www.it-ebooks.info Penetration Testing with the Bash shell Make the most of the Bash shell and Kali Linux's command-line-based security assessment tools Keith Makan BIRMINGHAM - MUMBAI www.it-ebooks.info Penetration Testing with the Bash shell Copyright © 2014 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: May 2014 Production Reference: 1200514 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-84969-510-7 www.packtpub.com Cover Image by © iStock.com/DeborahMaxemow www.it-ebooks.info Credits Author Keith Makan Reviewers Sébastien De Bollivier David Huttleston Jr Jorge Armin Garcia Lopez Acquisition Editor Meeta Rajani Content Development Editor Anila Vincent Technical Editors Anand Singh Rohit Kumar Singh Copy Editors Roshni Banerjee Mradula Hegde Project Coordinator Melita Lobo Proofreaders Simran Bhogal Stephen Copestake Maria Gould Paul Hindle Indexer Tejal Soni Production Coordinator Melwyn D'sa Cover Work Melwyn D'sa www.it-ebooks.info Disclaimer The content within this book is for educational purposes only. It is designed to help users test their own system against information security threats and protect their IT infrastructure from similar attacks. Packt Publishing and the author of this book take no responsibility for actions resulting from the inappropriate usage of learning materials contained within this book. www.it-ebooks.info About the Author Keith Makan is the lead author of Android Security Cookbook, Packt Publishing. He is an avid computer security enthusiast and a passionate security researcher. Keith has published numerous vulnerabilities in Android applications, WordPress plugins, and popular browser security software such as Firefox's NoScript and Google Chrome's XSS Auditor. His research has also won him numerous listings on the Google Application Security Hall of Fame. Keith has been working as a professional security assessment specialist, penetration tester, and security advisory for over 2 years. www.it-ebooks.info About the Reviewers Sébastien De Bollivier loved to play with computers since he was 5 years old, but couldn't gure out how to make the computer do what he wanted. After completing his master's degree in Computer Science, he chose to create his own company, RunSoft, with two associates. Their purpose is mainly to help customers who are struggling to nd a web developer who understands their business. They are working on developing products in SaaS, but these have not been released yet. I would like to thank my wife, Kelly, and my wonderful little girl, Emilie. David Huttleston Jr is a full stack geek. After obtaining degrees in Physics and Nuclear Engineering, Dave hopped the fence from academics to business. He's the founder of www.hddesign.com, a company that specializes in developing databases and making data useful on the Web. Like many early adopters of BSD and Linux, Dave has experience in all levels of the web stack. He spends his time developing and consulting for nonprot organizations, labor unions, and businesses with challenging data workow problems. I'd like to thank my wife and best friend, Louise, for her everlasting love and support. www.it-ebooks.info Jorge Armin Garcia Lopez is a very passionate Information Security Consultant from Mexico with more than 6 years of experience in computer security, penetration testing, intrusion detection/prevention, malware analysis, and incident response. He is the leader of a Tiger Team at one of the most important security companies in Latin America and Spain. Also, he is a security researcher at Cipher Storm Ltd Group and is the cofounder and CEO of the most important security conference in Mexico, BugCON. He holds important security industry certications such as OSCP, GCIA, and GPEN, and he is also a FireEye specialist. He has worked on the books Penetration Testing with BackBox and Getting Started with Django. Thanks to all my friends for supporting me. Special thanks to my grandmother, Margarita, my sister, Abril, and also Krangel, Shakeel Ali, Mada, Hector Garcia Posadas, and Belindo. www.it-ebooks.info www.PacktPub.com Support les, eBooks, discount offers, and more You might want to visit www.PacktPub.com for support les and downloads related to your book. Did you know that Packt offers eBook versions of every book published, with PDF and ePub les available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks. TM http://PacktLib.PacktPub.com Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books. Why subscribe? • Fully searchable across every book published by Packt • Copy and paste, print and bookmark content • On demand and accessible via web browser Free access for Packt account holders If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access. www.it-ebooks.info www.it-ebooks.info [...]... in enabling them to tackle their day-to-day technical challenges Why are discussing the bash shell? Why is it so popular among system administrators, penetration testers, and developers? Well, there may be other reasons, but fundamentally the bash shell is the most standardized and is usually, with regard to most popular operating systems, implemented from a single code base—one source for the official... as with the cd command The next argument, or rather group of arguments, is quite an important one: the [expression] It consists of all the arguments that control the following: • Options: This tells what kind of files find should look for • Tests: This tells how to identify the files it is looking for • Actions: This tells what find should do with the files once they are found The following is the. .. that the best penetration testers from all across the world use to ensure that they have as much control over their testing activities as possible Anyone interested in introducing themselves to the command line specifically for penetration testing or penetration testing as a whole, will benefit from reading this book www.it-ebooks.info Preface What this book covers Chapter 1, Getting to Know Bash, introduces... and especially this chapter will introduce some of the witty but brilliant Linux/Unix culture and conventions so that you can get comfortable enough with the bash shell and eventually find your own way around and follow the more advance topics later on in the book www.it-ebooks.info Getting to Know Bash Throughout the book, the bash environment or the host operating system that will be discussed will... references, web pages, and other resources containing further information about the topic being discussed For more about the Linux manual pages, please see the Further reading section at the end of this chapter Navigating and searching the filesystem Navigating and searching the Linux filesystem is one of the most essential skills the developers, system administrators, and penetration testers will need... in useful ways with the help of bash scripting Chapter 5, Network Exploitation and Monitoring, shifts the focus to network exploitation tools and the utilities that the readers will likely use in their day-to-day penetration tests The chapter covers tools such as ARPSpoof, Ettercap, and SSLyze, and also introduces readers to useful bash scripts and commands that optimize the usage of these commands... execution behaviors for a bash script or collection of commands regardless of the operating system hosting the bash implementation Operating systems popularly have unique implementations of the Korn Shell (ksh) and other terminal emulator software The only disadvantage, if any, of the Linux or Unix environment that bash is native to is that for most people, especially those accustomed to the Graphical User... www.it-ebooks.info Preface The penetration testing technology today is riddled with oversimplified Graphical User Interfaces Though easy to use, they often offer very little control over the operations they perform and don't offer a very informative experience to their users Another drawback is that many of these security assessment solutions are only developed to identify and automate exploitation for the most obvious... NUMBER] is the number of the man page section to be referenced and [MAN PAGE NAME] is, well, the name of the man page Usually, it is the name of the command, system call, or library itself For example, if you want to look up the man page for the man command itself, you would execute the following command from your terminal: man 1 man In the previous command, 1 tells man to use section 1 and the man argument... describing the usage specification The way the syntax or usage specifications for commands are specified takes a little understanding to appreciate properly You may notice the braces in the specification, these are not to be interpreted as literal parts of the command invocation In fact, they indicate that whatever appears inside the brackets is an optional argument Also, the "|" character indicates that either . www.it-ebooks.info Penetration Testing with the Bash shell Make the most of the Bash shell and Kali Linux's command-line-based security assessment. this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt. 125 www.it-ebooks.info www.it-ebooks.info Preface The penetration testing technology today is riddled with oversimplied Graphical User Interfaces. Though easy to use, they often offer very little control over the operations they perform