216. Coding in JavaScript (OBJ 5.2)
In this lesson, we’re going to talk about coding in JavaScript. JavaScript is a truly powerful programming language, that can add interactivity to a website. JavaScript is a relatively compact and flexible language, but programmers have created a lot of different tools, on top of the core JavaScript language, over the years, and this makes it a full-fledged programming language at this point, instead of just being a basic scripting language, like it was originally developed to be. At this point, you can build entire applications, interact with APIs, and import frameworks and libraries, to build really massive and complicated JavaScript applications, that run over the web. As a penetration tester, you’re often going to be using your knowledge of JavaScript, when you’re trying to conduct cross-site scripting attacks, or finding information, by conducting information disclosures. So in this lesson, we are really going to be focused on how JavaScript works, from a coding perspective, if you are the programmer. To start creating a script in JavaScript, you can create a separate file called something.js like main.js as your file, then whatever you put inside this file, will be considered JavaScript code.
Then to call the JavaScript file you just created, you would then use <script src=”scripts\main.js”></script>, in this case, you’re calling the script that is inside of the script’s folder, called main.js. Now, alternatively, if you’re doing a very short program, you can actually include that JavaScript, directly into the HTML itself, by using the script tags, in this case, you would use <script>, the code you want to include, and then </script>. Now just like other programming languages, JavaScript does support the use of comments. To comment out a single line, you’re not going to use the hashtag though, instead you’re going to use slash, slash. For example, // This is the first light of my script. Now if you want to create a block code, you can do that as well by using /*, then all the text you want to include, and then you hit star, slash. Anything between the slash, star and the star, slash, will be considered part of that code, no matter how many lines it goes across. For example, /* This is a multi-line comment block */, would have both those lines commented out. Now in JavaScript, when we talk about variables, it is very easy to declare them, to do this, you’ll use the format, let variable name = value;. For example, let CustomerName = ‘Jason’; would set the name Jason into the CustomerName variable. After that first assignment, anytime you want to update it, you don’t need to use the let command again, let is only used for the initial declaration. So if I wanted to change it from Jason to Dion for my CustomerName,
I would simply type in CustomerName = ‘Dion’;. Now anytime you want to refer to that variable and get the information back out, you’ll simply type in the variable name, such as CustomerName. In addition to variables, you can also use constants inside of JavaScript. To use a constant, instead of using the let command, you’ll type in the word C-O-N-S-T for constant. So const PI = 3.14159 semi-colon, would assign the value of 3.14159 to the constant pi. Just like a lot of the other languages we’ve discussed, if you use all capital letters, we usually reserve this for constants instead of variables, and all constants are basically treated as read-only variables by the system. Next, let’s talk about arrays. To define an array, you’re going to use let the name of the array = bracket, value one, value two, value three, bracket;. So for example, let listOfNames = bracket, ‘Jason’, ‘Mary’, ‘Christle’, ‘Tim’, bracket; would assign the four names, into that array called listOfNames. To get one of the names back out, you’ll call it by using listOfNames, bracket, the position, end bracket. for example, listOfNames, bracket one, end bracket, would give me Mary. Now JavaScript doesn’t have the idea of a named array, or associative array, the way that some other languages do. Instead though, you accomplish the same thing by using objects with variables, because JavaScript is an object-oriented language. For example, let’s create an array called myPhoneBook, to do this, we’ll do var myPhoneBook = curly braces; now, if I wanted to put information in there when I’m assigning it, I can do that by doing var, myPhoneBook = {Jason: 111-1234, Mary: 222-5678};. Now, if you want to address a certain key, you can do that by using the object.property notation, for example, myPhoneBook.Jason, would return the value of 111-1234.
Or if you want to override Jason’s phone number, you can do that using the same notation, myPhoneBook.Jason = 333-1234, would overwrite Jason’s phone number. JavaScript also supports the use of using bracketed notation instead of this dot notation. To do this, you would simply type in myPhoneBook [“Jason”] = 333-1234;, to be able to assign the phone number, in the PhoneBook, to the Jason key. Next, let’s talk about comparisons. With comparisons we are going to use the mathematical symbols, whether we’re using numeric or string comparisons. For example, is equal to is an equal sign, is not equal to is going to be an exclamation, equal sign, is greater than is a greater than symbol, is greater than or equal to, is a greater than and equal symbol, is less than is the less than symbol, and is less than or equal to, is the less than and equal symbol. When you’re using conditional statements, we are going to be using if, if else, and if, else if, else, conditions. When we do an if condition, it takes the format of if, parenthesis, the condition you want to evaluate, end parenthesis, open curly bracket, the different commands you want to run, and then the ending curly bracket.
If you want to use an if else, it’s going to be a similar format, if(condition), open curly brace, the things you want to do, end curly brace else, open curly brace, the things you want to do, end curly brace. And if you’re going to do an if, else if, else condition, you can do this by doing if(condition), open curly brace, the things you want to do, close curly brace, else if parenthesis, condition, end parenthesis, opening curly brace, the things you want to do, and then the close curly brace, else, opening curly brace, the things you want to do, and the closing curly brace. When it comes to Flow Control, we have a couple of different ways to loop through things inside JavaScript. The first is a For loop, this is going to perform a set of commands for each item that you give it, for, parenthesis, init; condition; increment, end parenthesis, open curly brace, the commands you want to run, end curly brace, is your basic format. So for parenthesis,, let i=0; i < 6; i++, end parenthesis opening bracket, textString =+i; closing curly brace and then textString =+ “All done”; alert, parenthesis, textString, end parenthesis ;. With a command like this, we’re going to loop through this program five times, displaying one, two, three, four, five, and then All done, and then putting that all into this text string.
Notice how I didn’t have just an equal, I had a plus equal. If I used an equal, I would’ve overwritten the value of that variable each time, but by using a plus equal, I’m going to append the value, to the end of the string we’ve been building. So we put one, then two, then three, then four, then five, and then add in All done, and once we get that string fully built, we then are going to pop up an alert on the screen, showing the contents of the text string. The next one we have is what’s known as a While loop. Now a While loop is going to perform a set of commands while a test condition is true. The basic format of this is while, parenthesis, condition, end parenthesis, opening curly brace, the commands you want to run, close curly brace. So I can do something like, while parenthesis, i < 10, end parenthesis, {textString += i; i++;} textString += “All done”; alert, parenthesis, textString, end parenthesis;. This will give us the output on the screen inside of a popup box of one, two,three, four, five, six, seven, eight, nine, All done. Next, we have the Until. Now, we really don’t have an Until loop inside of JavaScript, instead we have what’s called a Do While, but it does the same function. This will perform us set of commands until a test condition becomes true. This is set up in the basic format of, do, opening curly brace, the commands you want to run, closing curly brace, while, parenthesis, condition, close parenthesis;. For example, counter= one; do {textString += counter; counter++} while, parenthesis, counter > 5, end parenthesis textString += “All done”; alert, parenthesis, textString, parenthesis. If you use this, what you’re going to on the screen is a pop-up that displays 12345All done. Next, let’s talk about String Operations. To work with string operations, we’re first going to set some variable to contain some string, such as let text = “Dion Training”;, then we can start pulling out pieces of that string, by using the text.substring command. This is essentially saying, this variable.substring, give me some pieces of it, parenthesis, start position, end position, end parenthesis;. So if I let the result equal text.substring, parenthesis, one, four, end parenthesis; what would I expect the result to be? I would expect it to be I-O-N, because we’re starting at position number one, and again, computers count going zero and one, so it goes D and then I, so position one is the I, and then we’re going to go to the fourth position, so it’s I-O-N. Now, can you use negative numbers?
Well, yes and no. If you use the negative number as the starting position, JavaScript is just going to say that’s position zero. It doesn’t matter if it’s zero, negative one, or negative 1000, it’s still going to start in position zero, if you use a negative for that starting position. Instead, if you want to start counting from the back, you’re going to need to use a little bit of math in your substring. For example, let result = text.substring(text.length – 3,5); will say, let’s take the length of our text string and minus three. So, if there are 10 positions, for example, and you minus three, you’re going to start on position seven, and that’s going to get fed in as your start position. So in the example I just gave of text.length – 3,5, what will we expect our result to be? Well, the result is going to be Train, because we’re beginning the entire text length and then moving three positions to the right, from the end of the word, or the first N inside of training. Then we’re going to go to the fifth position. What is the fifth position? Well, it’s D-I-O-N space T, because that is our fifth position, when we count up from zero.
Now that becomes the T in training, then we assign those characters that are all in-between those two positions, the T and the N, and we put that to the screen, giving us Train as our result. Next, let’s talk about input and output from the keyboard and monitor. To receive an input put in JavaScript, you need to prompt the user in the webpage, by completing a form or using a pop-up window. Now you can do this, by doing something like this code, var customerName = prompt, parenthesis, “Please enter your name” parenthesis; if, parenthesis, customerName!= null, parenthesis, {document.getElementById, parethesis “welcome,” end parenthesis.inner HTML equals “Hello, space ” +customerName + “, How are you today?”; and then closing curly bracket. Now, what is this doing? Well, you’ll notice that we are setting a prompt to ask the user for information, and then storing that in the customerName. Then we’re doing a little error checking, is the customerName Noel, if you put nothing in, we don’t want to execute this code, but if you did put something in, we are then going to run this code. So if you typed in anything like Jason, we are going to go ahead and create a string of Hello, plus Jason, plus, How are you today? And we’re going to be able to display that. Now, where are we displaying it? Well, that’s where the document.getElementById comes into play. Document is actually the DOM or the Document Object Model of the person’s web browser. So we want to display this string, in whatever div tag, has welcome in it, which is the one we called out in our code. So you’re going to have a placeholder in your webpage called Welcome, and every time somebody puts in their name, it’s now going to replace that with, Hello Jason, How are you today? That’s the idea of using this document call, and being able to modify the Document Object Model, inside the DOM of the web browser. Now in JavaScript, you can display this data, in many different ways, doing it to the document like I just showed you, is one way, but you could also do it to other places. For example, if you want to write it into an HTML element, you’re going to use that dot inner HTML, which is what I just did to modify the DOM model, and specifically the div tag, Welcome, or you can actually write it into the HTML output, using document.write, which will basically write it directly to the HTML output that’s going to be processed by the browser. You can also write it to an Alert box by popping something up, using alert, and then parenthesis, and then putting what you want inside that alert, or using window.alert as a way of doing this. Or you can write it into the browser’s console, so it’s basically an error message, or a hidden thing, that only developers are going to see, and you do this by using console.log, parenthesis and parenthesis.
Now, as for reading and writing files, you can’t do this with standard JavaScript, because it’s being run in a web browser, but if you do need to read and write files using JavaScript, you can use one of the frameworks, or additions onto JavaScript to do that, and this is known as Node.js, which is a backend JavaScript framework, that you can use to write automations and other things. Now, to walk you through this, I’m going to display some code, but there’s a lot of lines here, so I’m going to read it once as we go step by step through the code. First var = require, parenthesis, “fs” end parenthesis;. What are we doing here? We’re defining a variable called fs, and we are placing the return of the function of require fs, which stands for file system. Next console.log parenthesis, “Going to write into existing file” parenthesis;. This is basically putting something into the developer console log, so we can have some error checking, but it won’t display to the webpage. Next, we have a comment, //Open a new file with name system.log and write Log File to it. Then we have fs.writeFile parenthesis, ‘system.log’, ‘Log File’, function, parenthesis, err, parenthesis, open curly brace, and then we have a bunch of stuff we’re going to do. So what is this doing?
Well, it’s basically a function, to write to this file. We’re going to write system.log, and we’re going to notate that in the console log, with the name Log File. If we get an error, we are going to stop, that’s where we say if error, and that will return a console.error with the error you receive. Then we’re going to go ahead and log two things to the console, “Data written successfully!” And “Reading newly written data.” This now has a comment that says, ” We are reading the newly written file and printing all of its contents to the console.” Then we have another command that says fs.readFile, parenthesis, ‘system.log’, function, parenthesis, err, data, and parenthesis opening curly brace, if, parenthesis, err, end parenthesis opening curly brace, return console.error, parenthesis ; closing curly brace, then consult.log, parenthesis, “Asynchronous read: ” plus data dot two-string parenthesis and parenthesis, and parenthesis; and curly bracket and parenthesis ; and curly bracket and parenthesis;. Hoo, that’s a lot. So what is this function doing? Well, it’s reading the file system.log, and then if there’s an error, it’s going to log that to the console.
And then we are going to go ahead and log to the console, Asynchronous read and all the data we’re reading, using this file. Now, notice I used fs.writeFile, this is going to overwrite system.log, and treat it as a new file. If you want to append to it instead, because this is a log file, you can do that by using fs.appendFile, instead of fs.writeFile. As you can see, there is a lot to learn inside a JavaScript, and we just barely scratch the surface here. The things you’re going to commonly see with JavaScript on the exam, and as a pen tester, is doing cross-site scripting, which means you’re going to be setting up alerts to pop up on somebody’s screen, or you’re going to be doing things inside the Document Object Model, using that document object that we talked about earlier, if you’re not familiar with JavaScript, I do recommend looking over some basic cross-site scripting information, and you can find this over at OWASP top 10, under cross-site scripting, they’ll give you lots of good examples, of what this looks like using JavaScript and other languages.
217. JavaScript Example (OBJ 5.2)
In this lesson, I’m going to show you how JavaScript is used to create all sorts of different applications including things like Wordle. Now, if you’re not familiar with Wordle, it’s a simple game that you could find online. Each and every day there is a new Wordle word, and your job when you play this game is to try to guess the Wordle in six tries or less. Each time you try to guess something you’re going to enter a five letter word and then you hit Enter to submit it. After each guess, the color of the tiles will change based on the word you put in. For example, if you guessed weary, W is in the right position. So I know this five letter word starts with a W but it’s not weary and it doesn’t have E, A, R, or Y in it. And if you see a letter that turns yellow, like the the I in pills, this tells you that I is in that word but it’s not in the second position. It’s either in the first, third, fourth or fifth position. Now, everyday there is a new Wordle that comes out and it can be a lot of fun to play Wordle if you like word games, or you can actually look at the source code and figure out what the word of the day is really easily by knowing your JavaScript. And that’s what I’m going to show you here is how to hack Wordle and know all the words for pretty much the rest of the year. If you love to play Wordle, you probably don’t want to go and do this and figure out all the words ahead of time. But I just want to show you how you can find data inside a JavaScript and read through this code. All right, let’s go ahead and close this Wordle box. And now you could see, we’re ready to start putting words in. Now, if you want to see the code that makes up this website, simply right click anywhere inside this and then go to inspect. This will bring up your developer tools. Now, here you could see, I have my developer tools set up so I could see them on the bottom underneath the webpage. But you can actually move them to any location you want by clicking the three dots and then choosing where you want it to dock. Either as a separate window, the left, the bottom or the right. I personally like the bottom. Now in here, we can see the first line is doc type HTML. This says this is a webpage, which is what I would expect since I’m looking at index.html. Next we have, what kind of a page is this? It’s HTML and it’s written in English.
Then have some header tags and then we have the body. The first thing in the body is a JavaScript. And in this case, it’s chartbeat.js which is being loaded up in that script tag. If I go to the next one, we have another script that’s being loaded up off a different site and another one and another one and another one. There’s lots of different pieces here. Now, I can look through all of the code here if I want to on the it’s index.html, or I can go over to sources and see how these things are broken out. Now, from the New York Times website, you could see that under games and underneath the directory of Wordle there is two files, index.html and this JavaScript file that ends in .js. The JavaScript file is what I want to look at which is the main code for Wordle. Now, it looks really, really short here because it’s only showing up as 17 lines. But most of that is actually this comment block in between with that green text. Now, if I actually want to see this, though it is actually much, much longer because if I start scrolling to the right, you’ll see this goes on pretty much forever. Now, if I want to see this all in easier read format what I can do is hit these double braces down here and this will actually break out all the code using line formatting. Now, as you go through, you can see some functions, you can see some variables and you can see all sorts of information. And if I scroll really quickly here, we’re going to see how long this file is. This is actually over 2,500 lines long. So are we going to look through all 2,500 lines together? No, we’re not. But instead, what I want to do is I want to look for the words that are kept inside of an array.
Because if you look through all 2,500 lines you’re going to find that there is a line that contains all the words that Wordle has stored as an array. There’s actually two lines here. One is going to be the words that Wordle uses. And the second one is the words that Wordle will accept as valid dictionary words. Now, to find this, I can look through it line by line or I can just pick any Wordle word that I already know or any five character word. So to find it, I’m just going to hit Control + F and then I’m going to type in a word like train. You’ll see here lines, 1135 and 1136, I have two very long arrays. Let’s scroll all the way to the left here that contain a bunch of five letter words. All right, there we are. So really what I’m looking at is this variable here where we are assigning a couple of different variables. Under the Ma variable we have a list of words and under the Oa variable I have another list of words. Under Ra I have present, Ha correct, Na absent. Now, if I go ahead and take one of these lines like this var Ma one, I can go ahead and copy that and copy the one for Oa. And I’m just going to go ahead and put it on the right hand side into Word. Now you’ll notice when we look at these let’s scroll up to the top. The first one which is var Ma is a list of five letter words but they’re all in kind of a random order. Cigar, rebut, sissy, humph, awake, blush, et cetera. Now, if I go down and look for the Oa one, these are all in alphabetical order, aahed, aalii, and all the other words that we have. Now under the Oa ones this is an array that contains all the five letter words that Wordle will accept. So if we wanted to see how many there are of each I can go ahead and just copy out this first list, open it up in a new Word document, paste it in and then look at Word Count. In here, we have 2,309 words which is the Wordles for essentially the next four or five years. Now, on the other hand, if I look at the list from Oa and I go all the way to the end of that list, that is a total of 10,663 words. So you can see this is all the possible words. Whereas the other one was only the 2300 or so that we’re going to use as the correct answers. But how do you know which one is the right answer?
Well, this is where it gets a little fun. When you look at Ma this is a array and all Wordle is doing inside of its code is going through the array one by one by one. So the first ever Wordle was cigar. The second one was rebut. The third was sissy. And as you keep going you can count to figure out what day you’re on. Now, the New York Times Wordle doesn’t tell you what day you’re on by saying this is Wordle 568 or whatever it is. But if you know any of the right Wordle answers for a particular day, you can then use that as your starting point and count forward. For example, I know the word for the day on April 1st was snout, S-N-O-U-T. So if I just go here and I’m going to bold and underline that, that’s April 1st. So this is April 1st, April 2nd April 3rd, April 4th, April 5th, April 6th. And so comma would be the word we think it is. To test this theory let’s go ahead and put in snout which we know is wrong as the first position. Here we go. S-N-O-U-T, snout notice that we have the O in there but the O is in the wrong position. This supports our thought that comma is the correct word. So now we could try using comma, C-O-M-M-A, Enter. And there we go.
The Wordle for the 6th of April is comma. You can do this anytime you want and know exactly which Wordle it’s going to be. So I can get 100% every day moving forward as long as I keep track of where I am. So I know that this one is April 6th and when I get a new word tomorrow, it’s going to be foray. Then the day after that is going to be scare and we’re going to keep going forward every day throughout this list, until we run out of words and they’ll update the word list. Now, why is this program written this way? Well, because this game was actually made by somebody who just wanted to pass the time and did it for fun. He really didn’t care about the fact of making it secure. Now, could he have randomized this list? Yes. Could he have used some kind of a way to jump around in this list or not even store the list inside the JavaScript? Maybe he could hash it or encrypt it. There’s lots of ways to protect us from able to see this. But the point here is that by knowing just a basic little bit about JavaScript you can beat every Wordle that comes out for the next couple of years. And so hopefully you could see how you could start manipulating data inside a JavaScript just looking through the code. Now, when we actually try to read through all of this code, it’s pretty confusing. You’ll notice that most of the variable names aren’t using things that make sense, for example variable A or variable E, or we might have something like variable Aa or variable Ia. Now, why is that? Well, this is because this code has gone through some kind of ossification where they start taking out things like documentation of what these codes actually mean.
This means it would be harder for us to reverse engineer and understand exactly what’s happening in all these different sections of code without going through and starting to make our own list of, I think that variable A means this and variable Aa means this. As I work through all of this code with 2,500 different lines. That said not all code is going to look like this and some will actually use the variable names and function names that make things easier to understand but not always. That said, I just wanted to show you this as a really basic understanding and demonstration of how you could find logical errors or programming errors that can allow sensitive data to be seen inside of a JavaScript program. In this case, we know every single Wordle for the next few years because they didn’t encrypt that data when they were storing it in that array.
218. Coding in Ruby (OBJ 5.2)
In this lesson, we’re going to cover the basics of coding in Ruby. Now Ruby is a dynamic open source programming language with a focus on simplicity and productivity. People like to say it has an elegant syntax and is really naturally easy to read and write. Now, why is Ruby important to a penetration tester? Well, one of our biggest tools that we like to rely on is the Metasploit Framework. In the Metasploit Framework, all of its exploits are written in Ruby. So if you want to look at any examples of Ruby, you can just go into the exploit directory of the Metasploit Framework and pull one out. Now, let’s go ahead and take a look at how you can do some basic coding in Ruby. First, like Bash and like Perl, you have to define your scripts by using the #!/user/bin/ruby to say, “This is a Ruby script.” When you’re using Ruby, you can also use comments by using the hashtag. For example hashtag this is the first line of my script. Now, when it comes to variables, Ruby has lots of different variable types, including global variables, local variables, instances, and classes.
To be able to define a variable as a global variable, you’ll use a dollar sign in front of it. If you use a lowercase letter or an underscore as the first character in a variable name, it’s going to be considered a local variable. If you use an at sign in front of it, it’s going to be considered an instance, and if you use two at signs before it, it’s going to be considered a class. Now as I go through this lesson, you’re going to notice I use lowercase most of the time to keep things simple instead of having to use the underscore when I’m defining my local variables. And by default I usually will use local variables when I’m programming unless I have a need for a global variable. Now when it comes us to constants, Ruby doesn’t actually do constants like some other programming languages do. So instead what we do by convention is just use capital letters throughout the entire name to signify to other programmers that it’s a constant even though it really is just a variable. So if I did capital P capital I equals 3.14159, I’m defining pi as a constant with that value, but nothing will stop me from going pi equals two if I felt like changing it later because it truly is just a variable. Next, let’s talk about arrays. When you define an array, you need to tell it how large it’s going to be so you can start setting aside the memory for that array when you create it. For example, tempArray equals Array.new parenthesis 20 end parenthesis is going to create an array with 20 locations for you to store things in. If you want to start storing things in there you can go ahead and start using something like tempArray, equals, bracket, value one, comma, value two comma, value three, end bracket. And that will put values into the first three places of that temporary array.
To get things out of the array you’re going to use the array name, dot, at, parenthesis a number, end parenthesis for the position you want to pull information out of. For example, if I wanted to pull out the second value I put in the temporary , which is known as value two, it’s sitting in the first position because computers count zero, one, two, three. So I would use tempArray, dot, at, parenthesis one, end parenthesis, and this will give me the value of two. Next, let’s talk about named arrays or associative arrays. In this case we’re going to use our phone book example. I want to create a phone book with two names Jason and Mary, and each one having their phone number. To set up this associative array I’m going to do that by using the word phone book equals, bracket, bracket, quote, Jason, quote, comma quote one one one dash one two three four, quote, end bracket, comma, and then I’m going to set up the next key pair. Bracket, quote, Mary, quote, comma, quote, two, two, two, dash, five, six, seven, eight, end quote, end bracket, end bracket. This is setting up an array of essentially arrays inside or key pairs inside. And so you can see Jason is associated with one phone number and Mary is with the other. When I want to get information out of an associative array I need to call it by using the name dot ASSOC for associative. For example, phone book dot ASSOC, parenthesis, quote, Mary, end quote, end parenthesis will actually give me this key pair shown inside the brackets as bracket, quote, Mary, quote comma, quote, two, two, two, dash, five, six, seven, eight, quote, bracket. Next let’s talk about comparisons.
When we’re dealing with comparisons we are going to treat them the same whether they are numbers or strings. To do is equal to you’ll use two equal signs, such as A equal, equal B. If you want to see if it’s not equal to, you’ll use the bang equal or the exclamation equal sign. For greater than you’ll use the mathematical greater than symbol. For greater than or equal to, it will again be greater than equal to. If you’re doing less than, it’s the less than symbol. If it’s less than or equal to, it’s the less than and then equal symbol. If you want to test if something is equal inside of K statements, instead of if statements, you could do that using three equal signs, or equal, equal, equal. Next let’s talk about conditional statements. The basic form of a conditional statement is if condition then do some things, end. Now this would look like if A is less than B puts A, end. What is this going to do? Well, it’s going to test is the value of A less than B. And if it is, we are going to display A to the screen and that’s what puts means. It puts it on the screen. Then we end. If B was greater or equal to A, we are not going to put anything on the screen and we’ll just end this condition. Next we have if else end, and it uses the same basic format. If condition, do some command, else, do something else, end. So if A is less than B, puts quote A is less than B end quote, else puts quote, B is greater than or equal to A. End quote, end. The next one we have is the if, else if, else, end. This will test two different conditions and then do a third thing if neither of those are true.
So if condition, do some command, else if, check a condition and do something else, else, some other thing, end. So this might look like this. If A is less than B, puts, quote, A is less than B, end quote. Else if A is greater than B, puts, quote, A is greater than B, end quote. Else it’s not less than, it’s not greater than, so it must be equal to. So else puts quote A is equal to B, end quote, end. This is how these different conditions can work for you inside of Ruby. Next let’s talk about flow control. And the first one we have is the for loop. For the for loop we’re going to use this to perform a set of commands for each item in a list. So the basic form of this takes the structure of for var in list, do something, end. So I might have something like four X in curly bracket, one dot dot five, end curly bracket, puts X, end. And what this is saying is for each X in the list one through five, or one, two, three, four, five, put them to the screen. And so we’re going to do this five times and on your screen you will see one, two, three, four, five. Now with puts, this is going to put one number per line because puts automatically will move to the next line after displaying whatever you give it. The next type of flow control we have is known as a while loop. A while loop will perform a set of commands while a test is true. So this takes the basic form of while condition, do commands, end.
So I might have something like this. Counter equals one, while counter is less than 10, puts counter, counter equals counter plus one, end. And what you’d expect to see on the screen is a list of numbers going one per line with one, two, three, four, five, six, seven, eight, nine, and then it would stop. Because you’ve printed all nine things your counter is incremented to 10, and now 10 is no longer less than 10, because 10 is equal to 10, so we stop the while loop. Next, we have the until loop. Until loops are used to perform a set of conditions until a test becomes true. So we may have something in the standard form of, until condition, do commands, end. For example, counter equals one, until counter is greater than five, puts counter, counter equals counter plus one, end. And on your screen you should see one, two, three, four, five, with one number on each line because puts uses a new line after each thing It places on the screen. Next, let’s talk about substring operations. Here we’re going to use the test string of test string. Now, if I want to put that to the screen and I simply say puts test string you’re going to see test space string on your screen. But if I want to show just a piece of that test string I can do that by creating a substrate. I’ll do that by referring to the variable name, a bracket, and the number of positions I want by the starting position, dot, dot, and the ending position. So it would look something like, puts test string, bracket two, dot, dot dot, five, end bracket. Now, what would you expect to display to the screen here? Because we start at two and we continue through to five, I would expect to see sT space S. Being the S and T from the test and then the space and the first S from straight. This is because the second position is actually the third letter, since we start counting up from zero. So we start with two being S, three being T, four being space, and five being the capital S in string, and then we stop. That’s how this works when you have your starting and ending positions inside of Ruby. Now you can also use negative numbers as your starting position if you want. And that will actually count from the end of the string. So if I start with the last letter, that’s negative one. The second to last letter, negative two, the third to last letter, negative three, and so on when you’re using Ruby. The final thing we need to talk about is inputting and outputting things, either to the keyboard and monitor or in and out of files. Let’s start out with outputting to the screen inside of Ruby.
This can be done using one of two different commands. We can use puts like I’ve been using in this lesson or we can use print. There’s a slight difference between these two commands. If you’re using puts, it’s going to output the string and then put a new line every time you do something. But with print, it will continue in the exact same place every single time unless you manually specify a new line character by using a slash end in your output. So if I did something like puts quote please enter your name, colon, quote, this is going to display the screen. Please enter your name and then it’s going to move to the next line. At this point if I wanted to get your input I could do something like username equals gets. Now gets says, get some input from the keyboard from that user. Then if I got your input, I’d want to do something with that. So I might display it back to the screen using something like puts, quote, hello, space, quote, plus, username. And this will take all of that, contact that string together, between the hello space and the username you entered, and then put that on that new line in the screen. So the next thing we need to talk about is working with files. Now in Ruby anytime you want to work with a file you have to open it first. So we’re going to open the file and assign it to a variable name. For example, F equals file dot open, parenthesis, quote, commands dot log, end quote, comma, quote, W, quote, parenthesis. This says open the file commands dot log in a writeable format. Then I can use F dot puts, quote, this is a log of the commands I ran, colon, quote. This is going to put that text string and put it into the file that I just specified, which was that variable F. Then when I’m done, I could type something like F dot close, and this will close out that file. Now, if you want, you could also redirect things into the file Once you open it using redirectors like a single less than or double less than sign. With a single less than sign you will overwrite the file. With a double less than sign, you’re going to append the file. So that would look something like this. F, less than, less than, quote, this is another log entry, quote, and that would be appended to the end of that text file called commands dot log that we had open. Next, we need to talk about reading information from a file.
Well, to read information from a file, it’s really easy. Again, we’re going to use something like F equals, file dot open, parenthesis, quote, commands dot log, end quote, parenthesis. Notice I don’t have to use comma R, or anything like that, because by default Ruby assumes I want to read a file unless I specifically tell it that I want to write that file. Once I have that file open, I can then use some command to cycle through the file and read all of its lines. For example, let’s say I wanted to display all the contents from this commands dot log file to my screen. I can use a while loop to do that. While line equals F dot gets, do puts line, end. This is going to go through the entire thing of F, getting each line individually, and then putting that line to the screen, and then it’s going to end. Once we’re done with that we can then close the file by doing F dot close. Now, I know we just barely touched the surface of Ruby, and as I said there is a lot you can learn here. In our next lesson, we’re going to jump into an example by pulling up an exploit in Ruby and walking through some code to start putting these concepts together.
219. Ruby Example (OBJ 5.2)
Ruby sample script. Don’t worry, this one’s a short script. Now on the screen, you can see that they used a comment of coding utf-8, what is that telling us? It tells us that the coding or the encoding of this file is being stored in a utf-8 format. Now, let’s look through this script. Require socket, target ports: 1..65535, target IPs: 10.0.0.2, 10.0.0.3, 10.0.0.4. Next, we’re going to look at this function define grab_banner: ip, port. We’re going to use TCPSocket.new: ip,port.recv(1024). Rescue, unable to establish a connection with ip, port, end. What does that part of that, tell me, that rescue part? That is the error handling, right. Now, here’s the actual function we’re going to use, ’cause above we had that defining banner grab. Now we’re getting into the meat of this program, the main part of this program. Target ips.each do IP. Target ports each do port puts grab banner IP, port end end. What does that function tell us? Well, this is a do loop, right? So do for every IP then do for every port. So what we’re doing is we’re doing a port scan and an IP scan. So if I had to look at what the output of this would look like the first thing I’m going to do is do for the IP. So I’m going to see on the screen 10.0.0.2 port one 10.0.0.2, port two all the way through to port 65535.
Then it’s going to go to the next IP and run through that loop again, 65,000 times. And then it’s going to go to the third IP and do the same thing again for another 65,535 times. So what is this script doing for us? Well, it’s doing a banner grab of every single port. So we’re using that socket require socket is to make sure we have network access. And then we’re going to set up this variable of target ports and an array of IPs. We then define this function called grab banner and we’re going to pass it in IP array with ports and it’s going to create a socket connection each time. And it’s going to try to go and connect to port one and do a banner grab, and port two and do a banner grab all the way through every port. Anytime it fails, we’re going to get a rescue command there that says unable to establish connection with this IP and this port and all of this is going to be dumped to the screen and then we can take it and sift through it and figure out what ports are open and what was running on those ports as a form of enumeration. This is another enumeration script. So you can see how this works inside a Pen Test Plus exam. You’re going to get something that looks like this.
You may have only gotten the last four or five lines of the script, that target target and puts. And they would ask, what is this doing? And you would have to say, oh, this is a do loop. It’s going to go through and calculate something X amount of times, right? That’s the idea here. So you just got to be able to understand how these scripts work and to identify them. I hope this section of the course has helped you get your foot into the door with programming to at least be able to read these scripts and understand at a basic level what they’re doing. Now, as you start playing with this as a Pen Tester figure out what language you like best. Now everyone’s going to argue what’s the best language which one’s their favorite. And everyone gets to choose that for themself. For me, I’m a Python fan. I really enjoy Python and I enjoy Bash programming. I’m not as big of a fan of Ruby and I’m not as big of a fan of Power Show, but for the exam, you’ve got to be able to read these basic scripts.
Understand at a macro level, what are they doing. Now, if you want to get some more practice with reading through scripts just go to Google. Type in sample bash script pick one out and start looking at it. It really doesn’t matter what it does. You can even think of a function that you’re interested in like, hmm, I wonder if there’s a bash script for enumeration or if there’s a bash script for running a vulnerability scan or whatever it is, Google that, you’ll find scripts and start reading through them. You’re not going to understand every word of the script. That’s okay. You don’t need to for the Pen Test Plus you just have to get a big idea of what these scripts are doing. So go out and Google a couple of examples, figure out what works for you, and figure out which language is your favorite.
