computer engineer in the United

States Air Force, which he joined in 2008. He has diverse military engineering
experience across a broad range of computing disciplines, including embedded
RF systems development, IT and cybersecurity tool development, software
development, vulnerability analysis, cybersecurity incident response, big data
engineering and analytics, ICAM development, and technical leadership.

v
 Contents at a Glance

Introductionxvii
Chapter 1 Fulfilling Pre-­ATT&CK Objectives 1
Chapter 2 Gaining Initial Access 19
Chapter 3 Achieving Code Execution 39
Chapter 4 Maintaining Persistence 55
Chapter 5 Performing Privilege Escalation 77
Chapter 6 Evading Defenses 89
Chapter 7 Accessing Credentials 105
Chapter 8 Performing Discovery 125
Chapter 9 Moving Laterally 141
Chapter 10 Collecting Intelligence 157
Chapter 11 Implementing Command and Control 169
Chapter 12 Exfiltrating Data 183
Chapter 13 Achieving Impact 199
Index213

vii
 Contents

Introductionxvii
Chapter 1 Fulfilling Pre-­ATT&CK Objectives 1
Active Scanning 2
Scanning Networks with scapy 2
Implementing a SYN Scan in scapy 4
Performing a DNS Scan in scapy 5
Running the Code 5
Network Scanning for Defenders 6
Monitoring Traffic with scapy 7
Building Deceptive Responses 8
Running the Code 9
Search Open Technical Databases 9
Offensive DNS Exploration 10
Searching DNS Records 11
Performing a DNS Lookup 12
Reverse DNS Lookup 12
Running the Code 13
DNS Exploration for Defenders 13
Handling DNS Requests 15
Building a DNS Response 15
Running the Code 16
Summary17
Suggested Exercises 17
Chapter 2 Gaining Initial Access 19
Valid Accounts 20
Discovering Default Accounts 20
Accessing a List of Default Credentials 21
Starting SSH Connections in Python 22

ix
x Contents

Performing Telnet Queries in Python 23

Running the Code 24
Account Monitoring for Defenders 24
Introduction to Windows Event Logs 25
Accessing Event Logs in Python 28
Detecting Failed Logon Attempts 28
Identifying Unauthorized Access to Default Accounts 30
Running the Code 30
Replication Through Removable Media 31
Exploiting Autorun 31
Converting Python Scripts to Windows Executables 32
Generating an Autorun File 33
Setting Up the Removable Media 34
Running the Code 34
Detecting Autorun Scripts 34
Identifying Removable Drives 35
Finding Autorun Scripts 36
Detecting Autorun Processes 36
Running the Code 36
Summary37
Suggested Exercises 37
Chapter 3 Achieving Code Execution 39
Windows Management Instrumentation 40
Executing Code with WMI 40
Creating Processes with WMI 41
Launching Processes with PowerShell 41
Running the Code 42
WMI Event Monitoring for Defenders 42
WMI in Windows Event Logs 43
Accessing WMI Event Logs in Python 45
Processing Event Log XML Data 45
Running the Code 46
Scheduled Task/Job 47
Scheduling Malicious Tasks 47
Checking for Scheduled Tasks 48
Scheduling a Malicious Task 48
Running the Code 49
Task Scheduling for Defenders 50
Querying Scheduled Tasks 51
Identifying Suspicious Tasks 52
Running the Code 52
Summary53
Suggested Exercises 53
 Contents xi

Chapter 4 Maintaining Persistence 55

Boot or Logon Autostart Execution 56
Exploiting Registry Autorun 56
The Windows Registry and Autorun Keys 57
Modifying Autorun Keys with Python 60
Running the Code 61
Registry Monitoring for Defenders 62
Querying Windows Registry Keys 63
Searching the HKU Hive 64
Running the Code 64
Hijack Execution Flow 65
Modifying the Windows Path 65
Accessing the Windows Path 66
Modifying the Path 67
Running the Code 68
Path Management for Defenders 69
Detecting Path Modification via Timestamps 69
Enabling Audit Events 71
Monitoring Audit Logs 73
Running the Code 75
Summary76
Suggested Exercises 76
Chapter 5 Performing Privilege Escalation 77
Boot or Logon Initialization Scripts 78
Creating Malicious Logon Scripts 78
Achieving Privilege Escalation with Logon Scripts 79
Creating a Logon Script 79
Running the Code 79
Searching for Logon Scripts 80
Identifying Autorun Keys 81
Running the Code 81
Hijack Execution Flow 81
Injecting Malicious Python Libraries 82
How Python Finds Libraries 82
Creating a Python Library 83
Running the Code 83
Detecting Suspicious Python Libraries 83
Identifying Imports 85
Detecting Duplicates 85
Running the Code 86
Summary86
Suggested Exercises 87
xii Contents

Chapter 6 Evading Defenses 89

Impair Defenses 90
Disabling Antivirus 90
Disabling Antivirus Autorun 90
Terminating Processes 93
Creating Decoy Antivirus Processes 94
Catching Signals 95
Running the Code 95
Hide Artifacts 95
Concealing Files in Alternate Data Streams 96
Exploring Alternate Data Streams 96
Alternate Data Streams in Python 97
Running the Code 98
Detecting Alternate Data Streams 98
Walking a Directory with Python 99
Using PowerShell to Detect ADS 100
Parsing PowerShell Output 101
Running the Code 102
Summary102
Suggested Exercises 103
Chapter 7 Accessing Credentials 105
Credentials from Password Stores 106
Dumping Credentials from Web Browsers 106
Accessing the Chrome Master Key 108
Querying the Chrome Login Data Database 108
Parsing Output and Decrypting Passwords 109
Running the Code 109
Monitoring Chrome Passwords 110
Enabling File Auditing 110
Detecting Local State Access Attempts 111
Running the Code 113
Network Sniffing 114
Sniffing Passwords with scapy 114
Port-­Based Protocol Identification 116
Sniffing FTP Passwords 116
Extracting SMTP Passwords 117
Tracking Telnet Authentication State 119
Running the Code 121
Creating Deceptive Network Connections 121
Creating Decoy Connections 122
Running the Code 122
Summary123
Suggested Exercises 123
 Contents xiii

Chapter 8 Performing Discovery 125

Account Discovery 126
Collecting User Account Data 126
Identifying Administrator Accounts 127
Collecting User Account Information 128
Accessing Windows Password Policies 128
Running the Code 129
Monitoring User Accounts 130
Monitoring Last Login Times 130
Monitoring Administrator Login Attempts 131
Running the Code 132
File and Directory Discovery 133
Identifying Valuable Files and Folders 133
Regular Expressions for Data Discovery 135
Parsing Different File Formats 135
Running the Code 136
Creating Honeypot Files and Folders 136
Monitoring Decoy Content 136
Creating the Decoy Content 137
Running the Code 138
Summary138
Suggested Exercises 139
Chapter 9 Moving Laterally 141
Remote Services 142
Exploiting Windows Admin Shares 142
Enabling Full Access to Administrative Shares 143
Transferring Files via Administrative Shares 144
Executing Commands on Administrative Shares 144
Running the Code 144
Admin Share Management for Defenders 145
Monitoring File Operations 146
Detecting Authentication Attempts 147
Running the Code 148
Use Alternative Authentication Material 148
Collecting Web Session Cookies 149
Accessing Web Session Cookies 150
Running the Code 150
Creating Deceptive Web Session Cookies 151
Creating Decoy Cookies 151
Monitoring Decoy Cookie Usage 153
Running the Code 153
Summary154
Suggested Exercises 155
Discovering Diverse Content Through
Random Scribd Documents
 “Well, it’s just as much fun for us, as it is for you boys to lie
around doing nothing, or cutting fish poles or—or—whatever you
do,” said Alice, rather at a loss for comparisons.
“But where are you bound for?” persisted Blake.
“Oh, off for a day in the woods,” said Mrs. Bonnell,
noncommittally.
“Aren’t we coming?” inquired Phil.
“Not this time, little boy. Run along and finish doing your breakfast
dishes,” mocked Marie. “We’re going out riding with some better-
looking chaps than you.”
“Meaning those fellows from We-Too camp?” demanded Jack.
“They happen to be going to take us,” said Natalie. “And we’ll be
sure of getting there and getting back.”
“Meaning a knock at our faithful old gasoline craft,” put in Blake.
“All right, young ladies, if you do get stuck you needn’t signal us for
a tow. You can walk home. Come on, fellows, we’re insulted,” and he
stalked back into the tent.
“Come on, girls, or we’ll be late,” urged Mabel. “Have we got
everything?”
“If we haven’t we can’t carry any more,” declared Natalie. “I
wonder if I’ll do any work on my bead head-band now that I’ve
toted it along with me, and the loom, too,” and she regarded it
rather regretfully.
“Oh, we’ll have lots of time to make bead work,” said Alice. “It
won’t take us long to explore the old mill, and then we can pic-nic
and do as we please.”
“Then you don’t believe we’ll find anything?” asked Natalie.
“Not a blessed thing, my dear,” answered Alice, “except cobwebs,
with big, fat spiders in them——”
“Oh, you horrid thing!” cried Mabel. “I’ll not set foot in the old
place!” and she hung back.
“We’ll get a broom and brush them all down,” said Mrs. Bonnell.
“There are the boys beckoning to us. Hurry, my dears!”
 They had passed along the lake shore beyond the camp of Jack
and his chums, and were now approaching the We-Too aggregation
of tents, this being the name adopted by the young men who had
assisted in the search for Natalie that night. They had been friends
with the girls and their brothers since.
“My! you’re equipped for a long stay,” remarked Ford Armstrong,
one of the campers, as he saw the well-laden girls and their
guardian. “Let me take some of your bundles.”
“And whatever you do, don’t drop that basket!” cautioned Alice.
“It’s got eggs in it, and some of them may not be hard-boiled.”
“There are olives in here, so don’t you dare drop this,” added
Mabel, surrendering her bundle to Harry Watson.
“And you really want to stay around that old mill all day?”
questioned Ford, as he helped them into the waiting launch.
“Hush! Not so loud!” cautioned Mrs. Bonnell. “We don’t want our
boys to know about it, but we’re going to bait the ghost there you
see.”
“And here is some of the bait,” laughed Mabel, pointing to the
baskets of food.
“All right, we’ll keep your secret,” promised Wentworth Jones.
“What time shall we come back for you?”
“Before dark; or we’ll never speak to you again,” threatened Alice.
“Oh, but I thought, with the moonlight—” began Natalie.
“Natalie Fuller! if you want to stay around that spooky old mill
after dark you may!” exclaimed Marie, “but I’m not going to. It’s all
right in daylight, but when the shades of night begin falling fast, I
want to be in my own little tent. So don’t you boys fail to come
before dark.”
The gallant escort promised and then, observed by the envious
eyes of Jack and his chums, the Camp Fire Girls, and their new
friends, puffed away in the launch across the lake toward the old
mill.
 They reached it without incident, disembarked and were soon at
the ancient structure, their friends carrying up the lunch and other
impedimenta.
“And now we shall leave you to your fates,” said Ford Armstrong,
with mock heroics.
“And don’t forget about coming after us,” warned Mabel, shaking a
finger at him.
Laughingly the boys promised once more, and then departed in
their launch, rather wishing the girls had asked them to stay.
“Now we must begin our search!” declared Natalie. “We will work
a while and then rest, eat and string beads, and do some more
searching. I’m going to find that secret room!”
“Natalie will insist on that,” remarked Mabel. “Oh, what a scary
place!” she added, as she looked around the gloomy old mill.
“Hark!” called Marie softly.
“Oh, what is it?” demanded Alice, grasping the arm of Natalie.
“Don’t!” begged the other. “That’s my sore place—where the briars
scratched me.”
“Sillies! It isn’t anything but the wind rattling,” said Mrs. Bonnell.
“If you’re going to scream at every sound we might as well stop
now.”
“Oh, let’s begin!” cried Natalie. “I do so want to beat the boys at
their own game. Come on, I’ll lead the way,” and she darted toward
the stairs.
“Be careful,” warned the guardian, “you don’t want to sprain your
ankle again.”
“And those stairs aren’t any too safe,” added Marie.
But they managed to get up them in safety, and found themselves
in an upper story of the mill. There were remains of old machinery,
now rusted and broken, and big bins for the storage of grain.
The mill was a rambling structure, that seemed to have been built
on and added to from time to time. It had also served as a home for
the families of the various millers. There were passage-ways leading
from room to room, sometimes little flights of steps necessitated
because the floors were on different levels. But, as far as the girls
could see, there was no place for any substantial creature to hide.
“Though of course ghosts could stow themselves away in a rat
hole,” observed Mabel.
“Don’t say ghosts and rats up here,” begged Marie.
“Let’s go down stairs and look around,” suggested Natalie. “We’ll
make a fire, if we can find anything, and be cosy as we sit about it.
Then we can eat when we’re ready. Did you bring that box of candy,
Mabel?”
“I did—what’s left of it.”
“Oh! nearly five pounds gone since the first of the week!”
exclaimed Mrs. Bonnell. “Girls, your indigestions will be ruined!”
“Good!” laughed Alice.
Their search down stairs was no more fruitful. They passed
through room after room, where the grinding of various grist had
been done years ago. Here was more machinery, all in ruins. They
peered out at the moss-covered mill-wheel, broken and shattered,
below which was trickling a little stream of water.
But of ghosts, real or fancied, there was not a trace. There were
even no unusual noises, though Mabel remarked that night was the
time for them.
“Well, let’s make a fire,” suggested Natalie. “It’s damp and chilly in
here. The boys have left us enough wood,” she said, as they all got
back to the room where the fireplace was.
They kindled a little blaze, and were sitting about it, talking and
laughing. Mabel was getting out the box of candy when Natalie, who
was sitting nearest the chimney, raised her hand for silence.
They all listened.
“What is it?” whispered Mabel.
“Hush!” cautioned Natalie.
Then they all became aware of a faint, moaning cry. It was like
some one sobbing at a distance.
 The girls, with wide-opened eyes, looked at one another. Natalie
softly arose and leaned nearer the opening of the fireplace.
“Come here!” she whispered to her companions.
On tiptoes they stole to her side. They could now hear more
plainly the sobbing voice.
“It’s the ghost—crying!” whispered Natalie. “We have found it!”
 CHAPTER XXXI

THE SECRET ROOM

“What shall we do?”

“Let’s run!”
“Oh, if—the boys were only here!”
Thus three voices whispered. Natalie was so busy listening at the
chimney, turning her head this way and that, to better catch the
sound that came down the flue, that she did not speak.
“Girls, be sensible!” commanded Mrs. Bonnell in a low voice. “It
isn’t anything but the wind in the chimney.”
“It is not the wind,” said Natalie, softly. “Listen!”
Overcoming their natural eerie fears the Camp Fire Girls did listen.
The sobbing was fainter now.
“Girls!” exclaimed Natalie firmly, seeming to become imbued with
a new courage, “that’s some poor creature in trouble. We’ve got to
help!”
“But—but suppose it’s one of those criminals,” suggested Alice,
giving a glance over her shoulder.
“Criminals don’t cry—that way,” declared Natalie. “They aren’t
sorry enough to cry—until after they’re arrested.”
“But how can we help this—this person when he is up the
chimney?” asked Mabel.
“How do you know it’s a ‘he’?” asked Marie.
 “Well, call it the ghost, then,” admitted Mabel. “How are we going
to rescue the ghost from the chimney.”
“It isn’t in the chimney,” went on Natalie, who seemed to have
assumed charge of matters. “Only the sound comes down that way.
I understand it all now. The secret room is near the chimney. The
ghost is in the secret room.”
“She will have that secret room!” murmured Marie.
“There is some poor person in trouble,” went on Natalie. “Maybe
he fell and sprained its ankle and she can’t walk, just as I did.”
“Oh, what a beautiful mixture of personal pronouns!” laughed
Alice, and the laugh seemed to relieve the strain on the nerves of all
of them. “Well, Nat, what are your plans?”
“We must find that secret room.”
“Yes; but how?”
“Listen, girls. It must be near the chimney. Probably some
stovepipe hole leads into this flue, and the draught carried the sound
downward. All we have to do is to make another search upstairs
near where the chimney passes through.”
“Simple as a problem in geometry,” murmured Alice, who detested
the study. “Lead on, Nat!”
“Will you come?” asked breath-of-the-pine-tree, looking at her
companions.
“Well, I suppose it might be some one in trouble,” agreed Mrs.
Bonnell. “But— Oh, well, I guess there are enough of us,” and she
picked up from the floor a stout cudgel. “We had better arm
ourselves,” she added. “There may be——”
“Rats!” broke in Marie.
“She is fined a pound of candy for saying that!” exclaimed Natalie.
“Come on,” and she led the way.
Now that they had some definite plan of searching they felt more
assured of success. There were two upper stories to the old mill, but
the girls had given only a casual glance around the third one, as it
was so dark and gloomy that they did not fancy remaining in it. Now
it became practically certain that, if there was a secret room, it
would be on the third floor, for a look around the place where the
big chimney passed through the second floor, showed that there was
no room for a hidden recess.
“We’ve got to go up there,” said Natalie firmly, as they came to a
pause at the foot of the second flight of stairs.
“Hark!” cautioned Marie.
As they listened they heard again the sound of the crying voice.
“Who is there?” called Mrs. Bonnell sharply.
There was no answer.
Natalie said afterward that she did not know how she got the
courage to do it, but she started up the stairs, and the others, after
a moment of hesitation, followed. Natalie hurried on. She saw a
small window, through which the light streamed, filtering in between
cracks in the ancient shutter.
With the stick she carried, she shoved this back, letting in a beam
of sunlight. There was a flutter of wings, and something flew around
the heads of the Camp Fire Girls.
“Oh!” screamed Mabel and Alice.
“They are only bats!” called Mrs. Bonnell.
“Oh, but if they get in our hair!” murmured Mabel, crouching
down.
“It’s gone out of the window,” the Guardian assured them.
Natalie was busily scanning the wall near the chimney. The girls
stole to her side.
“Listen!” commanded Natalie in a whisper.
Faintly they heard a moan. It seemed to come from inside the big
chimney. Natalie took a step toward it. Her eyes roved over the
ancient paneling. One section seemed to be darker colored than the
rest.
Natalie pressed on this, hardly knowing why, for it bore no
semblance to a door. But she nearly stumbled and fell as the panel
unexpectedly gave way, and there was disclosed the secret room
they had been looking for.
 CHAPTER XXXII

HADEE

Natalie grasped the edges of the doorway so unexpectedly opened

before her, and clung there. The light shot into the secret room,
revealing a figure huddled up in one corner—a timid, shrinking form,
from which faint moans came.
“It’s a girl!” gasped Mrs. Bonnell. “The poor creature!”
The figure in the corner raised itself up, and stared at the
intruders.
“Water—water,” moaned the girl. “I am so sick!”
As the eyes of the Camp Fire Girls became more accustomed to
the semi-gloom of the room, they caught a glimpse of the gay colors
in the dress of the figure in the corner.
“It’s Hadee! The Gypsy!” gasped Natalie.
“Yes, I am Hadee,” murmured the girl. “You have found me. Oh, I
am so glad! I feared no one ever would. I thought I would die here,
and—my leg is broken!”
“Oh, you poor creature!” cried Mrs. Bonnell. “Girls, we must have
a doctor right away. Marie, run down to the shore and see if you can
find a boat anywhere about. Signal to them—wave your
handkerchief—scream!
“Mabel, see if you can get me some water—bring it in anything—
in some of the dishes—in our baskets. Natalie, get me some sticks I
can use for splints to bind up her leg until the doctor can get here.
Alice, you help me with—her,” and she motioned toward the Gypsy
girl.
Thus did the Guardian effectually assume charge of matters. It
was the best thing she could have done to take the minds of her
charges off the startling events that had happened in the last few
minutes.
“Which leg is it, dear?” asked Mrs. Bonnell, as she went over to
the figure in the corner. “I’ll try not to hurt you, but—I must look at
it.”
“The right one. I fell night before last as I was coming up the
stairs, but I managed to drag myself in here.”
“And you’ve been here alone ever since?” asked Natalie.
“Yes, and I thought I would die.”
Mrs. Bonnell was examining the broken leg. It was a simple
fracture, but considerable inflammation had set in from the neglect,
and when the injured leg was touched ever so gently there came a
moan of pain from the stricken girl.
Hadee had raised herself up on her elbow, while Mrs. Bonnell was
pouring cold water on the fracture and binding it up.
“Oh!” moaned the Gypsy girl, and then she fell back senseless.
“She’s dead!” gasped Mabel.
“Nonsense, it’s only a faint. Sprinkle some water on her face while
I finish binding up this leg,” said Mrs. Bonnell. “She’ll come to all
right. Loosen her dress at the neck.”
As Mabel did this something rolled out of the upper part of the
insensible girl’s garment. It was something that gleamed and
sparkled in the light.
“My mother’s diamond ring!” cried Mabel seizing it.
Hadee opened her eyes.
“I—was going to—give it back,” she murmured. “That is why—I
ran away from the—from the camp—so they wouldn’t take it.”
 “There now, don’t talk,” soothed Mrs. Bonnell. “You can tell us all
about it when you feel better. We’ll make you as comfortable as we
can until the doctor comes. I hope Marie can manage to find some
one to send.”
There was a tramping of feet on the floor below.
“Some one is coming!” cried Natalie.
“It’s the boys—our boys!” exclaimed Mabel. “Oh, how good!”
“They mustn’t come in here!” decided Mrs. Bonnell. “There has
been enough excitement for Hadee. I must keep her quiet. Natalie,
you and Mabel slip down and tell them what has happened. Then
one of you bring back some more water, and a little of the food. She
must be nearly famished.”
“I am—hungry,” admitted Hadee. “But I feel much better now, I
am so glad you—found me.”
“Don’t come up—we’re coming down, boys,” called Natalie, as she
and Mabel started for the stairs.
“What have you found?” demanded Jack, for it was he and his
chums who had come to the old mill.
“The ghost!” said Natalie. “It’s poor little Hadee—the girl who told
our fortunes that time—the girl who ran away from the Gypsy camp.
She’s hurt. Marie has gone for a doctor. How did you happen to
come here?”
“Oh, we got lonesome over in camp,” said Blake, “so we thought
we’d just take a run over here to say how—do.”
“I’m so glad you did!” exclaimed Natalie, with a grateful look at
him.
“I’ll take up some food and water,” spoke Mabel. “Then I’ll come
back. You might see if Marie has been able to signal any one, Phil,”
she said to her brother.
“Here’s Marie now,” spoke Jack, as the girl came flying into the
mill.
“Did you send for a doctor?” asked Natalie.
 “I have mother’s diamond ring back!” cried Mabel, holding up the
sparkling gem.
“Say, these girls beat anything for finding things!” declared Jack.
“Hadee had it,” explained Mabel. “I’m so glad.”
“What about the doctor?” asked Natalie.
“I met Old Hanson,” Marie said. “He said he’d go right back and
get one. Dr. Morse is at some house down the road now most
fortunately, and Old Hanson said he’d have him come here. I met
the hermit on the road as I was running to the lake shore.”
“Everything seems to be coming out for the best,” said Jack. “Now
let’s have some details.”
Natalie and Marie gave such as they knew to the boys, while
Mabel took up the food and water to Alice and Mrs. Bonnell, who
had remained with the Gypsy girl.
“But what is she doing in this old mill?” asked Blake. “And what
makes you think she is the ghost?”
“I don’t know why she is here,” said Natalie, “except that she ran
away from the Gypsy camp for some reason or other, and this was
the best place to hide.
“As for her being the ghost—here is your knife and match-box,
Blake. I found them in her room,” and she extended the articles to
him.
“Stung!” gasped Jack.
“And by a girl,” added Phil.
“So it was Hadee who stole down and took our things while we
were asleep,” murmured Blake.
There was the sound of wheels outside.
“Here’s the doctor!” exclaimed Natalie.
 CHAPTER XXXIII

RESTORATION

“Well, it isn’t as bad as it might be,” said Dr. Morse after he had
examined Hadee. “Of course it would have been better to have had
the bone set sooner, but there’s no great harm done. But I must get
her to some other place than this to work over her. I haven’t room
here.”
“Take her to our camp,” proposed Natalie.
“No, she wouldn’t ride well in a boat. I’ll just send Old Hanson
back for a farm wagon, and have him put a mattress in it. She can
ride on that as well as in an ambulance. I guess the Richardson’s will
take her in. They have plenty of room. I was just there on a call
when Hanson found me. Mr. Richardson has a little bilious attack.
This girl will be very comfortable there. His wife is a fine cook, and
they have hired help.”
Dr. Morse explained to Old Hanson what was wanted, and the
hermit started off after the wagon. Hadee was gotten downstairs,
and made as comfortable as possible.
The Camp Fire Girls were anxious to hear her story but Dr. Morse
would not let her talk.
“It will do later,” he said. “She has a slight fever, and I don’t want
any more inflammation in that leg than I can help.”
There was the sound of wheels down the road. A farm wagon
hove in sight, Old Hanson sitting on the seat beside the driver.
 As Hadee was carried out the old hermit, who had been hovering
about caught a glimpse of her face. He started, took a few steps
forward, clutched at his heart and cried:
“Girl—girl! Who was your mother?”
“Hush! We mustn’t have any excitement,” warned the doctor,
thinking the old man’s mind, never considered strong, was leading
him astray.
“Her mother! Her mother!” cried Hanson. “I can see her mother’s
face! She is my daughter’s child—I know it. She has been restored to
me! Oh, child, where is your mother?”
“Now—now!” protested Dr. Morse. “You can’t——”
But Hanson had pushed his way forward, and was now beside the
wagon, in which Hadee lay on the mattress. There was a flush on
her pale face.
“What does he mean?” she asked slowly.
“I don’t know,” answered Dr. Morse testily.
“I’ll explain!” said Hanson eagerly. “I’m not crazy—let me talk.
Everybody doesn’t know my story—some around here do—you do,
Dr. Morse. I tell you that girl is my daughter’s child. Tell me,” he
appealed to Hadee, “do you know who your mother and father
were?”
“They are both dead,” she said softly, “but I have been told that
my mother was not a Gypsy.”
“Of course she was not!” cried Hanson. “She was my daughter,
and she ran away and married a Gypsy—a handsome chap he was,
too. It broke my heart—it made me lose all hope in life. But now my
granddaughter is restored to me. And so you were the ghost of the
mill?”
“I hid there after I ran away,” said Hadee. “I wouldn’t do as they
wanted me to——”
“You had better not talk, dear,” said Mrs. Bonnell gently placing
her hand on the girl’s hot forehead.
 “Oh, well, maybe she’ll feel better to have it over with,” said Dr.
Morse resignedly. “Are you sure about this, Hanson?”
“Positive. She is the image of my lost daughter. She must have a
birth-mark on her neck—all the Rossmore’s had it.”
“There is a mark there,” said Natalie. “I saw it.”
“And are you really my grandfather?” murmured Hadee.
“I sure am, girl.”
“Then I’m not a Gypsy.”
“Only half; and you won’t be that much any more. You’re coming
to live with me. I’ve got a little money put away, and we’ll live for
each other now. I couldn’t keep my daughter—maybe I was too
harsh with her—but I won’t be with you, Hadee,” and he gazed
lovingly at her.
“Now, this will just have to stop!” declared Dr. Morse firmly. “I
insist on the patient being kept quiet. She may be your daughter’s
child, Hanson, but if you want to keep her with you don’t set her
into more of a fever than she has already. Drive on, Pete. I’ll follow
in my carriage. See you later,” he called to the Camp Fire Girls and
their boy friends.
“Well, what do you know about this?” gasped Jack, as the carriage
of the doctor and the other wagon disappeared down the road. “You
girls have certainly beaten us all to pieces! You discover the ghost,
get back the diamond ring and restore a long-lost child to her
grandfather. Wow!”
“Tell us all about it,” demanded Blake.
“We can’t until we hear Hadee’s story,” said Natalie.
And they heard that the next day. The broken leg had been set,
and put in a plaster cast. Then, with the permission of Dr. Morse,
Hadee, sitting up in bed in the Richardson home, told her story.
She had been with the Gypsy band all her life, traveling about the
country. When she became old enough her mother had told her
something of the tragedy of her own story. Hanson Rossmore’s
daughter had met a handsome Gypsy lad, and fallen in love with
him. Her father opposed her, but she ran away and was legally
married to him. Then, feeling unable to return to her father, the girl
took up a life with the nomads. Hadee was the only child, and when
her parents died she remained with the tribe. She became one of
the best fortune tellers.
It was Hadee who called at the Anderson home that night the ring
disappeared.
“But I did not take it,” she said. “It fell down from the table into
the folds of my sash. I discovered it when I got back to camp, but
Neezar, who calls herself our queen, would not let me take it back.
Then the camp was quickly moved away, and I did not have a
chance to return—the diamond.
“I kept it with me, however, refusing to give it up, though they
tried to make me. Life was very hard. Then came the taking of the
farmer’s wife’s pocket-book. I did not do that, it was another of our
band who used my name. When I heard of the trouble I tried to run
away, but they watched me too close.
“Finally I got the chance, and, I came to this old mill. I stayed
here nights and went out by day, as I could, to get food. I guess I
took something from my grandfather here, and from your camp,”
she said, with a shy smile at the boys. “I needed things. There was a
handkerchief——”
“Mine—but you may keep it,” said Blake.
“And the canoe,” went on Hadee. “The boat I came in drifted
away.”
“Jove! It’s good to get that canoe back,” said Jack.
“It’s hidden back of the mill,” went on the Gypsy girl. “I have
stayed here ever since.”
“And was it your face I saw at the window?” asked Natalie.
“Yes,” assented Hadee. “I was afraid you would come and find me
that time. Then I found the secret room, and stayed there. I stole
softly down in the night when the boys were here, and took some of
their things when they were asleep,” she said shyly. “I needed
them.”
“Oh, we were easy marks,” admitted Phil with a laugh.
“I needed the knife and matches,” the Gypsy girl went on, “but I’ll
give them back. The food I ate.”
“You’re welcome to it,” said Blake kindly.
“I also took a few things from your camp,” she said to the girls.
“The olives and sardines?” asked Marie.
Hadee nodded.
“I was sorry when—when my grandfather moved out. I didn’t
know he was any relative,” she resumed. “I didn’t mean to scare
him, but I suppose I did. I cried because I was lonesome and
afraid.”
“That’s all right!” exclaimed Hanson Rossmore. “As long as I’ve got
some kin now, I don’t mind. I’m going to sell the old mill—I’ve got
an offer for the property, and we’ll live together where nothing will
remind us of it—Ethel Rose.”
“Ethel!” exclaimed Natalie. They could all see how much Natalie
resembled the Gypsy girl.
“Yes, I’m going to call her that,” said the old man. “I don’t want
any more Gypsy names.”
“Well, I guess that explains everything,” said Jack. “So there was
no ghost after all.”
“No. And Natalie proved it!” declared Marie. “Oh, you dear girl!”
and she put her arms around her chum.
“Let’s get back to camp and have a celebration,” proposed Jack.
“We’ll have enough to talk about for a month.”
Hadee, or Ethel Rose Rossmore, to give her the name she was
thenceforth to bear, rapidly recovered from her accident, and she
and her grandfather made arrangements to board in the village until
he could dispose of his property. The Gypsy camp was broken up, its
members going whither no one knew. There were many complaints
about them for small thefts, and arrests had been planned but too
late.
After all the excitement quiet days followed. There were Council
meetings and camp-fires, walks in the woods and cruises on the
lake, when many songs were sung. Cora, Gertrude, Edna, Sadie and
Margaret also paid a visit to the woods.
Mabel telegraphed the good news of the finding of the diamond
ring to her mother, and the boys found their missing canoe and
lantern where the Gypsy girl had left them.
“And so the mystery of the old mill is settled,” remarked Blake, as
he and Natalie walked along the lake shore one day.
“Yes. It was like most ghosts—easily accounted for when you go
at it right.”
“But if it hadn’t been for you it might never have been solved.”
“Oh, some one would have found poor little Hadee if I hadn’t.”
“Will you come over to the Point and dance to-night?” asked
Blake, after a pause.
“Yes, if the others go. We won’t have many more chances. We are
going to break camp next week.”
“So are we. Hasn’t it been a glorious summer?”
“Indeed, yes. All the girls are delighted with the Camp Fire idea.
They are talking now of a winter in the woods.”
“Why not?” asked Blake. “A log cabin is the best place ever, in the
snow.”
“Perhaps we may,” assented Natalie, and as she and Blake strolled
on through the spicy woods, some one called:
“Wo-he-lo! Dogwood camp! Natalie!”
“They want me to come back,” said Natalie, softly.
“Don’t go yet,” begged Blake, and Natalie stayed.

THE END.
 The next volume of this series will be entitled: “Camp Fire Girls on
The Ice; Or, the Mystery of a Winter Cabin.”
 Boy Inventors’ Series
The author knows these subjects from a practical standpoint. Each
book is printed from new plates on a good quality of paper and
bound in cloth. Each book wrapped in a jacket printed in colors.
Price 60c each
1 Boy Inventors’ Wireless Triumph
2 Boy Inventors and the Vanishing Gun
3 Boy Inventors’ Diving Torpedo Set
4 Boy Inventors’ Flying Ship
5 Boy Inventors’ Electric Ship
6 Boy Inventors’ Radio Telephone

The “How-to-do-it” Books

These books teach the use of tools; how to sharpen them; to
design and layout work. Printed from new plates and bound in cloth.
Profusely illustrated. Each book is wrapped in a printed jacket.
Price $1.00 each
1 Carpentry for Boys
2 Electricity for Boys
3 Practical Mechanics for Boys

For Sale by all Book-sellers, or sent postpaid on receipt of the

above price.
M · A · DONOHUE · & · COMPANY
711 · SOUTH · DEARBORN · STREET · · CHICAGO
 VICTORY BOY SCOUT SERIES
Stories by writer who possesses a thorough knowledge of this
subject. Handsomely bound in cloth; colored jacket wrapper.
1
The Campfires of the Wolf Patrol

2
Woodcraft; or, How a Patrol Leader Made Good

3
Pathfinder; or, the Missing Tenderfoot

4
Great Hike; or, The Pride of Khaki Troop

5
Endurance Test; or, How Clear Grit Won the Day

6
Under Canvas; or, the Search for the Carteret Ghost

7
Storm-bound; or, a Vacation among the Snow Drifts

8
Afloat; or, Adventures on Watery Trails

9
Tenderfoot Squad; or, Camping at Raccoon Bluff

10
Boy Scouts in an Airship

11
Boy Scout Electricians; or, the Hidden Dynamo
 12
Boy Scouts on Open Plains
For Sale by all Book-sellers, or sent postpaid on receipt of 40 cents
M · A · DONOHUE · & · COMPANY
711 · SOUTH · DEARBORN · STREET · · CHICAGO
*** END OF THE PROJECT GUTENBERG EBOOK THE CAMP FIRE
GIRLS; OR, THE SECRET OF AN OLD MILL ***

Updated editions will replace the previous one—the old editions

will be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States
copyright in these works, so the Foundation (and you!) can copy
and distribute it in the United States without permission and
without paying copyright royalties. Special rules, set forth in the
General Terms of Use part of this license, apply to copying and
distributing Project Gutenberg™ electronic works to protect the
PROJECT GUTENBERG™ concept and trademark. Project
Gutenberg is a registered trademark, and may not be used if
you charge for an eBook, except by following the terms of the
trademark license, including paying royalties for use of the
Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such
as creation of derivative works, reports, performances and
research. Project Gutenberg eBooks may be modified and
printed and given away—you may do practically ANYTHING in
the United States with eBooks not protected by U.S. copyright
law. Redistribution is subject to the trademark license, especially
commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the

free distribution of electronic works, by using or distributing this
work (or any other work associated in any way with the phrase
“Project Gutenberg”), you agree to comply with all the terms of
the Full Project Gutenberg™ License available with this file or
online at www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand,
agree to and accept all the terms of this license and intellectual
property (trademark/copyright) agreement. If you do not agree
to abide by all the terms of this agreement, you must cease
using and return or destroy all copies of Project Gutenberg™
electronic works in your possession. If you paid a fee for
obtaining a copy of or access to a Project Gutenberg™
electronic work and you do not agree to be bound by the terms
of this agreement, you may obtain a refund from the person or
entity to whom you paid the fee as set forth in paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only

be used on or associated in any way with an electronic work by
people who agree to be bound by the terms of this agreement.
There are a few things that you can do with most Project
Gutenberg™ electronic works even without complying with the
full terms of this agreement. See paragraph 1.C below. There
are a lot of things you can do with Project Gutenberg™
electronic works if you follow the terms of this agreement and
help preserve free future access to Project Gutenberg™
electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright
law in the United States and you are located in the United
States, we do not claim a right to prevent you from copying,
distributing, performing, displaying or creating derivative works
based on the work as long as all references to Project
Gutenberg are removed. Of course, we hope that you will
support the Project Gutenberg™ mission of promoting free
access to electronic works by freely sharing Project Gutenberg™
works in compliance with the terms of this agreement for
keeping the Project Gutenberg™ name associated with the
work. You can easily comply with the terms of this agreement
by keeping this work in the same format with its attached full
Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside
the United States, check the laws of your country in addition to
the terms of this agreement before downloading, copying,
displaying, performing, distributing or creating derivative works
based on this work or any other Project Gutenberg™ work. The
Foundation makes no representations concerning the copyright
status of any work in any country other than the United States.

1.E. Unless you have removed all references to Project

Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project
Gutenberg™ work (any work on which the phrase “Project
Gutenberg” appears, or with which the phrase “Project
Gutenberg” is associated) is accessed, displayed, performed,
viewed, copied or distributed:

This eBook is for the use of anyone anywhere in the United

States and most other parts of the world at no cost and
with almost no restrictions whatsoever. You may copy it,
give it away or re-use it under the terms of the Project
Gutenberg License included with this eBook or online at
www.gutenberg.org. If you are not located in the United
States, you will have to check the laws of the country
where you are located before using this eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is

derived from texts not protected by U.S. copyright law (does not
contain a notice indicating that it is posted with permission of
the copyright holder), the work can be copied and distributed to
anyone in the United States without paying any fees or charges.
If you are redistributing or providing access to a work with the
phrase “Project Gutenberg” associated with or appearing on the
work, you must comply either with the requirements of
paragraphs 1.E.1 through 1.E.7 or obtain permission for the use
of the work and the Project Gutenberg™ trademark as set forth
in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is

posted with the permission of the copyright holder, your use and
distribution must comply with both paragraphs 1.E.1 through
1.E.7 and any additional terms imposed by the copyright holder.
Additional terms will be linked to the Project Gutenberg™
License for all works posted with the permission of the copyright
holder found at the beginning of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files
 containing a part of this work or any other work associated with
Project Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute

this electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the
Project Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if
you provide access to or distribute copies of a Project
Gutenberg™ work in a format other than “Plain Vanilla ASCII” or
other format used in the official version posted on the official
Project Gutenberg™ website (www.gutenberg.org), you must,
at no additional cost, fee or expense to the user, provide a copy,
a means of exporting a copy, or a means of obtaining a copy
upon request, of the work in its original “Plain Vanilla ASCII” or
other form. Any alternate format must include the full Project
Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™
works unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or

providing access to or distributing Project Gutenberg™
electronic works provided that:

• You pay a royalty fee of 20% of the gross profits you derive
from the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty