Scripting for the Ambitous Hacker, Part 1 (BASH Basics)


Welcome back, my greenhorn hackers!

Recently, I asked the Tech and Security community what subject they would most like me to cover in future tutorials. Many of you cited scripting, and I decided it’s best to cover this subject soon, so here goes.

Any self-respecting hacker must be able to script. For that matter, any self-respecting Linux administrator must be able to script. With the arrival of the Windows PowerShell, Windows administrators are increasingly required to script as well perform automated tasks and be more efficient.

As a hacker, we often need to automate the use of multiple commands, sometimes from multiple tools. To become an elite hacker, you not only need to have advanced shell scripting skills, but also the ability to script in one of the widely-used scripting languages such as Ruby (Metasploit exploits are written in Ruby), Python (many hacking tools are Python scripts), or Perl (Perl is the best text manipulation scripting language).

This is the first of a new series I’m starting in scripting. We will start with basic shell scripting, move to advanced shell scripting, and then to each of these scripting languages developing hacking tools as we go. Our ultimate goal will be to develop enough scripting skills to be able to develop our own exploits.

In a previous post, I showed you how to put together a simple script using nmap to scan a range of IP addresses to check for a particular port availability. We will need that script here, as we will be adding new functionality to it after completing some preliminaries.

Step 1:- Types of Shells

A shell is an interface between the user and the operating system. This enables us to run commands, programs, manipulate files, etc.

There are a number of different shells available for Linux. These include the Korn shell, the Z shell, the C shell, and the Bourne again shell (or BASH).

As the BASH shell is available on nearly all Linux and UNIX distributions (including Mac OS X, BackTrack, and Kali), we will be using the BASH shell, exclusively.

Step 2:- BASH Basics

To create a shell script, we need to start with a text editor. You can use any of the text editors in Linux including vi, vim, emacs, gedit, kate, etc., but I will be using kwrite here in these tutorials. Using a different editor should not make any difference in your script.

Step 3 :- “Hello, Null Byte!”

For our first script, we will start with a simple script that returns a message to the screen that says “Hello, Null Byte!”.

We start by entering the shebang or #!. This tells the operating system that whatever follows the shebang is the interpreter we want to use for our script. We then follow the shebang with /bin/bash indicating that we want the operating system to use the BASH shell interpreter.

  • #! /bin/bash

Next, we enter echo, a command in Linux that tells the system to simply repeat or “echo” back to our monitor (stdout) what follows. In this case, we want the system to echo back to us “Hello Null Byte!”. Note that the text or message we want to “echo back” is in double quotation marks.

  • echo “Hello Null Byte!”

Now, let’s save this file as HelloNullByte and exit from our text editor.

Step 4:- Set Execute Permissions

When we create a file, it’s not necessarily executable, not even by us, the owner. Let’s look at the permissions on our new file, by typing ls -l in our directory.

As you can see, our new file has rw-r–r– permissions. The owner of this file only has read (r) and write (w) permissions, but no execute (x) permissions. The group and all have only read permission. We need to modify it to give us execute permissions in order to run this script. We do this with the chmod command. To give the owner, the group, and all execute permissions, we type:

  • chmod 755 HelloNullByte

Now when we do a long listing (ls -l) on the file, we can see that we have execute permissions.

Step 5:- Run HelloNullByte

To run our simple script, we simply type:

  • ./HelloNullByte

The ./ before the file name tells the system that we want to execute this script in the current directory. This means that if there is another file in another directory named HelloNullByte, please ignore it and run HelloNullByte in my current directory.

When we then hit enter, our very simple script returns to our monitor.

Hello Null Byte!

Success! We just completed our first simple script!

Step 6:- Using Variables

So, now we have a simple script. All it does is echo back a message. If we want to create more advanced scripts we will likely want to add some variables.

Variables are simply an area of storage where we can hold something in memory. That “something” might be some letters or words (strings) or numbers. It can help to add functionality to a script that has values that might change.

Let’s go back to the script we wrote to use nmap to scan for vulnerable machines with a particular port open. Remember, the famous hacker, Max Butler, used a similar script to find systems with the Aloha POS that he was able to hack for millions of credit card numbers.

As you can see, this script was written to scan a range of IP addresses looking for port 5505 open (the port Aloha left open for tech support), and then create a report with all the IP addresses with this port open. The IP address range is “hard coded” into the script and can only be changed by opening and editing the script file.

What if we wanted to alter this script so that it would prompt us or any user for the range IP addresses to scan and the port to look for? Wouldn’t it be much easier to use if we were simply prompted for these values and they were then entered into the script?

Let’s take a look at how we could do that.

Step 7:- Adding Prompts & Variables to Our Aloha Script

First, we could replace the specified subnet with a IP range. We can do this with a variable called “FirstIP” and then a second variable named “LastIP” (the name of the variable is irrelevant, but best practice is to use a variable name that helps you remember what it holds). Next, we can replace the port number with a variable named “port”. These variables will simply be storage areas to hold the info that the user will input before running the scan.

Next, we need to prompt the user for these values. We can do this by using the echo command we learned above in writing the HelloNullByte script. So, we can simply echo the words “Enter the starting IP address :” and this will appear on the screen asking the user for the first IP address in their nmap scan.

  • echo “Enter the starting IP address :”

Now, the user seeing this prompt on the screen, will enter the first IP address. We need a way then to capture that input from the user. We can do this by following the echo line with the read command followed by the name of the variable. The readcommand takes a value entered at the keyboard (stdin) and puts it into a variable that follows it.

  • read FirstIP

The above command will put the IP address entered by the user into the variable, FirstIP. Then we can use that value in FirstIP throughout our script. Of course, we can do the same for each of the variables by first prompting the user to enter the information and then using a read command to capture it.

Next, we just need to edit the nmap command in our script to use the variables we just created and filled. When we want the value stored in the variable, we can simply preface the variable name with the $, such as $port. So, to use nmap to scan a range of IP addresses starting with the first user input IP through the second user input IP and look for a port input by the user, we can re-write the nmap command like this:

  • nmap -sT $FirstIP-$LastIP -p $port -oG web

Now, as the script is written, it will scan an IP address range starting with FirstIP and ending with LastIP looking for the port the user input. Let’s now save our script file and name it Scannerscript.

Step 8 :- Run It with User Input Variables

Now we can run our simple scanner script with the variables that tell the script what IP address range and port to scan without having to edit the script.

  • ./Scannerscript

As you can see, the script prompts us for the first IP address, then the last IP address and the port we want to scan for. After collecting this info, it then does the nmap scan and produces a report of all the IP addresses in the range that have the port open that we specified.

Stay Tuned for More Scripting…

Make certain to save this script as we will return to it in future tutorials and add even more functionality to it as we learn more about shell scripting for hackers.

Lovepreet Singh

How to Scan the Globe for Vulnerable Ports & Services

Previous article

What are the Benefits of APIs?

Next article

You may also like


  1. I dugg some of you post as I thought they were very beneficial invaluable

  2. I have interest in this, thanks.

  3. Zithromax Rx Dosage Cialis Medicament Prix [url=]viagra[/url] Buy Generic Nexium Online

  4. Buy Prevacid Odt Acheter De Viagra [url=]cialis price[/url] Cialis Contrassegno Pseudomonas Aeruginosa And Amoxicillin

  5. I don’t even understand how I stopped up right here, but
    I assumed this put up was once good. I don’t know who you might be
    but definitely you’re going to a well-known blogger should you are not already.

  6. Cialis 20 Pilules Cialis Quel Dosage Cialis En 48h [url=]online cialis[/url] Acheter Baclofene Belgique Cialis Comprar En Andorra Propecia Cost Canada

  7. Hello my family member! I want to say that this post is awesome,
    great written and include approximately all vital infos.

    I would like to peer extra posts like this .

  8. Hey There. I found your blog the use of msn. This is a
    very smartly written article. I’ll be sure to bookmark
    it and return to read extra of your helpful information. Thanks for the post.
    I will certainly comeback.

  9. … [Trackback]

    […] Read More: […]

  10. An impressive share! I have just forwarded this onto a friend who was conducting a little homework on this.
    And he actually ordered me dinner because I found it for him…

    lol. So allow me to reword this…. Thank YOU for the meal!!
    But yeah, thanks for spending some time to
    discuss this issue here on your website.

  11. Link exchange is nothing else except it is simply placing the other person’s blog link on your
    page at suitable place and other person will also do similar in support of you.

  12. When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get
    four e-mails with the same comment. Is there any way you can remove people from
    that service? Thanks a lot!

  13. With havin so much written content do you ever run into any issues of plagorism or copyright violation? My blog has a lot of completely
    unique content I’ve either written myself or outsourced but it appears a lot
    of it is popping it up all over the internet without
    my agreement. Do you know any solutions to help stop content from being stolen? I’d really appreciate

  14. What’s Happening i’m new to this, I stumbled upon this I’ve found It positively useful and it has
    aided me out loads. I am hoping to contribute & aid different customers like its helped me.

    Great job.

  15. I know this if off topic but I’m looking into starting my own weblog and was wondering what all is required to get set up?
    I’m assuming having a blog like yours would cost a pretty penny?
    I’m not very internet smart so I’m not 100% sure. Any recommendations or advice would be
    greatly appreciated. Cheers

  16. It is appropriate time to make some plans for the future and it’s time to be happy.

    I’ve read this post and if I could I want to suggest you some
    interesting things or tips. Maybe you can write next articles
    referring to this article. I desire to read even more things about it!

  17. What’s up friends, good article and good urging commented here, I
    am really enjoying by these.

  18. I’m curious to find out what blog platform you happen to be working with?
    I’m having some small security issues with my latest blog
    and I would like to find something more risk-free. Do you have any recommendations?

  19. Fabulous, what a blog it is! This weblog presents useful information to us, keep it up.

  20. What’s up, of course this paragraph is in fact good and I have learned lot of things from
    it on the topic of blogging. thanks.

  21. Attractive section of content. I just stumbled upon your web site and in accession capital to assert that I acquire
    actually enjoyed account your blog posts. Any way
    I will be subscribing to your feeds and even I achievement you access consistently quickly.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Information