Coding for Penetration Testers
eBook - ePub

Coding for Penetration Testers

Building Better Tools

Jason Andress,Ryan Linn

  1. 336 páginas
  2. English
  3. ePUB (apto para móviles)
  4. Disponible en iOS y Android
eBook - ePub

Coding for Penetration Testers

Building Better Tools

Jason Andress,Ryan Linn

Detalles del libro
Vista previa del libro
Índice
Citas

Información del libro

Coding for Penetration Testers: Building Better Tools, Second Edition provides readers with an understanding of the scripting languages that are commonly used when developing tools for penetration testing, also guiding users through specific examples of custom tool development and the situations where such tools might be used.

While developing a better understanding of each language, the book presents real-world scenarios and tool development that can be incorporated into a tester's toolkit. This completely updated edition focuses on an expanded discussion on the use of Powershell, and includes practical updates to all tools and coverage.

  • Discusses the use of various scripting languages in penetration testing
  • Presents step-by-step instructions on how to build customized penetration testing tools using Perl, Ruby, Python, and other languages
  • Provides a primer on scripting, including, but not limited to, web scripting, scanner scripting, and exploitation scripting
  • Includes all-new coverage of Powershell

Preguntas frecuentes

¿Cómo cancelo mi suscripción?
Simplemente, dirígete a la sección ajustes de la cuenta y haz clic en «Cancelar suscripción». Así de sencillo. Después de cancelar tu suscripción, esta permanecerá activa el tiempo restante que hayas pagado. Obtén más información aquí.
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Coding for Penetration Testers un PDF/ePUB en línea?
Sí, puedes acceder a Coding for Penetration Testers de Jason Andress,Ryan Linn en formato PDF o ePUB, así como a otros libros populares de Informatique y Langues de programmation. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.

Información

Editorial
Syngress
Año
2016
ISBN
9780128054734
Edición
2
Categoría
Informatique
Categoría
Langues de programmation
Chapter 1

Introduction to command shell scripting

Abstract

In this chapter, we talk about shells, in the sense of the text-based interfaces we use to communicate with operating systems. UNIX, Linux, and OS X, as well as most UNIX-like operating systems, tend to work on the same general principles for purposes of shell scripting, and make use of many common programming concepts such as data structures, variables, control statements, if-then clauses, and while loops. In Microsoft operating systems, we can find many similar shell scripting tools as well. In Windows, we can carry out commands and write scripts using the generic shells command.com and CMD.exe, the PowerShell shell, and add-on tools such as Cygwin to give us access to bash on Windows, just to name a few.

Keywords

Shells; UNIX; LINUX; OS X; Bash; batch; Powershell
Information in This Chapter
• On Shell Scripting
• UNIX, Linux, and OS X Shell Scripting
• Bash Basics
• Putting It All Together With bash
• Windows Scripting
• PowerShell Basics
• Putting It All Together With PowerShell
Shell scripts allow penetration testers to do things like string together complex commands, develop tools, automate processes, and manipulate files–all while using a basic set of development resources. When penetration testers are attacking an environment, they cannot always choose their tools and sometimes they cannot install tools or utilities on a system. In such cases, being able to develop tools from native scripting resources can mean the difference between failure and success on a penetration test. This chapter discusses some of the basics of how to use the shells that currently exist in the UNIX, Linux, Mac OS X, and Windows operating systems. The chapter concludes with a detailed explanation of how to build port scanning tools using shell scripting languages for UNIX-like operating systems and Microsoft operating systems.
Shell scripts can be useful for a great many things in the penetration testing world, in the system administration world, in the network world, and in almost any area that depends on computing technology to function. Shell scripts allow us to string together complex sets of commands, develop tools, automate processes, manipulate files, and more, while using a very basic set of development resources.
Particularly in penetration testing, the ability to write shell scripts can be a highly necessary skill.

On Shell Scripting

Unlike any programming language, we might choose to use, or any development tools we might like to have access to, we can almost always depend on some sort of shell being present on a system. While we may not always have access to the particular flavor of shell we like, there will usually be something present we can work with.

What Is a Shell?

A shell is the interface between the user and the operating system, allowing us to run programs, manipulate files, and perform a number of other operations. All operating systems use a shell of one type or another, some of them graphical and some of them text-based. Many operating systems provide access to both graphical and nongraphical shells, and each is useful in its own way.
A shell might consist of a graphical user interface (GUI), as in the case of the Microsoft Windows desktop interface, and Gnome or KDE on Linux. Such graphical shells are convenient, as they allow us to use fancy graphical menus, show us colorful icons to represent files, and allow us to interact with items by clicking them with a mouse.
Text-based shells, such as that shown in Fig. 1.1, allow us to communicate with the operating system via a variety of commands and features built into the shell, as well as running other programs or utilities. Text-based shells are the ancestral user interface of many operating systems and still enjoy a great following today among the technically inclined.
image

Figure 1.1 A text-based shell.
On some operating systems, such as Windows, we are likely to find only the built-in graphical and text-based shells, although we may potentially find more added by a particularly technical user. On UNIX-like operating systems, such as the many varieties of UNIX and Linux, or OS X, we may find a wide variety of graphical and text shells. This broad choice of interface is very common on such operating systems, and we may find that the users or administrators of the system have customized it heavily in order to suit their particular tastes. Commonly, however, we will find at least Gnome or KDE as a graphical shell and bash as a text-based shell. For purposes of penetration testing, text-based shells tend to be the more useful for us to access.

What Is a Script?

A script, short for scripting language, is a programming language like any other, and may be similar in nature to other languages such as C++ or Java. The primary difference between a scripting language and other programming languages is that a program written in a scripting language is interpreted rather than compiled.
When we look at a traditional programming language, such as C++, the text we write that defines the commands we want to run is processed through a compiler and turned into machine code that is directly executable by the kernel/CPU. The resultant file is not human-readable. Any changes to our commands mean we have to send the changed text through the compiler again, resulting in a completely new executable. In interpreted languages, the text we create that contains our commands is read by an interpreter that does the conversion to machine code itself, as it is running the script. The text here is still human-readable and does not have to be recompiled if a change is made.
Normally, scripting languages have their own interpreters, so we need to install a separate interpreter for Python, another for Ruby, and so on. Shell scripts are a bit of a special case, as the scripts are interpreted using the shell itself, and the interpreter is already present as part of the shell.
Note
The various languages we discuss in the course of this book, including shell scripts, Python, Perl, Ruby, and JavaScript, are all interpreted languages. With many scripting languages, multiple interpreters are available from different vendors, often with somewhat different behaviors and sets of features. Additionally, different versions of the same interpreter from the same vendor may substantially change the way a given script functions, or render it nonworking entirely.
Scripting languages are used daily in the execution of many tasks. We can see scripting languages at use in printers; in the case of the Printer control language (PCL) created by Hewlett-Packard [1]; in JavaScript, PHP, and the many others th...

Índice