Hello, everybody. And welcome to the episode number five off the icy beakers. Bushell
My name is Alejandro Gonna and I'll be your instructor for today's session.
The Learning Operatives of Decision is to understand some well known bash commands created understand some bash script and be able to create your own scripts are to be used in your penetration testing process.
So let's get a starter.
Okay, so let me clear. Here. Um well, you can run bash script from the terminal or about actually executed at Bash File. For example, the most basic commands the Cookman, which will just bring whatever you passed to, you know, today. Actual command. So, for example, Hello.
And you know nothing. Friends here used to actually bring that. Let's create that in a bash file or, you know, bash script first will use the Nano Tech center. You can use any other Richard like them. Boom would use Nano for these sessions.
Eso basically the basic command as to let me just remove
and created, you know, again nothing that actually they decide they want the file doesn't exist. The bash file, I mean and so created with Nano.
Ah, and you know, we'll tell him that whatever we seen this file, it will be executed with the bash
and, you know, just echo on.
We exit, we save it. And you know, we will do use now ch mode to assign permissions. Seon Schmo, Disa commanders, You know, uh,
its uses symbolic permissions. Ah, to assign into the user you know, which we're using right now, as you can see its root. You know, you could be using any other user
to the group itself and any other command. I'm sorry, user process demon. Whatever is running in your Kali environment. So three type of you noticed Reset of permissions for your user, for the group and for any other entity or command, or I'm sorry. User processor demon
being executed in your car. The environment. Um and you can use three different numbers to assign from permissions. For example, if you use the number four, you will be assigning rate permissions.
If you use the number two, you will be assigning right permissions and use. If you use the number one, you will be assigning execute permissions.
Ah, but what happens if you want to assign all of them. Well, geek is, just perform an addition and, you know, four plus two plus one and will be seven. And you will be assigning all the permission. So, for example, for this specific, um, let me just
show it to you here, Savory. He doesn't have execute permissions or any other permissions at all. Um,
but what happens if I want to sign execute permissions to all of the users or I want to sign all the provisions to all the users? All the groups and any other brasses are application. Are user being executed in your Carly environment? Well, I can simply just type
th mode 777 Remember, the 1st 1 is for the user. The 2nd 1 is for the group and the 3rd 1 eyes for any other process or divan. Our user in the Kylie environment.
So, in this case, thesis
bus, ex script, I will. You know, everybody will have right, right and execute permissions over this cyber a script.
And if we type unless again, as you can see, it's now green indicating that it can be executed.
Um, so just executed Reno
and you will just print Hello, Cy Berry. As we just input a simple recommend. Eso
Let's see, you know, how can introduce loops in due in this bash script. First of all, let's start with the most simple A little Pikus, which is
we erased that here,
which is the wild loop, for example. That's just start the variable end, which is equal to one. And then we can just type
Well, this, um the variable end
equals five or the is five.
Ah, we just do here. I'm sorry
and we just another and increment that by one
we exit was safe. And since he already has executed provisions by anybody
with type it and we're running and as you can see five times, nothing fancy here,
um, you let's see, How can this be done
and we just erase everything here and Ford open parenthesis.
scraping there, Sarah
and counter meaning my dash dash.
We closed parenthesis. We do something here, which isn't. This case is print the number
and we're done and just print.
If so, we can leave a space in between.
that's executed. And
let's see. Well, that's two ways. You can use loops in a bash
script. You can actually use any other you know, loops. Or maybe you can actually, you know, use a combination of both or ah, loop in other loops to create any other test. You may 1. Uh, but let's see, we can actually get an input from from the
command line from the terminal.
So let me just again here and eliminate all of this. And let's start with simple echo. Sorry.
up another Seth parenthesis. And here we type,
and to the cyber very
We save it, and we ran it. Entered your name.
Welcome. 100 to the cyber class. A simple is that you know, you can also use, uh, let me just eliminate this.
You can also use if statements or you can actually Yeah. You can actually use Eva's statement and combine it with an and logic or off or logic. I'm sorry.
let me just give you a single example again. We'll be reading a username.
time sort of user in,
enter password re bus work.
And, you know, if let's start the if statement here,
Let me just copy that. Because the lead with a lefty.
if user name is equals at mean and
password is equal secret on then Bali user, otherwise invalid user,
executed, entered, uh,
secret, then valley users, if I put something else,
involve the user. So as you can see, you can use an if statement while getting input from the terminal. So it's a simple is that
you can apply the same logic while using the order statement. Or you can also use cases statements just like any other programming language mean it. Maybe you don't want to use several. If so, you want to use a case statement, you can also do that on the bashes script.
Uh, you know, Bash script can read common line arguments like any other again Any other programming language. Let me just give you another example here have Could we do that? I mean, other than just typing read
may just give you an example of that echo on total arguments,
and we read number of arguments
number one, which is will be the first argument echo, you know, just to give you an example. Second,
our human equal, I'm sorry
equals to second and a man and a simple is that
we save it were executed, and I didn't buy any arguments of zero arguments. But, for example, all the Han Drew.
and two arguments. A simple is that, As you can see, this is a really powerful tool you can use. I mean, I get that you can use any other tools to perform your task, but you can also, uh, you know,
use other tools inside off a bashes script.
Let me just give you an example. A really useful example. I mean, this may be short, but, you know, you can introduce any other tools or are humans you want.
but then he just raised that here.
And let's start. If so, first of all, I will like to know if the user is actually typing any input. If it's not Woods show and accept an exception. Not an exception, but a message.
the top, the input or the length of the input is actually zero.
So I will actually praying the message. Just end. Ah, Echo. Sorry.
you have to enter a ballot. Sssh! Surfer.
The D N s being used,
and we executed command. Remember? With that, we saw the command that we saw out earlier in the curse that we can actually ah, pass any specific a man or to tell sshh not to love give specifically but to actually look in
Get the command. And this just showed showers the output of that command.
I was looking into the, uh
that. These were once type
and then read that I'll put two at the n s
Let's see what happens
as such, ever. You have to enter a ballad. Shh! Server getting Intersil. It's just entered a plea of my Windows server.
And since you know I said she needs a buzzword. I just
We'll take the bus here. Oh, there you have a d n a suffix connection specific. The NSF ICS Indian. A server.
Ah, some using a virtualized environment. The DNC issue? No,
the he provide I provide, sir. But, you know, in this case, in another case, you might be,
uh do my want to type
any other man. Or maybe you were just wants to connect to and specific machine enough. As you can see, you can do it, everyone. Ah, unabashed script. You have the capability of doing that. And maybe you just want a piece that you can use tools like, um, Adle decay or, ah, seed or sad.
Any other tool to actually grab this output and put it in a more useful way Or any other command actually just wants to look in an ***.
You know, you can imagine just let your imagination fly.
Yeah. You know, if you don't want a past, you know what a pass a pass award itself, or you want to pass it on the script, you can use tools like as such passed. I didn't use it here because I just wanted to show you a real simple example. But you can use sssh past two positive possible through the common line. And you don't want to, you know, type it
and you do any any other menial stuff you can just,
you know, use that tool.
Ah, What? It's Nana will. No, no, it's a text editor you can use. You can use Beam or any other text editor. You may 1 banana is one of them.
What task is performed by the CH mode 777 and file command. We'll remember that we talk about it. Ah, ch mode is a tool or a command you can use to assign permissions to a specific file. 777 is just the addition. You know, four plus two plus one.
Ah, four means that you're given re permissions to means you're It means that your ribbon given right permissions
and one means that you're giving execute permissions.
So the addition of these three permissions gives gives you seven and the 1st 7 is for the user. The 2nd 7 is for the group and this thirst sevens for any other process
application user being, you know, that is actually injure Callie or injure leanings environment.
Can you actually use loops and ifs a statement in a bash script? Yeah, actually bash. You know, when your programming and bash you can use several of the other logic or any other other commands that you can use an air of you other programming language, like a python pearl, Java
Z plus plus or whatever,
but yeah, you can use that.
Uh, in this video, we saw the basic task you can perform with bash commands and bash scripts.
Ah, we also have to use the power word of the bath script in your penetration testing process. I mean, you can use any other commands we saw example with the S S H man. But you can use any other command you want. Maybe Dudley, get Thio Donnell out and specific file. I know.
Let your imagination flights at the end. That's what penetration testing is all about.
Ah, supplemental materials again over the war over the wire war games. You will see these a lot because in the first, when you're starting to penetration, testing path or your career, you have to be very familiar with the basic commands you can execute um,
in your leanest environment. I mean, I'm I will do that. I will do my best to show you the most use ones or the most common ones.
But believe me, there's tons off other commands you can actually execute or use in your penetration testing world.
Looking forward in the next video, we'll see some scenarios implementing several techniques that we have covered so far, like
bashes, scripts and, you know, leading service's leanings commence. We'll see a combination off them, and we'll see how king we actually use that in a penetration testing process.
Well, that's it for today, folks. I hope you enjoyed the video and hope to see you soon.