Coding for Penetration Testers
eBook - ePub

Coding for Penetration Testers

Building Better Tools

Jason Andress, Ryan Linn

Share book
  1. 336 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Coding for Penetration Testers

Building Better Tools

Jason Andress, Ryan Linn

Book details
Book preview
Table of contents
Citations

About This Book

Coding for Penetration Testers: Building Better Tools, Second Edition provides readers with an understanding of the scripting languages that are commonly used when developing tools for penetration testing, also guiding users through specific examples of custom tool development and the situations where such tools might be used.

While developing a better understanding of each language, the book presents real-world scenarios and tool development that can be incorporated into a tester's toolkit. This completely updated edition focuses on an expanded discussion on the use of Powershell, and includes practical updates to all tools and coverage.

  • Discusses the use of various scripting languages in penetration testing
  • Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
  • Provides a primer on scripting, including, but not limited to, web scripting, scanner scripting, and exploitation scripting
  • Includes all-new coverage of Powershell

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on ā€œCancel Subscriptionā€ - itā€™s as simple as that. After you cancel, your membership will stay active for the remainder of the time youā€™ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoā€™s features. The only differences are the price and subscription period: With the annual plan youā€™ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Coding for Penetration Testers an online PDF/ePUB?
Yes, you can access Coding for Penetration Testers by Jason Andress, Ryan Linn in PDF and/or ePUB format, as well as other popular books in Informatique & Langues de programmation. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2016
ISBN
9780128054734
Edition
2
Topic
Informatique
Subtopic
Langues de programmation
Chapter 1

Introduction to command shell scripting

Abstract

In this chapter, we talk about shells, in the sense of the text-based interfaces we use to communicate with operating systems. UNIX, Linux, and OS X, as well as most UNIX-like operating systems, tend to work on the same general principles for purposes of shell scripting, and make use of many common programming concepts such as data structures, variables, control statements, if-then clauses, and while loops. In Microsoft operating systems, we can find many similar shell scripting tools as well. In Windows, we can carry out commands and write scripts using the generic shells command.com and CMD.exe, the PowerShell shell, and add-on tools such as Cygwin to give us access to bash on Windows, just to name a few.

Keywords

Shells; UNIX; LINUX; OS X; Bash; batch; Powershell
Information in This Chapter
ā€¢ On Shell Scripting
ā€¢ UNIX, Linux, and OS X Shell Scripting
ā€¢ Bash Basics
ā€¢ Putting It All Together With bash
ā€¢ Windows Scripting
ā€¢ PowerShell Basics
ā€¢ Putting It All Together With PowerShell
Shell scripts allow penetration testers to do things like string together complex commands, develop tools, automate processes, and manipulate filesā€“all while using a basic set of development resources. When penetration testers are attacking an environment, they cannot always choose their tools and sometimes they cannot install tools or utilities on a system. In such cases, being able to develop tools from native scripting resources can mean the difference between failure and success on a penetration test. This chapter discusses some of the basics of how to use the shells that currently exist in the UNIX, Linux, Mac OS X, and Windows operating systems. The chapter concludes with a detailed explanation of how to build port scanning tools using shell scripting languages for UNIX-like operating systems and Microsoft operating systems.
Shell scripts can be useful for a great many things in the penetration testing world, in the system administration world, in the network world, and in almost any area that depends on computing technology to function. Shell scripts allow us to string together complex sets of commands, develop tools, automate processes, manipulate files, and more, while using a very basic set of development resources.
Particularly in penetration testing, the ability to write shell scripts can be a highly necessary skill.

On Shell Scripting

Unlike any programming language, we might choose to use, or any development tools we might like to have access to, we can almost always depend on some sort of shell being present on a system. While we may not always have access to the particular flavor of shell we like, there will usually be something present we can work with.

What Is a Shell?

A shell is the interface between the user and the operating system, allowing us to run programs, manipulate files, and perform a number of other operations. All operating systems use a shell of one type or another, some of them graphical and some of them text-based. Many operating systems provide access to both graphical and nongraphical shells, and each is useful in its own way.
A shell might consist of a graphical user interface (GUI), as in the case of the Microsoft Windows desktop interface, and Gnome or KDE on Linux. Such graphical shells are convenient, as they allow us to use fancy graphical menus, show us colorful icons to represent files, and allow us to interact with items by clicking them with a mouse.
Text-based shells, such as that shown in Fig. 1.1, allow us to communicate with the operating system via a variety of commands and features built into the shell, as well as running other programs or utilities. Text-based shells are the ancestral user interface of many operating systems and still enjoy a great following today among the technically inclined.
image

Figure 1.1 A text-based shell.
On some operating systems, such as Windows, we are likely to find only the built-in graphical and text-based shells, although we may potentially find more added by a particularly technical user. On UNIX-like operating systems, such as the many varieties of UNIX and Linux, or OS X, we may find a wide variety of graphical and text shells. This broad choice of interface is very common on such operating systems, and we may find that the users or administrators of the system have customized it heavily in order to suit their particular tastes. Commonly, however, we will find at least Gnome or KDE as a graphical shell and bash as a text-based shell. For purposes of penetration testing, text-based shells tend to be the more useful for us to access.

What Is a Script?

A script, short for scripting language, is a programming language like any other, and may be similar in nature to other languages such as C++ or Java. The primary difference between a scripting language and other programming languages is that a program written in a scripting language is interpreted rather than compiled.
When we look at a traditional programming language, such as C++, the text we write that defines the commands we want to run is processed through a compiler and turned into machine code that is directly executable by the kernel/CPU. The resultant file is not human-readable. Any changes to our commands mean we have to send the changed text through the compiler again, resulting in a completely new executable. In interpreted languages, the text we create that contains our commands is read by an interpreter that does the conversion to machine code itself, as it is running the script. The text here is still human-readable and does not have to be recompiled if a change is made.
Normally, scripting languages have their own interpreters, so we need to install a separate interpreter for Python, another for Ruby, and so on. Shell scripts are a bit of a special case, as the scripts are interpreted using the shell itself, and the interpreter is already present as part of the shell.
Note
The various languages we discuss in the course of this book, including shell scripts, Python, Perl, Ruby, and JavaScript, are all interpreted languages. With many scripting languages, multiple interpreters are available from different vendors, often with somewhat different behaviors and sets of features. Additionally, different versions of the same interpreter from the same vendor may substantially change the way a given script functions, or render it nonworking entirely.
Scripting languages are used daily in the execution of many tasks. We can see scripting languages at use in printers; in the case of the Printer control language (PCL) created by Hewlett-Packard [1]; in JavaScript, PHP, and the many others th...

Table of contents