0 Members and 1 Guest are viewing this topic.
CHAPTER 1 Introduction to command shell scripting ................. 1On Shell Scripting .........................................................................1What is a shell? ........................................................................2What is a script? .......................................................................3Shell scripts...............................................................................3Where shell scripting is useful .................................................4UNIX, Linux, and OS X shell scripting .......................................5Shell availability and choices...................................................5Working with shells ..................................................................7Bash basics ....................................................................................8Hello World ..............................................................................8Variables..................................................................................10Arguments...............................................................................10Control statements ..................................................................11Putting it all together with bash..................................................15Adding /dev/tcp/ support to bash ...........................................15Building a port scanner with bash..........................................16Improving the script ...............................................................18Windows scripting .......................................................................18Shell availability and choices.................................................18Command.com and CMD.exe ................................................18PowerShell ..............................................................................19Cygwin....................................................................................20Other shells .............................................................................21PowerShell basics ........................................................................21Hello World ...........................................................................22Variables..................................................................................23Arguments...............................................................................25Control statements ..................................................................26Conditionals ............................................................................27Looping...................................................................................28Putting it all together with PowerShell.......................................29Building a port scanner with PowerShell ..............................30Improving the script ...............................................................32Summary......................................................................................32Endnotes ......................................................................................33vCHAPTER 2 Introduction to Python ..........................................35What is Python? ..........................................................................35Where do we get Python? ......................................................36Where is Python useful? .............................................................36Multiplatform scripting...........................................................36Network scripting ...................................................................36Extensive modules ..................................................................37Reusable code that is easy to create ......................................37Python basics ...............................................................................38Getting started.........................................................................38Variables..................................................................................39Modules...................................................................................40Arguments...............................................................................41Lists.........................................................................................44Dictionaries .............................................................................46Control statements ..................................................................51Functions.................................................................................52File manipulation.........................................................................54Exception handling .................................................................55Network communications............................................................57Client communications ...........................................................57Server communications ..........................................................59Scapy.......................................................................................62Summary......................................................................................68Endnotes ......................................................................................68CHAPTER 3 Introduction to Perl ..............................................69Where Perl is useful ....................................................................69Handling text ..........................................................................70Gluing applications together ..................................................70Working with Perl .......................................................................71Editing tools............................................................................71Extending Perl scripts.............................................................72GUIs in Perl ............................................................................73Perl basics....................................................................................73Hello World ............................................................................73Variables..................................................................................75Shell commands......................................................................76Arguments...............................................................................79Control statements ..................................................................79Regular expressions ................................................................85File input and output ..............................................................87Putting it all together...................................................................91vi ContentsBuilding an SNMP scanner with Perl ....................................91Improving the script ...............................................................97Summary......................................................................................97Endnotes ......................................................................................98CHAPTER 4 Introduction to Ruby.............................................99Where Ruby is useful..................................................................99Ruby basics................................................................................100Variables................................................................................102Arrays and hashes.................................................................103Control statements ................................................................106Functions...............................................................................109Building classes with Ruby.......................................................112Building a class ....................................................................112Extending a class ..................................................................114Accessing class data .............................................................115File manipulation.......................................................................117Database basics..........................................................................118Using DBI.............................................................................119Using Active Record ............................................................121Network operations ...................................................................124Client communications .........................................................124Server communications ........................................................126Putting it all together.................................................................129Summary....................................................................................134Endnotes ....................................................................................135CHAPTER 5 Introduction to Web scripting with PHP ............... 137Where Web scripting is useful ..................................................137Getting started with PHP...........................................................138Scope.....................................................................................138PHP basics ............................................................................138Functions...............................................................................145Handling forms with PHP.........................................................147File handling and command execution .....................................150File handling .........................................................................150Command execution .............................................................154Putting it all together.................................................................156Summary....................................................................................159CHAPTER 6 Manipulating Windows with PowerShell .............. 161Dealing with execution policies in PowerShell ........................161Contents viiExecution policies.................................................................161Bypassing the policies ..........................................................162Getting in ..............................................................................165Penetration testing uses for PowerShell....................................166Controlling processes and services ......................................166Interfacing with the event logs.............................................168Getting and sending files over the network .........................169Interfacing with the Registry................................................171PowerShell and Metasploit........................................................176PowerShell-oriented Metasploit modules ............................177PowerDump ..........................................................................177Windows gather PowerShell environment settingenumeration ..........................................................................178Making use of the modules ..................................................178Summary....................................................................................179Endnotes ....................................................................................180CHAPTER 7 Scanner scripting............................................... 181Working with scanning tools.....................................................181Netcat ....................................................................................181Nmap.....................................................................................182Nessus/OpenVAS..................................................................182Netcat.........................................................................................183Implementations of Netcat ...................................................183Simple Netcat usage .............................................................184Building a Web server with Netcat ......................................185Transferring files with Netcat...............................................187Nmap..........................................................................................191Working with service probes in Nmap ................................191The Nmap scripting engine ..................................................194Building Nmap NSE files.....................................................194Nessus/OpenVAS.......................................................................196NASL in Nessus and OpenVAS...........................................196Nessus attack scripting language (NASL) ...........................196Summary....................................................................................199Endnotes ....................................................................................200CHAPTER 8 Information gathering ......................................... 201Information gathering for penetration testing...........................201Sources of information .........................................................202Patterns in information .........................................................202Metadata................................................................................203viii ContentsWhat can we do with the information?................................204Talking to Google......................................................................205Google hacking.....................................................................205Advanced operators ..............................................................206Automating Google discovery..............................................207Web automation with Perl.........................................................209Pulling information from Web sites .....................................209Working with metadata .............................................................212Finding metadata ..................................................................212Document metadata ..............................................................214Metadata in media files ........................................................214Putting it all together.................................................................219Summary....................................................................................221Endnotes ....................................................................................221CHAPTER 9 Exploitation scripting ......................................... 223Building exploits with Python...................................................223Getting software ...................................................................223Setting up debugging............................................................224Causing our first crash..........................................................225Using pattern_offset..............................................................228Controlling EIP.....................................................................230Adding shellcode ..................................................................232Getting our shell ...................................................................236Creating Metasploit Exploits.....................................................237Starting a template................................................................237Porting the exploit code........................................................239Executing the exploit............................................................240Exploiting PHP scripts ..............................................................242Remote File Inclusion ..........................................................242Command execution vulnerabilities .....................................246Cross-Site Scripting...................................................................248What is XSS?........................................................................248Exploiting XSS.....................................................................249Summary....................................................................................253CHAPTER 10 Post-exploitation scripting .................................. 255Why post-exploitation is important ..........................................255Windows shell commands.........................................................255User management .................................................................256Gathering network information.................................................259Windows network information gathering ............................260Contents ixLinux network information gathering..................................261Scripting Metasploit Meterpreter ..............................................262Getting a shell ......................................................................262Building a basic script..........................................................264Executing the script..............................................................269Database post-exploitation ........................................................270What is SQL injection?........................................................270MySQL .................................................................................271SQL injection on Microsoft SQL Server.............................278Summary....................................................................................280