To follow along with the exercises in this chapter, you’ll need a Linux environment. This book assumes you have enough skill to install an operating system and are familiar with installing and configuring virtual machine environments. If you need help setting up your lab environment, the VirtualBox online manual (Oracle VM VirtualBox User Manual, (https://download.virtualbox.org/virtualbox/UserManual.pdf) and several YouTube videos (VirtualBox – YouTube https://www.youtube.com/results?search_query=virtualbox) will be helpful.

Fortunately, there are many ways to configure a Bash learning environment for free. All examples will be shown using Kali Linux. However, any Linux or macOS environment will work.

“Kali Linux is an open source, Debian-based Linux distribution geared toward various information security tasks, such as penetration testing, security research, computer forensics, and reverse engineering.” (Kali Linux, https:...

Bash, also known as the Bourne Again Shell, is a command-line shell interpreter and scripting language. Bash was created by Brian Fox in 1989 as a free software replacement for the Bourne shell, which was proprietary software. (Bash – GNU Project – Free Software Foundation, https://www.gnu.org/software/bash/). It’s the most common Linux shell. Bash also introduced the ability to combine multiple commands into shell scripts that could be run by entering one command.

When you open a Terminal on a Linux system and enter commands, your Bash shell manages interactions with the operating system and running executables and scripts. Bash and Linux executables form a symbiotic relationship, each enhancing the functionality and efficiency of the other. Bash serves as the gateway for users and scripts to interact with the Linux kernel, the core of the operating system. It interprets user commands, whether entered directly into the Terminal or scripted...

Bash isn’t the only shell interpreter for Linux and Unix systems, but it is the most common. Other shells were influenced by Bash. You may also encounter Zsh on macOS and Kali Linux.

You might be wondering why this book has chosen to focus on Bash, despite some operating systems switching to Zsh. While macOS and Kali have switched to Zsh for new user accounts, they still have Bash installed. Most code written for Bash will also work on Zsh with a few minor changes. You can include a shebang line in your shell scripts to ensure that the Bash interpreter runs your script on systems where multiple shells are installed. While performing security assessments, you’re very likely to encounter Linux servers where Bash is the default shell. It will be essential for a pentester to understand how to interact with Bash to exploit applications, escalate privileges, and move laterally.

Fortunately, there are many ways you can access a Bash shell for free. This section...

If you’re following along using Kali Linux or macOS, note that your Terminal shell uses Zsh by default instead of Bash. Zsh has more features (such as better tab completion and theme support) but Bash is more widespread and standard. Bash has been around since the late 80s, making it a veteran in the shell world. It’s the default on most Linux distributions and macOS (up until Catalina, where Zsh took over). Bash’s longevity means it’s extremely stable and well-supported.

Zsh, on the other hand, came a bit later. It’s known for its improvements over Bash, including better interactive use and more powerful scripting capabilities.

You can determine which shell is configured by entering the echo $SHELL command in your terminal. Almost all code shown in this book will work in both Bash and Zsh, except where noted. In my day-to-day pentesting activities, I rarely notice any difference. However, if you want to change...

In this section, we’ll go over setting up our pentesting environment by updating system software packages and installing the tools required to follow along. Most of the tools needed will already be installed in Kali, so we’ll only need to install a few more software packages.

Update the package manager

Your first step when using a new Linux installation should be updating packages. As stated earlier, I’ll be using Kali Linux in all demonstrations. Kali is based on the Debian Linux distribution, which uses the Advanced Package Tool (APT) package manager. At its core, apt streamlines software management. It automates the process of retrieving, configuring, and installing software packages from predefined repositories. This automation not only saves time but also ensures that software dependencies are resolved without manual intervention.

Running sudo apt update refreshes the local database of available packages and their...

In this chapter, you were introduced to the indispensable world of Bash shell scripting, a cornerstone skill for anyone aspiring to excel in pentesting. This chapter began by demystifying what Bash is and underscoring its significance in cybersecurity tasks. It wasn’t just about memorizing commands; it was about leveraging Bash to automate repetitive tasks, manipulate data, and conduct security assessments with efficiency. The journey continued with guidance on selecting the appropriate operating system that supports Bash, setting the stage for successful scripting endeavors. Then, we rolled up our sleeves to configure our hacker shell, customizing its appearance and behavior to reflect personal tastes and preferences. This customization wasn’t just for aesthetics; it was about creating a functional and efficient working environment. Finally, this chapter introduced essential pentesting tools, walking you through their installation and basic usage. At this point...