Index

Note: Page numbers followed by f indicate figures, t indicate tables and b indicate boxes.

Symbol

- - (comment character), 273
# (comment character)
bash, 17
Perl, 75
Python, 39
#! (shebang), 8
&& operator, 144
./ prefix, 8
@@ symbol, 130
| (pipe), 17
|| operator, 144
+ (concatenation operator), 38
+ modifier, Python, 54
<? (short open) tag, 139
< symbol
Perl, 88
Ruby, 114
<? php header, 139
> symbol, 88
>> symbol, 88
’ (backtick), 17
; (semicolon), 75
/? flag, 256
! mark, 107–108
200 message, 42, 127

A

a (append) function, Python, 54
-a flag
Linux, 261–262
Windows, 260–261
Active Record module, Ruby, 118–119, 121–124, 123b, 124f
Address Resolution Protocol (ARP) requests, 103–106, 104b, 107f, 260–261
advanced operators, Google, 206–207
/all flag, 260
allow_url_include setting, PHP, 243
AllSigned policy, PowerShell, 161–162
append (a) function, Python, 54
/append flag, 267
$args array, PowerShell, 25–26
args variable, 43
arguments
bash, 10–11, 11b, 12f, 12t
Perl, 79
PowerShell, 25–26
Python, 41–46
@ARGV array, Perl, 79
ARGV structure
Python, 41, 42, 43f
Ruby, 111, 111b
ARP (Address Resolution Protocol) requests, 103–106, 104b, 107f, 260–261
arp command, Windows, 260–261
@_ array, Perl, 78–79
arrays
defined, 25–26
Perl, 79
Ruby, 102–106
authentication bypass, MySQL, 274f
Autonomous LAN Party application, 243–245, 244f, 245f

B

b modifier, Python, 54
backtick (’), 17
Base64, 138, 139, 140f
bash (Bourne-again shell), 8
adding /dev/tcp/ support to, 15–16
arguments, 10–11
control statements, 11
conditionals, 12–14
looping, 14–15
Hello World script, 8
overview, 6
port scanners
building, 16–18
improving, 18
using in Cygwin, 20–21
variables, 10
batch (.bat) files, 19
bind method
Python, 60
Ruby, 131
block technique, Ruby, 110
Bourne, Stephen, 6
Bourne shell (sh), 6
Bourne-again shell, See bash
Bourne-compatible shells, 6. See also bash

C

/C flag, 267
C shell (csh), 5
C shell-compatible shells, 5
cat command, 124–125
cd (change directory) command, 171, 172
channelized argument, 268
chomp function, Perl, 75–76
chop function, Perl, 75–76, 84
CIDR (Classless Inter-Domain Routing) addresses, 44–46, 283
class keyword, Ruby, 112
classes
Python, 37
Ruby, 112–117
accessing data from, 115–117, 117f
building, 112
extending, 114–115, 115f
Classless Inter-Domain Routing (CIDR) addresses, 44–46, 283
Clear-EventLog cmdlet, PowerShell, 169
client communications
Python, 57–59
CMD.exe, 18
cmdlets, PowerShell, 20
command execution
vulnerabilities, 246–248, 248f
command shell scripting, 1–33
bash, 8–15
adding /dev/tcp/ support to, 15–16
arguments, 10–11
control statements, 11, 12–14, 14–15
Hello World script, 8
port scanners, 16–17, 18
variables, 10
Microsoft shells, 18–21
batch files, 19
CMD.exe, 18–19
Cygwin, 20–21
miscellaneous, 21
PowerShell, 19–21
PowerShell, 21–29
arguments, 25–26
control statements, 26–29
Hello World script, 22–23
port scanners, 30–32
variables, 23–25
scripts, defined, 3
shell scripts, 3–4
shells, defined, 2
UNIX-like shells, 5–7
Bourne-compatible shells, 6
C shell-compatible shells, 5
miscellaneous, 6–7
working with, 7
usefulness of, 4–5
comment character (- -), 273
comment character (#)
bash, 17
Perl, 75
Python, 39
communicate function, Python, 61
comparison operators, bash, 13t
compiled programming languages, 3
concatenation operator (+), 38
conditional operators, Python, 50f
conditional statements (conditionals)
bash, 12–14
Perl, 80–81
PowerShell, 27–28
Python, 51–52
connect method, Ruby, 120
Constant class, Ruby, 103
constants, Ruby, 103, 103b
control statements
bash, 11
conditionals, 12–14
looping, 14–15
Perl, 79–80
conditionals, 80–81
looping, 81–84
PowerShell, 26–27
conditionals, 27–28
looping, 28–29
Python, 51
conditionals, 51–52
looping, 52
$_COOKIE array, PHP, 138–139
cookies, stealing, 249–253
copy con command, 21b
CreateCMD code, 162–165, 165b
Cross-Site Scripting, See XSS
crypt module, Python, 48
CryptCat, 184
csh (C shell), 5
Cygwin, 20–21

D

database manipulation with Ruby, 118–124
Active Record module, 121–124
DBI module, 119–121
database post-exploitation, 270–280
db_create variable, Ruby, 120
DBI module, Ruby, 119–121, 121f
def statement, Python, 52
/dev/tcp/ support, adding to bash, 15–16
dict function, Python, 50, 50f
dictionaries, Python, 46–51
dir command, PowerShell, 171, 172
dirname function, 266
discovery automation, Google, 207–209
do method, Ruby, 120

E

-E option, Meterpreter, 262–263
–e option, Netcat, 184
echo command
Netcat, 188, 189
PHP, 142
edit command, 21b
EIP register (Instruction Pointer), 225, 227, 228, 229f, 230–232, 230f, 231f, 233f
elif statement, 51
$_ENVarray, PHP, 142–145
error handling, Ruby, 116b
error variable, Ruby, 115–117
ESP register (Stack Pointer), 225, 227, 232
establish_connection method, Ruby, 122
event log interfacing, PowerShell, 168–169
except keyword, 55–56
exception handling, Python, 55–56
Exchangeable Image File Format (EXIF) data, 215
exec command, PHP, 155, 157
execute method, 267
execution policies, PowerShell, 161–166
bypassing, 162–165
getting in, 165–166
overview, 161–162
EXIF (Exchangeable Image File Format) data, 215
exiftool script, 215–217, 220
exploitation scripting, 223–254
Metasploit, 237–242
executing exploit, 240–242
porting exploit code, 239–240
starting templates, 237–239
command execution vulnerabilities, 246–248
Cross-Site scripting, 248–253
Remote File Inclusion, 242–245
Python, 223–237
adding shellcode, 232
causing first crash, 225–228
controlling EIP, 230–232
debugging, 224–225
pattern_offset.rb tool, 228–230
returning shell, 236–237
software, 223–224

F

-f option, Meterpreter, 262–263
Falstad, Paul, 6
$_FILE array, PHP, 147–149
File class, 266
file handling and manipulation
Netcat, 187–191, 190f
Perl, 87–91
PowerShell, 169–171
Python, 54–56
file transfer protocol, See FTP
file_local_write function, 269
filetype: operator, Google, 207, 214
FileUtils mkdir_p method, 266
find_by method, 123
finger script, Nmap, 194–196
Fixnum class, Ruby, 104
floats, Ruby, 103
focus method, PHP, 158
fopen function, PHP, 152
for loop
bash, 14, 15f
Perl, 81–84, 211
PHP, 144
PowerShell, 28
Ruby, 102, 106–108
Windows, 257
foreach loop
PowerShell, 29
ForEach-Object cmdlet, PowerShell, 175
form handling, PHP, 147–149, 148f, 149b, 149f
Fox, Brian, 6
FTP (file transfer protocol), 134f
exploitation scripting, 226–227, 229
NASL, 197, 197f
Ruby, 129–134
functions
bash, 10
Python, 37, 52–54
Ruby, 109–112

G

generate command, Meterpreter, 262–263
$_GET array, PHP, 138–139, 145, 147, 148, 148–149, 152
get_ip_address function, Perl, 84
get_process method, Ruby, 267
get_raw_address function, Perl, 83
get_request function, Perl, 96
get_snmp_info function, Perl, 96
getaddrinfo function, Python, 58
getDenies function, Python, 53
Get-EventLog cmdlet, PowerShell, 168, 168f, 169, 169f
getHeader function, Ruby, 110, 111, 113
Get-ItemProperty cmdlet, PowerShell, 174
Get-Process cmdlet, PowerShell, 24, 166–167, 167f
getpwuid method, Ruby, 118
Get-Service cmdlet, PowerShell, 167, 168f
GHDB (Google Hacking Database), 206
global variables
bash
defined, 10
modifying scripts to make use of, 10
PowerShell, 24
gluing applications together, 4, 70–71
Google, 205–209
advanced operators, 206–207
automating discovery, 207–209, 209f
hacking, 205–206
Google Hacking Database (GHDB), 206
graphical shells, 2
Green, Ken, 5
groups, listing, 259f
GUIs, Perl and, 73

H

hashes, Ruby, 102–103, 103–106
hashlib module, Python, 40b
head method, Ruby, 110
Hello World script
bash, 8, 9f
Perl, 73–75, 74f
PowerShell, 22–23
hives, Windows Registry, 171, 172
HKEY_CLASSES_ROOT (HKCR) hive, Windows Registry, 171
HKEY_CURRENT_CONFIG (HKCC) hive, Windows Registry, 171, 173f
HKEY_CURRENT_USER (HKCU) hive, Windows Registry, 171
HKEY_LOCAL_MACHINE (HKLM) hive, Windows Registry, 171, 172, 174, 175, 177
HKEY_USERS (HKU) hive, Windows Registry, 171
HTML::Parse module, Perl, 208–209
htmlspecialchars function, 249
HTTP attack script, 125, 126
httplib module, Python, 41
HTTP::Request module, Perl, 208

I

-i 5option, Meterpreter, 262–263
ICMP (Internet Control Message Protocol) packets, 63–68
if else statement, PowerShell, 27
if statement
bash, 12–14, 13f
Python, 51–52
ifconfig command, Perl, 85–86, 86f
if/elsif/else conditional block, Ruby, 107
Immunity Debugger application, 223–224, 224f, 225
implode function, PHP, 157
include function, PHP, 150
include_once function, PHP, 150
information gathering, 201–221
Google, 205–209
advanced operators, 206–207
automating Google discovery, 207–209
Google hacking, 205–206
laws governing, 202b
metadata, 212–219
in documents, 214
finding, 212–214
in media files, 214–219
overview, 203–204
network, 259–262
Linux, 261–262
Windows, 260–261
patterns in information, 202–203
sources of information, 202
uses for information, 204–205
Web automation with Perl, 209–212
overview, 209–212
WWW::Mechanize module, 210–212
information_schema database, MySQL, 275, 276, 277f
initialize method, Ruby, 112, 130
Instruction Pointer (EIP register), 225, 228, 229f, 230–232, 230f, 231f, 233f
Integer class, Ruby, 101
integers, Ruby, 103
Internet Control Message Protocol (ICMP) packets, 63–68
interpreted programming languages, 3
IP addresses
changing number format, 83–84
netmasks, 283
ip command, Linux, 261
ipconfig command, Windows, 260
irb shell, Ruby, 100
is_srvrolemember stored procedure, Microsoft SQL Server, 279
ISE (PowerShell Integrated Script Editor), 21, 23f

J

join function, Python, 46
join method, Ruby, 266

K

Kate text editor, 8, 9f, 38, 71, 72f
Kelley, Josh, 161
Kennedy, David, 161
key-value pairs, specifying, 50, 50f
Korn, David, 6
Korn shell (ksh), 6

L

last command, Ruby, 106–107
Lester, Andy, 211f
LFI (Local File Inclusion), 243
link: operator, Google, 207
Linux, network information gathering, 261–262
listen method, Python, 60
lists, Python, 44–46, 47f
little endian, 232
Local File Inclusion (LFI), 243
local variables
bash
defined, 10
modifying scripts to make use of, 10
PowerShell, 24
log files, SNMP scanner, 95, 96–97
log viewer, 124–125
logic errors, 89b
looping
bash, 14–15
Perl, 81–84
PowerShell, 28–29
Python, 52
lstrip method, Ruby, 108
LWP::Simple module, Perl, 209, 210, 210f
LWP::UserAgent module, Perl, 208

M

MAC addresses
altering, 86b, 87
testing, 85–91
man command, Linux, 262b
management information base (MIB), defined, 95–96
map function, Python, 45, 46
Martorella, Christian, 220–221
match operator, Perl, 87
metadata, 212–219
in documents, 214
finding, 212–214
in media files, 214–219
overview, 203–204
MetaGooFil, 220–221
Metasploit, 228
exploitation scripting, 237–242
executing exploit, 240–242
porting exploit code, 239–240
starting templates, 237–239
modules, 176–179
making use of, 178–179
overview, 177
PowerDump, 177–178
Windows gather PowerShell environment setting enumeration, 178
Metasploit Meterpreter, See Meterpreter
Meterpreter, 241–242, 246b, 262–270, 263f, 264f, 270f
building script, 264–269
executing script, 269–270
returning shell, 262–264
MIB (management information base), defined, 95–96
Microsoft shells (Windows scripting), 18–21
batch files, 19
CMD.exe, 18–19
Cygwin, 20–21
miscellaneous, 21
PowerShell, 19–29
arguments, 25–26
control statements, 26–29
execution policies, 161, 161–166, 162–165, 165–166
Hello World script, 22–23
Metasploit modules, 176–179, 177, 177–178, 178, 178–179
penetration testing uses, 166–176, 166–167, 168–169, 169–171, 171–176
port scanners, 30–31, 32
variables, 23–25
Microsoft SQL Server, 278
reenabling xp_cmdshell stored procedure, 280
verifying vulnerabilities, 279f, 278–279
Microsoft Windows. See Windows; Windows Registry, interfacing with PowerShell
modules
Metasploit, 176–179
making use of, 178–179
overview, 177
PowerDump, 177–178
Windows gather PowerShell environment setting enumeration, 178
Perl, 80
Python, 37, 40–41, 41f
msfencode script, Metasploit, 233, 262–263
Msf::Exploit::Remote class, Metasploit, 238, 239
msfpayload script, Metasploit, 233f, 234
multiplatform scripting, Python, 36
MySQL, 271–274
authentication bypass, 271
returning extra records, 274–278, 276f, 277f, 278f

N

character combination, Perl, 74
NASL (Nessus Attack Scripting Language), 183, 196–197, 197f, 198f
Ncat, 184
Nessus/OpenVAS, 196–199
NASL, 196–197
overview, 182–183
net command, Windows, 256
net group command, Windows, 258
net localgroup command, Windows, 258
net user command, Windows, 256, 256f, 257, 258
Netcat, 170b, 183–191
file transfer with, 187–191
fingerprint data, 193t
implementations of, 183
overview, 181–182
usage of, 184–185
variants of, 184
Web servers, building with, 185–187
Net::HTTP module, Ruby, 110
Net::Ping module, Perl, 80, 82, 83
Net::SNMP module, Perl, 94, 96
netstat command
Linux, 261–262
Windows, 261
network information gathering, 259–262
Linux, 261–262
Windows, 260–261
network latency, 279b
network operations
Python, 57–68
client communications, 57–59
Scapy module, 62–68
server communications, 59–68
Ruby, 124–129
client communications, 124–126, 129–134
server communications, 126, 129–134, 129f
network scripting, Python, 36–37
Nmap, 191–196
NSE files, 194–196
overview, 182
scripting engine, 194
service probes in, 191–194
Nmap Scripting Engine (NSE), 182, 194–196
Nmap::Parser module, Perl, 70–71
NOP characters, 235–236, 239–240
NSE (Nmap Scripting Engine), 182, 194–196

O

Offensive Security, 177
OptionParser class, Python, 42, 43, 43f
optparse module, Python, 41, 43
opts variable, 43
Organizationally Unique Identifier (OUI), 89, 90
os.access method, 51–52
other variable, Ruby, 115, 116–117
OUI (Organizationally Unique Identifier), 89, 90
oui.txt file, 89, 90, 91
Out-File cmdlet, PowerShell, 175
output file formats, Perl, 70–71

P

-p flag, Linux, 261–262
packet sniffing, 65–67
passthru command, PHP, 154
passwords
determining which users have default, 46
fields in password file, 47b
pattern_offset.rb tool, 228–230
peeraddr variable, Ruby, 127–128
Perez, Carlos, 178
Perl, 63–98
arguments, 79
compiling Perl scripts, 72–73
control statements, 79–80
conditionals, 80
looping, 81
extending Perl scripts, 72
file input and output, 87–91
GUIs, 73
Hello World script, 73–75
locating interpreter, 73–74
regular expressions, 85–87
shell commands, 76–79
SNMP scanners
building, 91–97
improving, 97
special characters in, 75t
text editors, 71
usefulness of, 69–71
gluing applications together, 70–71
text handling, 70
variables, 75–76
Web automation with, 209–212
overview, 209
WWW::Mechanize module, 210–211
Personally Identifiable Information (PII), 70
PHP
exploitation scripting, 242–248
command execution vulnerabilities, 246
Cross-Site scripting, 248–253
Remote File Inclusion, 242–243, 245
Web scripting with, 137–159
command execution, 154–156
control statements, 142–145
file handling, 150–153
form handling, 147–149
functions, 145
output, 142
scope, 138
usefulness of, 137–138
variables, 140–141
php_include module, Metasploit, 245
PII (Personally Identifiable Information), 70
ping command, bash, 17
ping function
Perl, 80–85, 85f
PowerShell, 29
pingcheck function, bash, 17, 18
pingdevice function, PowerShell, 31
pipe (|), 17
.pl extension, 74b
POC (Proof of Concept) exploits, 223
Popen command, Python, 61
port scanners
bash
adding /dev/tcp/ support, 15–16
building, 16–17
improving, 18
PowerShell
building, 30–31
improving, 32
portcheck function, bash, 17, 18
$_POST array, PHP, 138–139, 147–149
post-exploitation scripting, 255–281
database post-exploitation, 270–280
Microsoft SQL Server, 278–280
MySQL, 271–278
SQL injection, 270–271
importance of, 255
Metasploit Meterpreter, 262–270
building script, 264–269
executing script, 269–270
returning shell, 262–264
network information gathering, 259–262
Linux, 261–262
Windows, 260–261
Windows shell commands, 255–259
adding users and groups, 258–259
listing users and groups, 256–258
PowerDump module, 177–178
PowerShell, 19–29, 161–180
arguments, 25
changing permissions in, 22, 22b, 22f
control statements, 26–27
conditionals, 27–28
looping, 28–29
execution policies, 161–166
bypassing, 162–165
getting in, 165
overview, 161–162
Hello World script, 22–23
Metasploit modules, 176–179
making use of, 178–179
overview, 177
PowerDump, 177–178
Windows gather PowerShell environment setting enumeration, 178
penetration testing uses, 166–176
event log interfacing, 168–169
file transmission over network, 169–171
process and service control, 166–168
Registry interfacing, 171–176
port scanners
building, 30–31
improving, 32
system entry, 165b–166b
variables, 23–25
PowerShell Integrated Script Editor (ISE), 21, 23f
pre HTML tag, 124–125
prepare method, Ruby, 120–121
print_r function, PHP, 141
print_status module, Metasploit, 239–240, 269
printf command, PHP, 142
proc file system, 104, 105b, 117
process class, 267
process control, PowerShell, 166–168
Proof of Concept (POC) exploits, 223
ps -p $$ command, 7
push command, Perl, 95
.py (Python) files, 38–39
PyPI (Python Package Index), 37b
Python, 35–68
arguments, 41–43
availability of, 36
control statements, 51
conditionals, 50f, 51–52
looping, 52
defined, 35–36
dictionaries, 46–51
exception handling, 55–56
exploitation scripting, 223
adding shellcode, 232–236
causing first crash, 225–228
controlling EIP, 230–232
debugging, 224–225
pattern_offset.rb tool, 228–230
returning shell, 236–237
software, 223–224
file manipulation, 54–56
formatting Python files, 38
functions, 52
lists, 44–46
modules, 40–41
network communications, 57–68
client communications, 57–59
Scapy module, 62–68
server communications, 59–62
running Python files, 38–39
usefulness of, 36–37
modules, 37
multiplatform scripting, 36–37
network scripting, 36–37
reusable code, 37
variables, 39–40
Python (.py) files, 38–39
Python Package Index (PyPI), 37b

R

r (read) function, Python, 54
read (r) function, Python, 54
reading files in Python, 55
readlink method, Ruby, 118
recv method
Python, 57–58
Ruby, 131
reflected XSS, 249
Regedit, 175, 175f
register_globals setting, PHP, 243–245
regular expressions (regex), Perl, 85–87, 88t, 203
Remote File Inclusion, See RFI
Remote Procedure Call (RPC) probes, 192, 193, 194f
RemoteSigned policy, PowerShell, 161, 162
$_REQUEST array, PHP, 138–139, 147, 148–149
request variable
PHP, 150
Ruby, 104, 110, 115–117
require_once setting, PHP, 150, 244
rescue keyword, Ruby, 116
Restart-Service cmdlet, PowerShell, 167
Restricted policy, PowerShell, 161
reusable code, Python, 37
reverse_tcp module, Meterpreter, 262–263
Rex::Parser::Arguments class, 264–265
RFI (Remote File Inclusion), 242–243
defined, 243
exploiting, 245
exploiting Autonomous LAN Party, 243–245
exploiting PHP scripts, 242–248
robots.txt file, parsing, 53
route command, Windows, 260
RPC (Remote Procedure Call) probes, 192, 193, 194f
rstrip method, Ruby, 107–108
Ruby, 99–135
arrays, 103–106
classes, 112–117
accessing class data, 115–117
building, 112–117
extending, 114–115
control statements, 106–109
database manipulation, 118–124
Active Record module, 121–124
DBI module, 119–121
file manipulation, 117–118
functions, 109–112
hashes, 103–106
network operations, 124–129
client communications, 124–126
server communications, 126–129
usefulness of, 99–100
variables, 102–103
constants, 103
floats, 103
integers, 103
symbols, 102
rubygems module, Ruby, 121, 122

S

salt value, 48
scanner scripting, 181–200
Nessus/OpenVAS, 196–199
NASL, 196
overview, 182
Netcat, 183–191
file transfer with, 187–191
implementations of, 183
overview, 181–182
usage of, 184–185
variants of, 184
Web servers, building with, 185–187
Nmap, 191–196
NSE files, 194–196
overview, 182
scripting engine, 194
service probes in, 191–194
overview, 181–183
Scapy module, Python, 62–68
scapy.all module, Scapy, 65, 65b
scope of variables
bash, 10
Perl, 83
PHP, 138
PowerShell, 24, 25f
script tag, PHP, 158
scripts (scripting languages), defined, 3
seek method, Python, 55
select module, Python, 60
select statement, Ruby, 121
self-signed certificates, 162b
semicolon (;), 75
send method, Python, 57–58
send_cmd method, Metasploit, 240
send_file method, Ruby, 130–131
_SERVER array, PHP, 144–145
server communications
Python, 59–62
service control, PowerShell, 166
service probes in Nmap, 191–194, 193t
$_SESSION array, PHP, 272
session handling, PHP, 251–252, 252b
Set- ItemProperty cmdlet, PowerShell, 174
setcookie function, PHP, 251–252
sh (Bourne shell), 6
shebang (#!), 8
shell commands, Perl, 76–79
shell scripts, defined, 3–4
shells
defined, 2
entering, 7
exiting, 7b
identifying, 7, 7f
locating, 8
PHP, building, 156–159, 159f
shift command, Perl, 83
short open (<?) tag, 139
show method, Scapy, 64
site: operator, Google, 207
sleep command, Perl, 77
SNMP scanners, Perl, 95f
building, 91–97
improving, 97
Socat, 184
splice command, Perl, 90
split method, Python, 44
sprintf function, PHP, 142b
SQLi (SQL injection), 270–271
Microsoft SQL Server, 278
reenabling xp_cmdshell stored procedure, 280
verifying vulnerabilities, 278–279
MySQL, 271–279
authentication bypass, 271–274
returning extra records, 274–278
overview, 270
sr method, Scapy, 63–64
sr1 method, Scapy, 63–64
Stack Pointer (ESP register), 225, 227, 232
StackAdjustment option, Metasploit, 239
Start-Process cmdlet, PowerShell, 167
Start-Service cmdlet, PowerShell, 167
stat command, Perl, 76–77, 77b
Stop-Process cmdlet, PowerShell, 167
Stop-Service cmdlet, PowerShell, 167
stored XSS, 248–249
strftime method, 266
string comparisons, defined, 13
string functions, Python, 39, 40, 40b, 40f
strings utility, 203, 213, 213f, 214, 215f
subnetting, 44–46
substr function, PHP, 157
super method, Ruby, 131
switch statement, PowerShell, 27–28, 28f
symbols, Ruby, 102–103
sys module, Python, 41
system command, PHP, 154

T

-t exe option, Meterpreter, 262–263
tasklist command, Windows, 261
TCPServer accept method, Ruby, 127
TCPServer class, Ruby, 126
TCPServer open method, Ruby, 127
TCPSocket open method, Ruby, 126
tcsh (TENEX C shell), 5
tell method, Python, 55
Telnet, 198, 198f
TENEX C shell (tcsh), 5
text editors, 8, 9f, 21, 23f
Perl, 71
Python, 38
text handling, Perl, 70
text-based shells, 2, 2f
Time class, 266
timestamps, manipulating, 76–79, 78f
to_i method, Ruby, 101–102
to_s method, Ruby, 101
touch command, Perl, 76, 77
touch outfile command, PHP, 252
try catch structure, PowerShell, 31
try keyword, 55–56, 56
tunnel_peer value, 266

U

UDPSocket class, Ruby, 104
UNIX-like shells, 5–7
Bourne-compatible, 6
C shell-compatible, 5
miscellaneous, 6–7
working with, 7
unpack method, Ruby, 101, 101b, 114
Unrestricted policy, PowerShell, 161–162
until loop, Ruby, 108
up_hosts array, Ruby, 105, 106
update_info method, Metasploit, 238
user management, Windows, 256
adding users and groups, 258–259, 259b, 260f
listing users and groups, 256–258
utime command, Perl, 77

V

variables
bash, 10, 11f
Perl, 75–76
PowerShell, 23–25
Python, 39–40
constants, 103
floats, 103
integers, 103
symbols, 102–103

W

w (write) function, Python, 54
War-FTPD software, 223–225, 226f, 229, 236f, 240f, 242f
watch command, 42
Web automation with Perl, 209–212
overview, 209–212
WWW::Mechanize module, 210–212
Web Developer Toolbar, 250–251, 251b
Web scripting with PHP, 137–159
command execution, 154–156
control statements, 142–145
file handling, 150–153
form handling, 147–148
functions, 145–147
output, 142
scope, 138
usefulness of, 137–138
variables, 140–141
Web servers
building with Netcat, 185–187, 186b, 187f
investigating, 109–112, 138
wget command, Perl, 89
while loop, 267
bash, 14–15
Netcat, 186
Perl, 84, 90–91
PHP, 145
Python, 52
Ruby, 108, 131
whitespace-sensitivity, Python, 35b
Windows, 255–259
network information gathering, 260–261
user management, 256–259
adding users and groups, 258–259
listing users and groups, 256–258
Windows gather PowerShell environment setting enumeration module, 178
Windows Management Instrumentation Command-Line (WMIC), 257, 257b
Windows Registry, interfacing with PowerShell, 171–176, 172f, 173f, 174f, 176f
Windows scripting, See Microsoft shells
windump -a command, 269–270
windump -h command, 269–270
WMIC (Windows Management Instrumentation Command-Line), 257, 257b
wmic command, 257, 257b, 258, 267–268
write (w) function, Python, 54
Write-Output cmdlet, 23
writing to files in Python, 55
WWW::Mechanize module, Perl, 212f, 210, 220

X

XNU, 5b
xp_cmdshell procedure, Microsoft SQL Server, 278–280
XSS (Cross-Site Scripting), 248–253
defined, 248–249
exploiting, 248–253, 250f, 251f, 253f

Z

Z shell (zsh), 6
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.172.38