Index
Note: Page numbers followed by f indicate figures, t indicate tables and b indicate boxes.
Symbol
- - (comment character),
273
# (comment character)
#! (shebang),
./ prefix,
+ (concatenation operator),
38
< symbol
A
a (append) function, Python,
54
-a flag
advanced operators, Google,
206–207
allow_url_include setting, PHP,
243
AllSigned policy, PowerShell,
161–162
append (a) function, Python,
54
$args array, PowerShell,
25–26
arguments
ARGV structure
arrays
authentication bypass, MySQL,
274f
B
bash (Bourne-again shell),
adding /dev/tcp/ support to,
15–16
Hello World script,
overview,
port scanners
bind method
block technique, Ruby,
110
Bourne, Stephen,
Bourne shell (sh),
Bourne-again shell,
See bash
Bourne-compatible shells, .
See also bash
C
C shell (csh),
C shell-compatible shells,
cd (change directory) command,
171,
172
channelized argument,
268
chomp function, Perl,
75–76
CIDR (Classless Inter-Domain Routing) addresses,
44–46,
283
classes
Classless Inter-Domain Routing (CIDR) addresses,
44–46,
283
Clear-EventLog cmdlet, PowerShell,
169
client communications
command execution
command shell scripting,
1–33
adding /dev/tcp/ support to,
15–16
Hello World script,
control statements,
26–29
Hello World script,
22–23
scripts, defined,
shells, defined,
Bourne-compatible shells,
C shell-compatible shells,
working with,
comment character (- -),
273
comment character (#)
communicate function, Python,
61
comparison operators, bash,
13t
compiled programming languages,
concatenation operator (+),
38
conditional operators, Python,
50f
conditional statements (conditionals)
connect method, Ruby,
120
Constant class, Ruby,
103
control statements
Cross-Site Scripting,
See XSS
csh (C shell),
D
database manipulation with Ruby,
118–124
database post-exploitation,
270–280
db_create variable, Ruby,
120
def statement, Python,
52
/dev/tcp/ support, adding to bash,
15–16
dict function, Python,
50,
50f
dictionaries, Python,
46–51
dir command, PowerShell,
171,
172
discovery automation, Google,
207–209
E
echo command
error handling, Ruby,
116b
establish_connection method, Ruby,
122
event log interfacing, PowerShell,
168–169
exception handling, Python,
55–56
Exchangeable Image File Format (EXIF) data,
215
execution policies, PowerShell,
161–166
EXIF (Exchangeable Image File Format) data,
215
command execution vulnerabilities,
246–248
F
Falstad, Paul,
file handling and manipulation
file transfer protocol,
See FTP
file_local_write function,
269
filetype: operator, Google,
207,
214
FileUtils mkdir_p method,
266
for loop
foreach loop
ForEach-Object cmdlet, PowerShell,
175
Fox, Brian,
FTP (file transfer protocol),
134f
functions
G
generate command, Meterpreter,
262–263
get_ip_address function, Perl,
84
get_process method, Ruby,
267
get_raw_address function, Perl,
83
get_request function, Perl,
96
get_snmp_info function, Perl,
96
getaddrinfo function, Python,
58
getDenies function, Python,
53
Get-ItemProperty cmdlet, PowerShell,
174
getpwuid method, Ruby,
118
Get-Service cmdlet, PowerShell,
167,
168f
GHDB (Google Hacking Database),
206
global variables
bash
modifying scripts to make use of,
10
gluing applications together, ,
70–71
Google Hacking Database (GHDB),
206
graphical shells,
Green, Ken,
H
hashlib module, Python,
40b
Hello World script
hives, Windows Registry,
171,
172
HKEY_CLASSES_ROOT (HKCR) hive, Windows Registry,
171
HKEY_CURRENT_CONFIG (HKCC) hive, Windows Registry,
171,
173f
HKEY_CURRENT_USER (HKCU) hive, Windows Registry,
171
HKEY_USERS (HKU) hive, Windows Registry,
171
htmlspecialchars function,
249
httplib module, Python,
41
HTTP::Request module, Perl,
208
I
ICMP (Internet Control Message Protocol) packets,
63–68
if else statement, PowerShell,
27
if statement
if/elsif/else conditional block, Ruby,
107
implode function, PHP,
157
include function, PHP,
150
include_once function, PHP,
150
automating Google discovery,
207–209
sources of information,
202
information_schema database, MySQL,
275,
276,
277f
initialize method, Ruby,
112,
130
Internet Control Message Protocol (ICMP) packets,
63–68
interpreted programming languages,
IP addresses
changing number format,
83–84
ipconfig command, Windows,
260
is_srvrolemember stored procedure, Microsoft SQL Server,
279
ISE (PowerShell Integrated Script Editor),
21,
23f
J
join function, Python,
46
K
key-value pairs, specifying,
50,
50f
Korn, David,
Korn shell (ksh),
L
LFI (Local File Inclusion),
243
link: operator, Google,
207
Linux, network information gathering,
261–262
listen method, Python,
60
Local File Inclusion (LFI),
243
local variables
bash
modifying scripts to make use of,
10
looping
LWP::UserAgent module, Perl,
208
M
MAC addresses
management information base (MIB), defined,
95–96
map function, Python,
45,
46
Windows gather PowerShell environment setting enumeration,
178
MIB (management information base), defined,
95–96
Microsoft shells (Windows scripting),
18–21
control statements,
26–29
Hello World script,
22–23
Microsoft SQL Server,
278
reenabling xp_cmdshell stored procedure,
280
Microsoft Windows. See Windows; Windows Registry, interfacing with PowerShell
modules
Windows gather PowerShell environment setting enumeration,
178
Msf::Exploit::Remote class, Metasploit,
238,
239
msfpayload script, Metasploit,
233f,
234
multiplatform scripting, Python,
36
authentication bypass,
271
N
character combination, Perl,
74
net command, Windows,
256
net group command, Windows,
258
net localgroup command, Windows,
258
Web servers, building with,
185–187
Net::HTTP module, Ruby,
110
Net::Ping module, Perl,
80,
82,
83
Net::SNMP module, Perl,
94,
96
netstat command
network information gathering,
259–262
network operations
client communications,
57–59
server communications,
59–68
network scripting, Python,
36–37
Nmap::Parser module, Perl,
70–71
O
OptionParser class, Python,
42,
43,
43f
optparse module, Python,
41,
43
Organizationally Unique Identifier (OUI),
89,
90
OUI (Organizationally Unique Identifier),
89,
90
Out-File cmdlet, PowerShell,
175
output file formats, Perl,
70–71
P
passthru command, PHP,
154
passwords
determining which users have default,
46
fields in password file,
47b
compiling Perl scripts,
72–73
control statements,
79–80
extending Perl scripts,
72
file input and output,
87–91
Hello World script,
73–75
locating interpreter,
73–74
regular expressions,
85–87
SNMP scanners
special characters in,
75t
gluing applications together,
70–71
Personally Identifiable Information (PII),
70
PHP
command execution vulnerabilities,
246
php_include module, Metasploit,
245
PII (Personally Identifiable Information),
70
ping function
pingcheck function, bash,
17,
18
pingdevice function, PowerShell,
31
POC (Proof of Concept) exploits,
223
Popen command, Python,
61
port scanners
bash
adding /dev/tcp/ support,
15–16
PowerShell
portcheck function, bash,
17,
18
post-exploitation scripting,
255–281
database post-exploitation,
270–280
network information gathering,
259–262
control statements,
26–27
Hello World script,
22–23
Windows gather PowerShell environment setting enumeration,
178
file transmission over network,
169–171
process and service control,
166–168
port scanners
PowerShell Integrated Script Editor (ISE),
21,
23f
print_r function, PHP,
141
process control, PowerShell,
166–168
Proof of Concept (POC) exploits,
223
ps -p $$ command,
.py (Python) files,
38–39
PyPI (Python Package Index),
37b
exception handling,
55–56
exploitation scripting,
223
formatting Python files,
38
network communications,
57–68
client communications,
57–59
server communications,
59–62
running Python files,
38–39
multiplatform scripting,
36–37
Python (.py) files,
38–39
Python Package Index (PyPI),
37b
R
r (read) function, Python,
54
read (r) function, Python,
54
reading files in Python,
55
readlink method, Ruby,
118
recv method
register_globals setting, PHP,
243–245
Remote File Inclusion,
See RFI
Remote Procedure Call (RPC) probes,
192,
193,
194f
RemoteSigned policy, PowerShell,
161,
162
request variable
require_once setting, PHP,
150,
244
rescue keyword, Ruby,
116
Restart-Service cmdlet, PowerShell,
167
Restricted policy, PowerShell,
161
reusable code, Python,
37
reverse_tcp module, Meterpreter,
262–263
Rex::Parser::Arguments class,
264–265
RFI (Remote File Inclusion),
242–243
exploiting Autonomous LAN Party,
243–245
robots.txt file, parsing,
53
route command, Windows,
260
RPC (Remote Procedure Call) probes,
192,
193,
194f
rubygems module, Ruby,
121,
122
S
Web servers, building with,
185–187
Scapy module, Python,
62–68
scapy.all module, Scapy,
65,
65b
scope of variables
scripts (scripting languages), defined,
select module, Python,
60
select statement, Ruby,
121
self-signed certificates,
162b
send method, Python,
57–58
send_cmd method, Metasploit,
240
server communications
service control, PowerShell,
166
$_SESSION array, PHP,
272
Set- ItemProperty cmdlet, PowerShell,
174
sh (Bourne shell),
shebang (#!),
shell commands, Perl,
76–79
shell scripts, defined,
3–4
shells
defined,
entering,
locating,
site: operator, Google,
207
sprintf function, PHP,
142b
Microsoft SQL Server,
278
reenabling xp_cmdshell stored procedure,
280
StackAdjustment option, Metasploit,
239
Start-Process cmdlet, PowerShell,
167
Start-Service cmdlet, PowerShell,
167
Stop-Process cmdlet, PowerShell,
167
Stop-Service cmdlet, PowerShell,
167
string comparisons, defined,
13
substr function, PHP,
157
switch statement, PowerShell,
27–28,
28f
T
-t exe option, Meterpreter,
262–263
tasklist command, Windows,
261
TCPServer accept method, Ruby,
127
TCPServer class, Ruby,
126
TCPServer open method, Ruby,
127
TCPSocket open method, Ruby,
126
tcsh (TENEX C shell),
TENEX C shell (tcsh),
touch command, Perl,
76,
77
touch outfile command, PHP,
252
try catch structure, PowerShell,
31
U
UDPSocket class, Ruby,
104
Bourne-compatible,
C shell-compatible,
working with,
Unrestricted policy, PowerShell,
161–162
up_hosts array, Ruby,
105,
106
update_info method, Metasploit,
238
user management, Windows,
256
V
variables
W
w (write) function, Python,
54
Web servers
whitespace-sensitivity, Python,
35b
network information gathering,
260–261
Windows gather PowerShell environment setting enumeration module,
178
Windows Management Instrumentation Command-Line (WMIC),
257,
257b
WMIC (Windows Management Instrumentation Command-Line),
257,
257b
write (w) function, Python,
54
writing to files in Python,
55
X
xp_cmdshell procedure, Microsoft SQL Server,
278–280
XSS (Cross-Site Scripting),
248–253
Z
Z shell (zsh),