eBook - ePub
Coding for Penetration Testers
Building Better Tools
Jason Andress, Ryan Linn
This is a test
Condividi libro
- 336 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Coding for Penetration Testers
Building Better Tools
Jason Andress, Ryan Linn
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Coding for Penetration Testers: Building Better Tools, Second Edition provides readers with an understanding of the scripting languages that are commonly used when developing tools for penetration testing, also guiding users through specific examples of custom tool development and the situations where such tools might be used.
While developing a better understanding of each language, the book presents real-world scenarios and tool development that can be incorporated into a tester's toolkit. This completely updated edition focuses on an expanded discussion on the use of Powershell, and includes practical updates to all tools and coverage.
- Discusses the use of various scripting languages in penetration testing
- Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
- Provides a primer on scripting, including, but not limited to, web scripting, scanner scripting, and exploitation scripting
- Includes all-new coverage of Powershell
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Coding for Penetration Testers è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Coding for Penetration Testers di Jason Andress, Ryan Linn in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Informatique e Langues de programmation. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Chapter 1
Introduction to command shell scripting
Abstract
In this chapter, we talk about shells, in the sense of the text-based interfaces we use to communicate with operating systems. UNIX, Linux, and OS X, as well as most UNIX-like operating systems, tend to work on the same general principles for purposes of shell scripting, and make use of many common programming concepts such as data structures, variables, control statements, if-then clauses, and while loops. In Microsoft operating systems, we can find many similar shell scripting tools as well. In Windows, we can carry out commands and write scripts using the generic shells command.com and CMD.exe, the PowerShell shell, and add-on tools such as Cygwin to give us access to bash on Windows, just to name a few.
Keywords
Shells; UNIX; LINUX; OS X; Bash; batch; Powershell
Information in This Chapter
• On Shell Scripting
• UNIX, Linux, and OS X Shell Scripting
• Bash Basics
• Putting It All Together With bash
• Windows Scripting
• PowerShell Basics
• Putting It All Together With PowerShell
Shell scripts allow penetration testers to do things like string together complex commands, develop tools, automate processes, and manipulate files–all while using a basic set of development resources. When penetration testers are attacking an environment, they cannot always choose their tools and sometimes they cannot install tools or utilities on a system. In such cases, being able to develop tools from native scripting resources can mean the difference between failure and success on a penetration test. This chapter discusses some of the basics of how to use the shells that currently exist in the UNIX, Linux, Mac OS X, and Windows operating systems. The chapter concludes with a detailed explanation of how to build port scanning tools using shell scripting languages for UNIX-like operating systems and Microsoft operating systems.
Shell scripts can be useful for a great many things in the penetration testing world, in the system administration world, in the network world, and in almost any area that depends on computing technology to function. Shell scripts allow us to string together complex sets of commands, develop tools, automate processes, manipulate files, and more, while using a very basic set of development resources.
Particularly in penetration testing, the ability to write shell scripts can be a highly necessary skill.
On Shell Scripting
Unlike any programming language, we might choose to use, or any development tools we might like to have access to, we can almost always depend on some sort of shell being present on a system. While we may not always have access to the particular flavor of shell we like, there will usually be something present we can work with.
What Is a Shell?
A shell is the interface between the user and the operating system, allowing us to run programs, manipulate files, and perform a number of other operations. All operating systems use a shell of one type or another, some of them graphical and some of them text-based. Many operating systems provide access to both graphical and nongraphical shells, and each is useful in its own way.
A shell might consist of a graphical user interface (GUI), as in the case of the Microsoft Windows desktop interface, and Gnome or KDE on Linux. Such graphical shells are convenient, as they allow us to use fancy graphical menus, show us colorful icons to represent files, and allow us to interact with items by clicking them with a mouse.
Text-based shells, such as that shown in Fig. 1.1, allow us to communicate with the operating system via a variety of commands and features built into the shell, as well as running other programs or utilities. Text-based shells are the ancestral user interface of many operating systems and still enjoy a great following today among the technically inclined.
On some operating systems, such as Windows, we are likely to find only the built-in graphical and text-based shells, although we may potentially find more added by a particularly technical user. On UNIX-like operating systems, such as the many varieties of UNIX and Linux, or OS X, we may find a wide variety of graphical and text shells. This broad choice of interface is very common on such operating systems, and we may find that the users or administrators of the system have customized it heavily in order to suit their particular tastes. Commonly, however, we will find at least Gnome or KDE as a graphical shell and bash as a text-based shell. For purposes of penetration testing, text-based shells tend to be the more useful for us to access.
What Is a Script?
A script, short for scripting language, is a programming language like any other, and may be similar in nature to other languages such as C++ or Java. The primary difference between a scripting language and other programming languages is that a program written in a scripting language is interpreted rather than compiled.
When we look at a traditional programming language, such as C++, the text we write that defines the commands we want to run is processed through a compiler and turned into machine code that is directly executable by the kernel/CPU. The resultant file is not human-readable. Any changes to our commands mean we have to send the changed text through the compiler again, resulting in a completely new executable. In interpreted languages, the text we create that contains our commands is read by an interpreter that does the conversion to machine code itself, as it is running the script. The text here is still human-readable and does not have to be recompiled if a change is made.
Normally, scripting languages have their own interpreters, so we need to install a separate interpreter for Python, another for Ruby, and so on. Shell scripts are a bit of a special case, as the scripts are interpreted using the shell itself, and the interpreter is already present as part of the shell.
Scripting languages are used daily in the execution of many tasks. We can see scripting languages at use in printers; in the case of the Printer control language (PCL) created by Hewlett-Packard [1]; in JavaScript, PHP, and the many others th...