Andress Jason - Coding for Penetration Testers

Jason Andress (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds. Presently he carries out information security oversight duties, performing penetration testing, risk assessment, and compliance functions to ensure that critical assets are protected. He has taught undergraduate and graduate security courses since 2005 and holds a doctorate in computer science, researching in the area of data protection. He has authored several publications and books, writing on topics including data security, network security, penetration testing, and digital forensics.

Ryan Linn (OSCE, GPEN, CCNP Security, CISSP) is Director of Advanced Tactics and Countermeasures, part of Nuixs Cyber Threat Analysis Team. With nearly 20 years of experience in information security, he has led high-performing teams in conducting advanced attack simulation and penetration testing for corporations in all industry verticals, including Fortune 100 organizations. He previously worked as a database administrator, Windows and UNIX systems administrator, network engineer, web application developer, systems programmer, information security engineer, and penetration tester. He is an established security researcher who programs for various open source projects including Metasploit, Ettercap, and the Browser Exploitation Framework. He has spoken at numerous security conferences and events, including Blackhat and DEFCON, and has presented to the United States Secret Service Electronic Crimes Task Force. He is also an adjunct professor at Southern Utah University.

Syngress is an imprint of Elsevier

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, United States

Copyright 2017, 2012 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

ISBN: 978-0-12-805472-7

For Information on all Syngress publications visit our website at https://www.elsevier.com

Publisher: Todd Green

Acquisition Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Production Project Manager: Punithavathy Govindaradjane

Designer: Mark Rogers

Typeset by MPS Limited, Chennai, India

I would like to thank Anna and the folks at Syngress for all of their contributions and assistance through this process. Thanks to Heather for her support; without your aid, Im not sure this book would have ever happened. Thanks to Ed, Kevin, HD, JCran, Egypt, Wade, Don, CG, JJ, Brian, and the other mentors who have helped me along my security career; all of your generosity and patience have helped me grow to a point where I can share with others. Thanks to the security community for being a generally awesome group of people who are willing to share knowledge and skills. To L0pht, Offsec, Corelan, and other security researchers of today, thank you for the knowledge sharing and explanations that are always pushing folks to learn more; thanks for bringing your knowledge to the rest of the community so that we can all learn. Thanks to Andrew, Tom, and the rest of my coworkers at Nuix for your ideas and support. Last, but not least, I would like to thank my family. Thank you all for your support, guidance, cheering, and, oh yeah, making sure I made it this far without being eaten by wolves.

Ryan Linn

To Clara, thank you for always adventuring with me.

Jason Andress

Second Edition

Jason Andress

Ryan Linn

Book Overview and Key Learning Points

Book Audience

How This Book Is Organized

What sets a good penetration tester apart from an average one is the ability to adapt to the ever-changing landscape within which we live. One aspect of this adaptability is the skill to build, extend, and manipulate scripts and applications encountered in the field. Whether tools already exist to accomplish a task, or one needs to be built to take advantage of a new vulnerability, the ability to build and extend tools in a variety of scripting languages is important. Each of the first five chapters of this resource delves into a different scripting language that we may encounter while performing penetration tests.

Through investigating the core aspects of each language, either on Microsoft platforms, or on Linux platforms such as Kali 2.0, each chapter brings to light the power and strengths of each language. We will use these strengths to build a series of scripts to help us understand the intricacies of each language, and in most cases develop a basic tool that we can use and extend while penetration testing. Whether it is through shell scripting, Python, Perl, Ruby, or PHP, we will cover the basics of each language and discuss topics such as output handling, loops and control statements, networking, and command execution.

Once the core language concepts have been covered, Coding for Penetration Testers tackles the core tasks of penetration testing. While covering scanner scripting and information gathering, we will discuss tools such as Nmap and Nessus and use the scripting languages behind them to extend the capabilities of both tools. Information gathering is one of the first and most important steps of a penetration test. We dont know what were attacking until we do the initial research. , investigates how to automate information gathering tasks to be more effective and to have repeatable results.