Penetration Test - Using_Scripting_in_Pen_Testing(2)
阿新 • • 發佈:2020-12-05
Bash Scripting Basics
COMMENTS
-
Help you remember what you were thinking
-
All comments start with the '#' character
-
Anything after '#' is ignored by the interpreter
-
Ex:
# This is a comment
-
VARIABLES
-
varName=value
-
Ex:
name=Eric
-
-
echo $name
-
Common to read data into variables, as opposed to hard coding too much
-
Bash variables are untyped
SUBSTITUTIONS
-
"$" prefix refers to the contents of an identifier(ex. echo $name)
-
Can refer to
-
Variables
$name
-
Input parameters
$1
-
Environment variables
$PATH
-
Values from utilities
$(whoami)
-
And, bash will set defaults when no other value is provided
JAVAPATH=${JAVAPAHOME:=/usr/lib/java}
OUTPUTDIR=${1:/tmp} #IMPORTANT DIFFERENCE
-
COMMON OPERATIONS
-
String operations
-
Concatenate
var="Hello";var="$var World"
-
Length
${#string} OR expr length $string ex.${#name}
-
Extract a substring
echo ${string:position} ex.${name:3}
-
Replacing substring
${string/substring/replacement} ex.${name/ch/xx}
-
-
Compound operations
- AND: -a
- OR: -o
- if["$varA" -eq "$varB"]
- Equal: -eq OR ==
- Not equal: -ne OR !=
- Greater than, greater than or equal to: -gt or >, -ge OR >=
- Less than, less than or equal to: -lt OR <, -le OR <=
- Not null (empty string): -n
- Null (empty string): -z
LOGIC
-
Looping - for
for var in list do Statement(s) done
-
Examples
for in in 1 2 3 4 5
for i in $(seq 1 5)
-
FLOW CONTROL
if condition
then
commands
endif condition
then
commands
else
commands
fi
if name=Michael
then <run some command>
If name doesn't equal Michael...
elif name=Eric
then <run some command>
If name doesn't equal Michael OR Mary ...
else
then <run some command>
fi
BASH if CONDITIONS
Expression | Description |
---|---|
-d file | True if file is a directory |
-e file | True if file exists |
-f file | True if file exists and is a regular file |
-z string | True if string is a null (empty) string |
-n string | True if string is not a null(empty string) |
stringA = stringB | True if strings are equal |
stringA != stringB | True if strings are not equal |
BASH SCRIPTING
-
test / []
if test -eq $name "Eric" if [$name = "Eric"]
-
break
- Exits the current loop iteration
-
exit
- Exits a script and returns a value (exit code)
BASH PORT SCANNER
#!/bin/bash
target=$1
minPort=$2
maxPort=$3
function scanports
{
for ((counter=$minPort; counter<=$maxPort; counter++))
do
(echo >/dev/tcp/$target/$counter) > /dev/null 2 >$1 && echo "$counter open"
done
}
scanports
QUICK REVIEW
- Bash is the default shell in Linux
- Bash makes it easy to combine multiple commands that can react to input
- Learn basic loops and conditional logic
- A few lines of a bash script can automatically execute many commands, such as scans