Python on Debian from sourcecode update (altinstalling development branch 3.2 rc2)

Just though I’d post an update on my earlier post about installing Python 3.1.3 from source code on Debian Linux.

Although I wouldn’t encourage you to use it as your main environment some of you may be interested in trying out the latest development branch of Python to test new features or to help with finding and reporting bugs.

As of writing this, the lattest release is 3.2 rc2.

If you’d like to test out the development branch without interfering with your main install of Python you can use Pythons ‘altinstall’ feature.

Follow my previous guide on compiling Python 3.1.3 and when you reach the final stage instead of running;

debian:/#make && make install

Run the following instead;  (please note you will need appropriate permission to write to system folders to run either ‘make install’ or ‘make altinstall’.)

debian:/#make && make altinstall

Instead of installing the Python binary under the default name of  ‘python3’, ‘altinstall’ will incorporate the full version number in to the binary name leaving the original stable branch binary undisturbed.

You can run the ‘altinstall’ by typing;


Link to my previous guide:
Installing Python 3.1.3 from source, the full works (Debian Linux 5.x lenny)

Installing Python 3.1.3 from source, the full works (Debian Linux 5.x lenny)

So previously I’d posted about getting Python 3.1 installed from source on OS X. This time I’ll be talking about installing Python 3.1.3 on Debian Linux 5.x lenny.

Although this guide is specific to Debian lenny it should be applicable to other Linux distros’ based on Debian such as Ubuntu and can probably be adapted to work on other distros’.

First you’ll need to download the Python source code, you can do so by following this link. Python 3.1.3

You can also download and uncompress the file by running the following commands from the terminal

debian:/# wget

debian:/# tar -xvf ./Python-3.1.3.tar.bz2

To build programs from source you’ll need to install gcc and associated files which can be done as follows;

debian:/# apt-get install build-essential

The first time I tried to compile the Python source-code I was presented with the following output….

Python build finished, but the necessary bits to build these modules were not found:
_curses            _curses_panel      _dbm
_gdbm              _hashlib           _sqlite3
_ssl               _tkinter           bz2
readline           zlib
To find the necessary bits, look in in detect_modules() for the module’s name.

I should expect on most fairly default installs of Debian you’ll also be missing the same components. If you wanted you could run Python as it is but you’ll be missing many important features.

If you follow the rest of this guide I’ll show you how to install all the required files for a fully featured Python build.

To install the missing components you should run the following from the terminal;

debian:/# apt-get install zlib1g-dev libncurses5-dev libreadline5-dev libssl-dev libbz2-dev libsqlite3-dev tk-dev libgdbm-dev

Now you have all the required components we can try to compile the code.

Navigate through to the directory where you extracted the Python files and run the following.

debian:/#./configure && make && make install

If everything has gone well Python 3.1.3 should now be compiled and installed.

you can run the Python interpreter by running the following;


I hope this guide has been helpful. Happy coding.


I’ve recently started playing one of the wargames called ‘IO’ hosted at

If you’ve not heard of them before they host a number of games to test your skills at computer hacking, programming and your in-depth knowledge of how computer systems work.

Each game is hosted on it own server which you access via ssh. At the begging you are provided with the username and password for level1. It is your task to complete the challenge set for you in that level. Once completed you will have escalated your user privileges to that of the subsequent level, allowing you to read a file in the next levels home folder containing it’s password. Once retrieved you can log out and back in with the next levels username and password and attempt the following challenge.
Although for a seasoned pro’ the first few levels of ‘IO’ are probably considered easy they  are still tough enough that significant knowledge is required to complete them.

The first level consists of a program which asks you to enter a password. Depending on your input this will then either output “Fail.” or “Win” along with a new shell running as level2 privileges.

The aim of this task is to analyse this executable  file and extract the password string contained within. I won’t reveal the solution but one approach would be to debug the program with gdb, find the code which does the string comparison between your entry and the correct password and then to read the password stored at the memory address. The other approach is much quicker but maybe slightly defeats the point of the level as an introduction to gdb.

The second level consists of a programming  and maths challenge. The level2 program asks for a password which consists of the results of a range of numbers in a specified series, joined together one after the other as a string.

#level2@io:~$ /levels/level02#Append the 39th through 42nd numbers in the sequence as a string and feed it to# this binary via argv[1]. 1, 2, 3, 5, 8, 13, 21…#The 4th through the 7th numbers would give you 581321

I completed this by creating a python script to create the series of numbers needed, concatenate the appropriate ones together in to a string and to give that as an argument to the level2 executable. Win.

For tasks like this you may find it quicker to do the codeing on your own machine and then upload to the io server. To do this you can use the ‘scp’ command from the terminal. (you can download scp for windows from the putty website).  First create a directory in the io server /tmp folder.

Give it a hard to guess unique name as although directory listing is restricted on the server and others can’t see your folder name if you use an easily guessable directory name others could still access it by chance.

While logged in to the io server type, ‘mkdir /tmp/mydirname’. Replacing mydirname with your unique directory name.

Then from the terminal on your machine you can upload files as such;

scp -P 2224 ~/files/

The command is broken down as follows, ‘-P 2224’ specifies the port number as io does not run on the standard ssh port number, ‘~/files/’ is the location of my file to upload on my machine, ‘level2’ is the username with which I want to connect to the remote machine, is the remote server address, the ‘:’ separates the remote server address from the final part which is the location on the remote machine to store my file.

I’ve just started the 3rd level and upon running the level3 program it instantly seg’ faults. Here in lies the challenge. Hopefully this should keep me occupied for a while.

To join in yourself connect to the io server like so;

ssh -p2224
password: level1

(linux and os x)

From windows you will need to download an ssh client like this… (putty)

Here is a snippet from the ./README file you can view when you connect.

Welcome to the IO wargame at the smash the stack network.

You have done the hard part and found our realm. Here we allow you to play with classic, and up to date vulnerabilities in software. Since many of you may be unfamiliar with how a wargame works, we will give a quick introduction in the following paragraphs. If you are an experienced wargamer, all this will be familiar to you so you might want to skip to the last section which iterates the specifics of this game.
The problems will be presented to you as a series of programs. Which will vary in size from a few lines containing an obvious bug, over to larger, and finally real software. The point is always to exploit this bug in such a way that you can grab control of the programs execution and make it do what you want. For example you will often want it to drop a shell.
The way this works is that the binaries are SUID binaries ( This means in short that they run as a different user than you do. The point is to grab control of the program and make it execute your own shellcode. Which will in turn allow you to read the password for the next level.

Once you have completed each level you can add your ‘tag’ to an html file which can be accessed from the wargame website. This is your proof to the world that you completed the level. As a word of warning do not view the tag page in your browser with JavaScript enabled. Remember this file could contain anything previous level winners have entered so it could have potentially dangerous or annoying consequences for anyone who fails to heed this warning.

If you’d like to see proof that I completed level 1 & 2 so far you can look for the tag ‘retrop’ in the respective tag pages. Once again do not click these links with JavaScript enabled. Level 2 tags (do not click without reading warning), Level 3 tags (Do not click before reading warning).

TKinter – Delving in to the world of Python GUI’s.

So today I’ve set myself the task of getting to grips with GUI’s in Python.

I’ve started as I always do with a google search and I now have about 50 tabs open, waiting for me to pluck up the courage to start delving through the mass of information and trying to sort the cruft from invaluable.

So far I’ve found that I can forget about wxWidgets as there is no sign of Python 3 integration in the near future. This leaves me it seems with only TKinter and possibly QT4/PyQT…….

Anyone know different?

Stay tuned for my next blog, where I’ll detail what I’ve found and which websites I found useful.

I’ll also soon blog about why I’ve decided to go with Python 3, rather than the more mainstream and accepted 2.xx.