[destination local path] root@kali:~# scp [email protected]:/home/gus/passwords.txt . [email protected]'s password: passwords.txt 100% 17 16.7KB/s 00:00
Next, we will try to push a file called test.txt from my Kali to the remote SSH server (we will copy the file on the user's home directory in Ubuntu) using the scp command again:
$scp [file local path] [remote-username@remote-ip:/remote-path] root@kali:~# scp /root/test.txt [email protected]:/home/gus [email protected]'s password: test.txt 100% 5 0.4KB/s 00:00
Later in this book, you will see even more ways to transfer files such as Samba, FTP, etc. For the time being, you just learned the most common ways that you need to be aware of.
Summary
With so many commands to learn in this chapter, it's overwhelming, right? The secret of mastering the usage of the terminal window is through practice. It will take a while to get familiar with the terminal window, but once you're in, you will fall in love with it.
Your role is focused on penetration testing, and the goal of this chapter is to make it easy for you to handle the system of Kali Linux. This chapter presented the necessary tools and commands that you will encounter during an engagement. In the end, you're not a Linux system admin, but in cybersecurity, you will need to think out of the box.
CHAPTER 2 Bash Scripting
In the previous chapter, you learned lots of commands in Linux. Now, let's take your skills to the next level in the command‐line tools. In this chapter, you will see how to create scripted commands using Bash based on what you have learned so far.
Why Bash scripting? The universality of Bash gives us, penetration testers, the flexibility of executing powerful terminal commands without the need to install a compiler or an integrated development environment (IDE). To develop a Bash script, all you need is a text editor, and you're good to go.
When should you use Bash scripts? That's an important question to tackle before starting this chapter! Bash is not meant for developing sophisticated tools. If that's what you would like to do, you should use Python instead (Python fundamentals are covered later in this book). Bash is used for quick, small tools that you implement when you want to save time (e.g., to avoid repeating the same commands, you just write them in a Bash script).
This chapter will not only teach you the Bash scripting language, it will go beyond that to show you the ideology of programming as well. If you're new to programming, this is a good starting point for you to understand how programming languages work (they share a lot of similarities).
Here's what you're going to learn in this chapter:
Printing to the screen using Bash
Using variables
Using script parameters
Handling user input
Creating functions
Using conditional if statements
Using while and for loops
Basic Bash Scripting
Figure 2.1 summarizes all the commands, so you can use it as a reference to grasp all the contents of this chapter. In summary, basic Bash scripting is divided into the following categories:
Variables
Functions
User input
Script output
Parameters
Printing to the Screen in Bash
There are two common ways to write into the terminal command‐line output using Bash scripting. The first simple method is to use the echo command that we saw in the previous chapter (we include the text value inside single quotes or double quotes):
$echo 'message to print.'
The second method is the printf command; this command is more flexible than the echo command because it allows you to format the string that you want to print:
$printf 'message to print'
The previous formula is too simplified; in fact, printf allows you to format strings as well (not just for printing; it's more than that). Let's look at an example: if we want to display the number of live hosts in a network, we can use the following pattern:
root@kali:~# printf "%s %d\n" "Number of live hosts:" 15 Number of live hosts: 15
Figure 2.1 Bash Scripting
Let's divide the command so you can understand what's going on:
%s : Means we're inserting a string (text) in this position
%d : Means we're adding a decimal (number) in this position
\n : Means that we want to go to a new line when the print is finished
Also, take note that we are using double quotes instead of single quotes. Double quotes will allow us to be more flexible with string manipulation than the single quotes. So, most of the time, we can use the double quotes for printf (we rarely need to use the single quotes).
To format a string using the printf command, you can use the following patterns:
%s : String (texts)
%d : Decimal (numbers)
%f : Floating‐point (including signed numbers)
%x : Hexadecimal
\n : New line
\r : Carriage return
\t : Horizontal tab
Variables
What is a variable, and why does every programming language use it anyway?
Consider a variable as a storage area where you can save things like strings and numbers. The goal is to reuse them over and over again in your program, and this concept applies to any programming language (not just Bash scripting).
To declare a variable, you give it a name and a value (the value is a string by default). The name of the variable can only contain an alphabetic character or underscore (other programming languages use a different naming convention). For example, if you want to store the IP address of the router in a variable, first you will create a file var.sh
