200. Scripting Basics (OBJ 5.1 & OBJ 5.2)
In this section of the course we’re going to talk about the basics of scripting and how you can create your own scripts during your penetration tests and engagements to automate some or all of your workflow. This topic is really focused on domain five tools and code analysis. Now throughout this section we’re going to be discussing the basic concepts that are used by scripting and programming languages. Things like Bash, PowerShell, Python, Ruby, Perl and JavaScript. This will fully cover objective 5.1 and some parts of objective 5.2 for the exam. Now objective 5.1 states that you must explain the basic concepts of scripting and software development. While objective 5.2 states that given a scenario, you must analyze a script or code sample for use in a penetration test. So as we jump into this section, we’re going to first discuss a brief overview of different shells and programming languages so that you can understand exactly what they are and why we might use them.
Then we’re going to discuss all the different scripting and programming language that you might need to understand in order to read and analyze code. Now as we move throughout this section of the course, we’re going to be covering these concepts using something known as pseudocode. Now pseudocode is a plain language description of different steps in an algorithm or another system, essentially pseudocode is going to use structural conventions of a normal programming language, but it’s intended for humans to be able to read it rather than using a machine to read it. This means all of the code examples that you’re going to see in this section of the course are not actually functional for use with a real scripting or programming language like Bash, PowerShell Python, Ruby, Perl, or JavaScript, but instead it’s a made up language so that you can better understand the programming concepts that we’re going to discuss.
Now using the pseudocode, we’re going to cover everything you need to know about variables, loops, logic control structures, data structures, and the basic concepts of object oriented programming. By the time we’re finished in this section, you’re not going to be an expert programmer by any stretch of the imagination but you should be able to read a basic program in just about any language and then understand some of its key components because the pseudocode that I’m going to be teaching you is generalized so that you can apply it to any programming language. All right. It’s time for us to begin domain five, tools and code analysis with scripting basics in this section of the course.
201. Scripting Tools (OBJ 5.2)
In this lesson, we are going to talk about some of the basic scripting tools that you should know. Now, when you issue commands individually, this can be useful, especially when you’re doing one-time analysis. But by using scripting, this will allow you to set up recording searches to be repeated easily and you can even automate them, so every day at midnight, this particular thing will happen. All of that can be done will with scripting. Now, when I talk about a script, what is that? Well, a script is really basically just a list of commands that are executed by a certain program or a scripting engine. There’s lots of different scripting languages out there that you can use depending on your use case. We’re going to talk a lot about these in these in this lesson. Now, before we dive too deep into scripting, I do want to bring up a quick exam tips for you. An in depth ability to conduct scripting is not needed for the PenTest Plus exam, but in the real world, this is really, really helpful to have.
For the PenTest Plus exam, you are expected to be able to read and understand six languages, that is Bash, PowerShell, Python, Ruby, Pearl, and JavaScript. Again, you don’t have to be an expert here, but you do need to be able to read a script and understand basically what it’s doing. For example, you might be asked in a performance-based question to put a script together based on a basic concept or idea using different blocks, and you’re going to move them around the screen into the correct portions, but no one is going to expect you to create a script on your own out of thin air, that’s not the way the exam works. So as we go through this section of the course and in the next section of the course, we’re going to be focused on your ability to understand what is happening in a script and the basic syntax for these different programming languages. You may get a multiple choice question that shows you a script and ask you to read it and understand what it’s doing, that’s fair game, but again, if you can read English, you can pretty much read the scripts the way they’re going to give it to you on the exam.
Now, the first language we want to talk about is Bash, and Bash is a scripting language and command shell for Unix-like systems. So that’s going to be the default shell on Linux and MacOSX, and you can set it up as your shell on a Unix system too. Now, when we’re dealing with Bash, it supports lots of different elements such as variables, and loops, and conditional statements, and functions and a lot more. When you create a script inside of Bash, you always start out with what we call the shell bang, which is that hashtag and the exclamation, then /bin/bash, this says, this is a script that is written in Bash, that’s all that’s telling the computer. Then we’re going to give it some information of what we want it to do. In this case, I have a three line script, first echo “Pulling NetworkManager entries…” All that means echo is print this to the screen. So if I ran this inside the Unix command shell, you would end up seeing, “Pulling NetworkManager entries” once you hit enter. So really the benefit of having the echo statement is to tell your user who just ran this script what’s going on, saying, hey, I’m working, I’m getting the entries for you, I’m doing something, then it’s going to start doing those entries. And in the background, it’s going to do this grep. It says grep “NetworkManager” /var/log/syslog |, we’re piping that over into the cut command -d quote space quote -f1 -5. Then we have this greater than sign, and the greater than sign says, take the output of cut, and instead of passing it to another tool, put it into a log file. And in this case, we’re going to log it into this text file called netman-log.txt. So we’ve grep something, we’ve formatted it using cut and now we’re going to save it as a text file. Then we’re going to put a message to the screen for our user, echo “NetworkManager log file created!” That’s it.
And then it goes back to the Command Prompt. All this is doing is basically three simple things: print something to the screen, do a search and save it to a log file, and then print to the screen saying, I created the file, and now you can go get it. That’s all this Bash does. But, it saves me a lot of time because I can just run this file every single time I want, or even set it up on a scheduled task so it does this once a day, maybe, and then I’d have all those different files logging up over time. Next, let’s talk about PowerShell. Now PowerShell is a scripting language and command shell for Windows systems. You’re not going to find it on Linux or Unix or Mac. Now PowerShell supports elements such as variables, loops, conditional statements, functions, and commandlets that use a Verb-Noun syntex. So just like Bash, all that stuff is the same. The only difference here is we’re now going to be able to use commandlets as well. Now what is a commandlet? Well, I’m going to show you that right now. As we look at a basic PowerShell script, here is one. Write-Host, that is a Verb-Noun syntax, right? Write-Host is just like echo, it says, print this to the screen.
So write to the host, retrieving login failures. Then Get-EventLog, which says, I want to get, I want to pull information from this thing, the EventLog. I want to get the newest ones, the five newest ones, I want to get it from the Security log, and I want to get anything that has the InstanceId of 4625. And that’s the ones that I’m going to select. So essentially, this is a search command right now. Now what is a search command doing for us? Well, it’s saying, I want to go into the Eventlog, check the five newest entries that meet these conditions, they’re inside the security log, and they have the instance of 4625. Now 4625 is a log on failure code. So what is the last five people who tried to log on and failed? That’s all I’m asking here. Then I have the next line, timewritten, message | Out-File C:\log-fail.txt. So, I want to write the message of those things from the logs that I just got to this output file. And then the last thing I’m doing is writing to the screen again, Write-Host “Log log-fail.txt has been created.” So essentially, we’re doing the exact same thing we were doing back in Bash, except in Bash, we were looking for NetworkManager entries, and in this case, we are looking for failed login entries. The next thing we need to talk about is Windows Management Instrumentation Command, or WMIC. This is a program that’s used to review log files on a remote windows machine. So if I’m sitting on my machine as an administrator, I can actually remotely go onto your machine and check your logs if you’re part of my domain. Now this looks something like this. WMIC, and then what I’m searching, in this, case NTEVENT. NTEVENT given a certain input will return log entries that match your parameters. So, what am I looking for? I’m looking at NTEVENTs WHERE, the condition, LogFile equals Security, and EventType equals five.
Then I want to get the source name, the time generated, and the message. So essentially, this is doing the same thing I was doing before, I’m selecting all the security Eventlog entries whose events are type five, in this case, an audit failure, meaning they couldn’t log in. Then I’m going to output the source, the time the event was generated, and a brief message about that event. This is really useful if you’re trying to find events based on specific details, and this is more of that one time thing, but you can use this language inside of PowerShell as well and call the a WMIC if you need to. Now at the beginning of the lesson, I mentioned Python and Ruby. Now Python and Ruby are interpreted, high-level, general-purpose programming languages, and they’re used heavily by cybersecurity analysts and penetration testers because they’re easy to write things in and they can do a great job of going through and searching files and dissecting things and finding what you need. Now, in addition to that, they can do all sorts of other things because they are full programming languages.
But they’re scripting languages, meaning they’re interpreted line by line as you go through the scripts and they are not compiled. And since they’re not compiled, you’re not going to have a binary file associated with them, just a text file so you can actually read all the source code very easily if you find one on a machine The next programming language we’re going to discuss is Perl. Perl is another general-purpose interpreted programming language that can be used as a scripting language much like Python and Ruby. Now, Perl was actually created a long time ago back in the late 1980s as a general purpose Unix scripting language that was used for text manipulation. Oftentimes, back in the late 1990s when I first started doing coding, Perl was used on web servers through visual-dynamic content generation for the display of webpages on a given Linux server.
In general, Perl code is very practical, easy to use, and efficient, and it is one of those languages where there are a lot of third party modules that you can download to use with your code. The last programming language we’re going to talk about is actually a scripting language only, and this is JavaScript. Now JavaScript is a scripting language that allows developers to do all sorts of fancy and complex things when you’re visiting a webpage. Initially, JavaScript was added to HTML pages to be able to have things like popups and on click actions and like that. Now over time, JavaScript has become more complex and there are many different versions of JavaScript. For example, you might be using ReactJS which is React JavaScript for the frontend of your website, or NodeJS which is Node JavaScript for the backend of your website. If you’re going to be doing a lot of web application penetration testing, then you’re going to have to get familiar with using JavaScript because you’re going to have to read through that code that’s been written by those developers to find what vulnerable components exist that could be exploited during your attacks. Now in this lesson, all did was provide with a very high level overview of the six different languages.
Don’t worry, we are going to return to all of them in the next section of the course as we go through each and every language to provide you with the basic syntax and functions that these languages have, and then going through a coding example with each of these six languages. For the rest of this section though, we’re going to focus on using pseudocode to discuss things like variables, flow control, logic control, data structures, and object oriented programming so you can understand the basics of scripting before we dive too deep into any singular language.
202. Variables (OBJ 5.1)
In this lesson, we’re going to discuss variables. Now variables are used to store values and data for different data types. Basically a variable can store anything based on that data type. So when we talk about data types, we are talking about five different things that you may come across. This includes things like booleans, integers, float, decimal, or real numbers, characters, or strings. When we talk about a boolean, this can hold essentially two values, either true or false. Depending on the programming language, this will either be designated by the word true or false, the letter T or F, or even the numbers one and zero. This does depend specifically on the programming language you’re going to use. Now, basically in this section of the course, we’re going to be focusing our discussions on the use of pseudocode. Pseudocode is essentially a made up language that isn’t representative of any singular programming language, like Bash, or Python, or Powershell, or Ruby, or Pearl, or JavaScript. Instead, it’s more of a generalized form that we can use when discussing these characteristics of a programming language. As we move into the next section of the course, I will break down each programming language individually in its own lesson, where we can then talk specifically about variables in those languages, but from a pseudocode perspective and something that holds true across most languages, when you’re dealing with a boolean, it’s either going to be true or false, a one or a zero.
The second type of variable we have is known as an integer. Now an integer is simply a variable that will store a number, but a specific type of number. It has to be an integer or a whole number. This integer could be positive or negative, something like five, 15, 100, negative 30, 58, or whatever. It doesn’t really matter. This integer can be however big or small you want, as long as it stays within the balance of that particular integer value in your programing language that you’re going to be using. In terms of pseudocode though, we’re just talking about the fact that an integer holds a whole number. If the number is a decimal, we call this either a float, a decimal or a real number, this is a different data type. So if I wanted to store the amount of money in my wallet in an integer, I can say I have $53. But if I had $53 and 22 cents, I can’t store that as an integer. Instead, I have to place that in a float, decimal, or real number variable because those have a decimal point. Anytime you hear a decimal, remember, in computers we usually talk about this as a float or a decimal or real number. The next type of variable you can have is what’s known as character. Now, a character is only going to store one ASCII character. That character could be a number like the number five or it could be a letter like the lowercase a, or the capital T.
It really doesn’t matter as long as it’s something that is an ASCII character. Now, when you’re dealing with a character, remember this only stores one character, though If I want to store my name like, Jason, that’s five characters. And so I can’t store that in a single variable that is classified as a character. And this brings us to our fifth type, which is known as a string. A string is essentially multiple characters. So if I wanted to store my name, Jason, I could do that inside a variable that has a type of string because a string can have lots of letters or a series of letters and numbers that are stored as a string. Now, one word of warning when you’re dealing with variables.
Yes, you can store a number like 157 inside of the variable that is classified as a string. But if you do that, you can no longer do mathematical functions on that value. If I wanted to take two numbers and add them together, I need to add them of the same type. I cannot add two strings together in that manner. Instead, I can have the number 157 and the number three in two different variables and add them together if they’re both integers. In that case the result will be 160. Now, if I have a decimal number and I have an integer, I cannot add those two together because they are two different types of variables. So you’d have to convert that integer type into a decimal type first and then add it to the one that is a decimal. In pseudocode to keep things easy, we don’t have to define the data type for each variable, but in some real programming languages you do have to define the data type when you initialize the variable at the beginning of your programs. The next thing we need to cover in terms of variables is how to use them. The important thing to remember with the variable is that variables can change throughout the execution of your program.
For example, I might have my program initiate my variables with a starting value. Let’s say I set the variable first name to equal Jason and the last name to equal Dion. Then I ask as part of my program for you to enter a first name, you might put in something like Mark, then it’s going to change my first name field into the name you entered. So now instead of Jason Dion, we now have the variables of Mark Dion. And this is the benefit of using a variable, it can change throughout the course of your program. Anytime you want to use the first name variable, you’ll simply call it by using its variable name and that will play to the screen. If you’re using pseudocode, you can define these variables by having a lowercase word as your variable. For example, first name is all lowercase and that is now a variable called first name. Conversely, if you have something that looks like a variable, but is an all upper case letters, this is considered a constant inside of pseudocode. Now, a constant is very similar to a variable and they’re defined basically the same way. The only difference is once you define a constant, it cannot be changed in the program. So why would you want to use a constant? Well, some things aren’t going to change during the execution of your programs.
For example, if I was writing a code to be able to calculate the area of a circle when you gave me the radius, I can do that by using the equation pi R squared. Now, R is the variable that you’re going to supply me, but pi is a constant. Pi should always equal 3.14159265359, or however many significant digits you want to list. By creating the constant pi at the top of your program, you can define exactly what you want to use for pi, maybe you don’t need it to be that precise, so instead you’re going to use 3.14 or 3.14159 and call it good. That is your ability inside of defining a constant within a program. The final thing we need to talk about in terms of our pseudocode is how we’re going to define those variables and constants. Now, we already had the names being either lowercase for variables or uppercase for constants, but we haven’t talked about how we’re are going to define the value.
Well, the easiest way to do this is to use a symbol like an equal sign. In most programming languages, you’re simply going to use an equal sign to define the value that you want on the left side of the equal sign. For example, you already saw that I used first name equals Jason. That is assigning the word, Jason, that set of characters that are grouped together as a string into the variable for first name. Similarly with a constant of pi, we can equal 3.14 assigning that static decimal number into the constant we called pi. This is how you can start to use variables inside of your pseudocode and that’s the basics of variables. Remember, variables are going to be something that you can use to change throughout the course of your program and they can take one of five types, a Boolean, an integer, a float, decimal, or real number, a character, or a string.
