You're reading from Bash Shell Scripting for Pentesters Master the art of command-line exploitation and enhance your penetration testing workflows

Product type Paperback

Published in Dec 2024

Publisher Packt

ISBN-13 9781835880821

Length 402 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Steve Campbell

View More author details

Table of Contents (22) Chapters

Preface

1. Part 1: Getting Started with Bash Shell Scripting

2. Chapter 1: Bash Command-Line and Its Hacking Environment FREE CHAPTER

3. Chapter 2: File and Directory Management

4. Chapter 3: Variables, Conditionals, Loops, and Arrays

5. Chapter 4: Regular Expressions

6. Chapter 5: Functions and Script Organization

7. Chapter 6: Bash Networking

8. Chapter 7: Parallel Processing

9. Part 2: Bash Scripting for Pentesting

10. Chapter 8: Reconnaissance and Information Gathering

11. Chapter 9: Web Application Pentesting with Bash

12. Chapter 10: Network and Infrastructure Pentesting with Bash

13. Chapter 11: Privilege Escalation in the Bash Shell

14. Chapter 12: Persistence and Pivoting

15. Chapter 13: Pentest Reporting with Bash

16. Part 3: Advanced Applications of Bash Scripting for Pentesting

17. Chapter 14: Evasion and Obfuscation

18. Chapter 15: Interfacing with Artificial Intelligence

19. Chapter 16: DevSecOps for Pentesters

20. Index

Why subscribe?

21. Other Books You May Enjoy

Network exploitation

In this section, we’ll dive into exploiting command injection vulnerabilities in web applications that fail to filter user input before passing data on to operating system commands.

Network service exploitation

In September 2014, a critical vulnerability was discovered in the Unix Bash shell. This vulnerability, assigned the CVE-2014-6271 identifier and nicknamed Shellshock, sent shockwaves through the information security community due to its severity and widespread impact. Let’s dive into the technical details of this vulnerability and explore how it can be exploited.

The Shellshock vulnerability stems from a flaw in how Bash processes environment variables. Specifically, it allows an attacker to execute arbitrary commands by manipulating environment variables in a crafted manner.

In Bash, environment variables can be defined in the following format: