Getting started in scripting

-
Perhaps the most important skill a hacker should master is programming. This is what makes the true difference between "hackers" and "script kiddies". The latter lacks the knowledge to write his own script: he rather uses programs made by others to attack his target. In contrast, a worthy hacker builds his own program tailored to his needs in order to exploit a specific vulnerability.

Does that mean that a hacker never uses material written by others? Of course not. As most of the exploits (i.e. scripts that exploit a flaw) written by/for the Linux community are open-source, hackers often reverse-engineer these programs to understand how they work and potentially modify them to suit their own needs. What's more, when building his own script, a hacker very often integrates some tool from a fellow hacker. This is precisely how malware evolves on a daily basis: a programmer uses his know-how to combine multiple exploits in an effective way.

Writing your first script

From the moment I opened a text editor and started writing my first line of shell code, I fell in love again with programming -- "again" because I already have experience in Java, having built my own projects, before getting into cybersecurity. I started with shell scripting (in bash language) because it's straightforward yet extremely powerful when in the right hands. If you search around the internet for the basics of shell scripting, I guarantee you will instantly want to learn more. The syntax used is simple and understandable from the first reading. 
A teaser of my next post

"Adopting" a text editor

Text editors are the link between human and machine: that's where you write your code. Assuming you're using Kali Linux, like I do, you have plenty of options when it comes to text editors: nano, leafpad, gedit, vi, vim... I would personally recommend two of those. 
  • Leafpad: included in the Kali repository, it is easy to use and has the convenience of providing a GUI.
  • Vim: arguably the most efficient text editor. While it may be complex to use at first, it will sooner or later become your best friend. Numerous script developers recommend using Vim, and I agree with them. It does not have a GUI. I am writing a guide to help you get started with it, check back soon here on Hacker Handle.

Basic script ideas

To start, you can write a simple program that automates a process: for example, a script that puts your wireless interface into monitor mode, starts networks discovery and logs the different BSSIDs found in a text file -- hint: we'll be coding a similar script in a future post.

I deeply encourage you to start writing your own scripts, even simple ones, to get out of the script kiddie bubble. Along your journey, should you have any ideas or encounter any problem, do not hesitate to post a comment here or contact me. I would be glad to help.

Comments

  1. UnknownSeptember 10, 2019 at 7:08 PM

    Please tell me books to read for creating scripts for real time application with real time examples please

    ReplyDelete

Post a Comment

Share your thoughts! Leave a comment here

Popular posts from this blog

Pixie-Dust Wifi Attack: Theory & Practice

-
Image
In the series of wifi hacking, I have already covered WPA handshake capture and social engineering . In this post I present to you yet another attack using a novel approach for gaining access to a network: it is based on the WPS protocol and is known as the Pixie-Dust attack. You will find a step-by-step guide after a short explanation of the theory behind the security flaw hereby discussed.
Read more

How to capture a WPA handshake

-
Image
There are different methods for getting unauthorized access to a Wifi network. I will try to cover several ones, but in this post I will focus on capturing a WPA handshake for a subsequent dictionary or brute-force attack. Requirements Before getting started make sure you have the following: Raspberry Pi 3 running Kali Linux ( tutorial here ) Monitor-mode and Packet-injection capable wifi adapter PC Decent internet connection We'll be using the wifi adapter with the Raspberry Pi, controlling them with a PC via VNC ( tutorial here ). What is a WPA handshake? In simple words, a WPA handshake is used to authenticate a user with an AP (Access Point). To illustrate things, think of it as a literal handshake: if the client presents his hand but the AP doesn't, the handshake can't happen and authentication thus fails. Because the engineering behind a WPA handshake is not the main purpose of this guide, let's dive into our work. Discovering the target AP Th
Read more