Notes

Sec10 - Scripting Basics

3 min read

Scripting Basics

Automation tools for penetration testing: shells, scripting languages, and pseudocode.

Shells & Programming Languages

  • Purpose: Automate tasks, schedule recurring actions, simplify repetition
  • Exam Focus: Read and understand scripts (Bash, PowerShell, Python, Ruby, Perl, JavaScript) rather than author from scratch

Bash

  • Unix-like shell scripting
  • Elements: Variables, loops, conditionals, functions
  • Example: 
    #!/bin/bash
echo "Pulling NetworkManager entries..."
grep "NetworkManager" /var/log/syslog \
  | cut -d " " -f1-5 > netman-log.txt
echo "NetworkManager log file created!"

#### PowerShell
- Windows command shell & scripting
- **Elements**: Cmdlets (Verb-Noun), variables, loops, functions
- **Example**:
    ```powershell
    Write-Host "Retrieving login failures"
    Get-EventLog -LogName Security -Newest 5 -InstanceId 4625 \
      | Select-Object TimeWritten,Message \
      | Out-File C:\log-fail.txt
    Write-Host "File 'log-fail.txt' has been created"
    ```

#### WMIC
- Remote Windows WMI queries
- **Example**:
    ```powershell
    wmic ntevent where "LogFile='Security' AND EventType=5" \
      get SourceName,TimeGenerated,Message
    ```

#### Python & Ruby
- Interpreted, high-level, general-purpose
- Ideal for text manipulation, file I/O, quick scripts

#### Perl
- Text-processing powerhouse with CPAN modules
- Suited for one-liners and complex regex tasks

#### JavaScript
- Web scripting (browser + Node.js)
- **Variants**: ReactJS (frontend), NodeJS (backend)

---

### Variables & Data Types
- **Variables**: Store mutable data; named references
- **Constants**: Immutable values (e.g., `PI`)

**Data Types**:
- **Boolean**: `true`/`false`
- **Integer**: `-3`, `42`
- **Float**: `53.22`
- **Character**: `'A'`
- **String**: `"Jason"`

Generalized code outline independent of syntax.
- **Variables**: `firstname = "Jason"`
- **Constants**: `PI = 3.14159`

---
### Loops

Control structures for repeated execution:
- **For Loop**: known iterations
    ```pseudocode
    For i = 1 to 10
      OUTPUT i
    Endfor
    ```

- **While Loop**: condition-tested start
    ```pseudocode
    i = 0
    While i < 10
      OUTPUT i
      i = i + 1
    Endwhile
    ```

- **Do Loop**: condition-tested end
    ```pseudocode
    i = 0
    Do
      OUTPUT i
      i = i + 1
    Until i > 10
    ```

---

### Logic Control

Conditional execution using logical tests:
- **Boolean Ops** (`AND`, `OR`, `NOT`)
- **Examples**:
    ```pseudocode
    IF isAuthenticated = true THEN
      OUTPUT "Access granted."
    ELSE
      OUTPUT "Access denied."
    ENDIF
    ```

    ```pseudocode
    IF minutes > 60 AND minutes < 120 THEN
      OUTPUT "Between 1–2 hours completed."
    ELSE
      OUTPUT "Outside range."
    ENDIF
    ```

---

### Data Structures

- **JSON**: key-value pairs & arrays

    ```json
    {"firstName":"Jason","age":35}
    ```

- **Arrays**: ordered lists (`name[0]`)
- **Dictionaries**: key→value maps (`phoneBook["John"]`)
- **CSV**: comma-separated text records
- **Lists**: heterogeneous sequences with indexing
- **Trees**: hierarchical nodes with children

---

### Object-Oriented Programming

Modular code with **classes** and **objects**:

- **Class**: blueprint (e.g., `class Car`)
- **Object**: instance (`redCar = Car("red","sedan")`)
- **Methods**: functions tied to objects

**Example (Python)**:

```python
class Car:
  def __init__(self,color,type):
    self.color = color
    self.type = type
  def describe(self):
    print(f"This car is a {self.color} {self.type}")

red_car = Car("red","sedan")
red_car.describe()

Libraries

Reusable code packages:

  • Example: Networking in Python 
    import socket
s = socket.socket()
s.connect(("example.com",80))

Graph View