Close this search box.
Close this search box.

Linux Essentials, Part 7: BASH Scripting Basics

In our ongoing series ‘Linux Essentials’, designed to introduce Linux for hacking purposes, we’ve covered various aspects from basic to more advanced topics. If you’re new to this series, I recommend checking out Parts 1-6 to build a solid foundation.

As we venture further, it’s crucial to note that scripting is an indispensable skill for any hacker or Linux administrator. With the rising significance of Windows PowerShell, even Windows admins are embracing scripting for automation and efficiency. For hackers, scripting across various languages like Ruby, Python, and Perl is key to automating tasks, creating hacking tools, and ultimately developing exploits.

Step 1: Understanding Shells

A shell is an interface to the operating system, allowing the execution of commands, programs, and file manipulation. Linux offers various shells, but we’ll focus on the Bourne Again Shell (BASH), prevalent across most Linux and UNIX systems.

Step 2: BASH Basics

Creating a shell script starts with a text editor. Linux has several, like vi, vim, emacs, and gedit. For these tutorials, I’ll use Leafpad, but feel free to use any editor of your choice without affecting the script’s functionality.

Step 3: BASH Commands

BASH includes its own set of commands, like :, ., break, cd, continue, eval, exec, exit, export, getopts, hash, pwd, readonly, return, set, shift, test, [, times, trap, umask and unset,alias, bind,builtin, command, declare, echo, enable, help, let, local, logout, printf, read, shopt, type, typeset, ulimit and unalias. These will be detailed in future tutorials, but it’s important to know that BASH has built-in commands specific to its environment.

Step 4: Adding Comments

Comments in scripts are notes for clarification and aren’t executed by the interpreter. In BASH, comments are marked by “#”. For instance, marking a script as your first can be done as follows:

Step 5: Simple Script – ‘Hello, Cyber-World!’

Let’s start with a basic script that outputs “Hello, Cyber-World!”. We begin with a shebang (#!) followed by /bin/bash, indicating the use of the BASH interpreter.

#! /bin/bash
echo "Hello, Cyber-World!

Save this as HelloCyberWorld and exit from the text editor.

Step 6: Setting Execute Permissions

New files aren’t executable by default. Check permissions using ls -l:

kali > ls -l

To add execute permissions, we use chmod: sudo chmod 755 HelloCyberWorld

Step 7: Running the Script

To execute the script, type: ./HelloCyberWorld

Step 8: Using Variables

Variables in scripts store changeable data. Let’s now create a script using nmap to scan for vulnerable machines with a specific open port.

This script is designed to methodically scan a series of IP addresses, specifically searching for an open port 5505 – a vulnerability associated with the Aloha POS system’s tech support. It compiles a report listing all IP addresses that have this particular port open. Currently, the range of IP addresses is fixed or ‘hard coded’ into the script, meaning any changes to this range require manually editing the script file.

Step 9: Incorporating User Input in Our Script

What if we want to customize our script to allow for dynamic input of IP ranges and ports? This modification would make our tool versatile and interactive. Let’s introduce two variables, ‘FirstIP’ for the starting IP address and ‘LastIP’ for the last IP address in the range. It doesn’t matter what we name our variables, but it’s good practice to choose names that reflect their content for easy recall.

We’ll also need a variable for the port number, let’s name it ‘port’. These variables will act as placeholders for user-provided values before executing the scan.

Now, let’s guide the user to input these values. We’ll use the echo command to prompt the user:

echo “Enter the starting IP address :”

When the user sees this prompt, they’ll input the starting IP address. To capture this input, we follow the prompt with a read command and the variable name:

read FirstIP

This command assigns the user’s input to the ‘FirstIP’ variable, which we can then use within our script.

We’ll replicate this process for the ‘LastIP’ and ‘port’ variables, prompting the user and capturing their input:

echo “Enter the last IP address :”
read LastIP

echo “Enter the port number :”
read port

With the inputs stored, we adjust our nmap command to use the new variables, denoted by the $ symbol:

nmap -sT $FirstIP-$LastIP -p $port -oG Aloha

With these changes, the script now scans a range of IPs from ‘FirstIP’ to ‘LastIP’ for the ‘port’ specified by the user. Let’s save this enhanced script as Scannerscript.

Step 10: Executing the Script with Variable Inputs

To run our versatile scanning script, simply execute: ./Scannerscript

The script will ask for the start and end of the IP range and the port to scan. After inputting these details, it conducts the nmap scan and compiles a report listing all IPs with the specified port open.

Stay Tuned for More ‘Linux Essentials’

Be sure to save this script, as we will further refine it in upcoming tutorials, adding more functionality as we delve deeper into Linux and shell scripting for hackers.

Leave a Reply

Your email address will not be published. Required fields are marked *