Programmers' Series Shell Programming

========================================================================

1. Programmers' Series

1. Shell Programming 

========================================================================

 Honest to gosh -- programming is easy. If you have never programmed in your  life, today, within minutes, you will become a programmer. I promise. And  even if you are already a programmer, in this Guide you just might discover  some new tricks that are lots of fun.      Amazingly enough, many people who call themselves hackers don't know how to 

 program. In fact, many el1te haxor types claim they don't need to know how  to program, since computer programs that do kewl stuph like break into or  crash computers are available for download at those HacK3r Web sites with  the animated flames and skulls and doom -laden organ music.  

 

 But just running other people's programs is not hacking. Breaking into and 

 crashing other people's computers is not hacking. Real hacking is exploring 

 and discovering -- and writing your own programs!  

 

********************************************************  In this Guide you will learn:  

 

* Why should hackers learn how to program?  * What is shell programming?  * How to create and run scripts  * Shell scripts on the fly  * Slightly stealthy scripts  * Examples of fun hacker scripts  

 

Plus, in the evil genius tips, you will learn how to:  * Talk about the Turning Machine Halting Problem Theorem as if you are some  sort of forking genius  * Find instructions on how to create deadly viruses  * Set your favorite editor as default in Pine  * Link your bash history file to dev/null  * Keep simple Trojans from executing in your account  * Save yourself from totally messing up your .tcshrc, .bashrc etc. files.  *******************************************************  

 

Why Should Hackers Learn How to Program?  

 

 Back in 1971, when I was 24, I was as nontechnical as they come. But my  husband at the time, H. Keith Henson, was always talking about "buffer in,"  "buffer out" and assembly language stuff.  

 

 Keith was one of the earliest of hackers, and a hacker in the pure sense,  someone who wasn't afraid to try unusual things to save memory (a scarce  

resource on even the biggest computers of the 1970s) or cut CPU cycles. So  one June morning, tired of me looking dazed when he came home babbling  excitedly about his latest feat, he announced, "You're going to learn how to 

 program." He insisted that I sign up for a course in Fortran at the  University of Arizona.  

 

 The first class assignment was to sit at a punch card machine and bang out 

 a program for the CDC 6400 that would sort a list of words alphabetically.  It was so fun that I added code to detect input of characters that weren't  in the alphabet, and to give an error message when it found them.  

 

 The instructor praised me in front of the class, saying I was the only one  who had coded an extra feature. I was hooked. I went on to write programs  with enough length and complexity that debugging and verifying them gave me  a feel for the reality of the Turing Machine Halting Problem theorem.  

 

 I discovered you don't have to be a genius to become a professional  programmer. You just have to enjoy it enough to work hard at it, enjoy it  enough to dream about it and fantasize and play with programming in your  mind even when you aren't in front of a keyboard.  

 

******************************************************  Evil Genius tip: The Turing Machine Halting Problem theorem says that it is 

 impossible to thoroughly debug -- or even explore -- an arbitrary computer  program. In practical terms, this means that it super hard to make a  computer network totally secure, and that it will never be possible to write  an antivirus program that can protect against all conceivable viruses.  For a more rigorous treatment of the Turing Machine Halting Problem theorem  -- yet written in language a non-mathematician can understand -- read the  "Giant Black Book of Computer Viruses" by Dr. Mark Ludwig, American Eagle  Publications. This book will also teach you how to write the most deadly  viruses on the planet -- or programs to fight them! You can order it from  http://www.amazon.com. Warning-- in order to fully appreciate this book, you  have to know assembly language for 80x86 CPUs. But it is the most  electrifying computer manual I have ever read!!!!  ********************************************************  

 

 That is the heart of the hacker spirit. If you are driven to do more and 

 greater things than your job or school asks of you, you are a real hacker.  Kode kiddies who think breaking into computers and typing f*** every third  word while on IRC are not hackers. They are small-time punks and vandals.  But if you aspire to become a true hacker, you will become a programmer, and  reach for the stars with your code.  

 

What Is Shell Programming?  

 

 If you have been following the earlier Guides to (mostly) Harmless Hacking 

 (GTMHH), you are already familiar with many fun Unix commands. Shell  programming is writing a file that holds a sequence of Unix commands, which  you can run in your shell account by typing in only one line.     ****************************************************  Newbie note: Don't know what a shell account is? Unix leaves you scratching  your head? You *must* have a shell account to learn shell programming. You  

can get one for free at http://sdf.lonestar.org. Just set up a PPP  connection and telnet into Lonestar for your Unix fun! However, Lonestar  doesn't allow you to telnet out. For a full service shell account, check out  http://rt66.com. Yes! They have ssh logins!  For details on how to use a shell account and instructions on lots of fun  Unix commands, see the GTMHHs on shell accounts at  http://techbroker.com/happyhacker.html.  **************************************************  

 

 If you are familiar with DOS, you may have already done something similar  to shell programming: DOS batch files. The basic idea is that you write a  series of DOS commands and save them with a file that ends with the  extension "bat."  

 

 For example, you might name your batch file "myfile.bat." Then any time you  want to run it, you just type "myfile" and it runs all the commands inside  that file. (Note: if you are in a different directory from myfile.bat, you  either have to tell your computer where to look for it with a "path"  command, or by typing in the entire path, for example "c:\myprograms\myfile.")  

 

 Unix -- an operating system that was created long before DOS -- can do  something very similar to a DOS batch file. Instead of typing Unix commands  one by one every time you need them, you can write a shell script that  automatically executes that sequence. Then you save it as a file with  permissions that make it executable.  

 

***************************************************  Newbie note: "Executable" doesn't mean the computer goes out and murders  your poor file. It means that when you type the name of that file, the  computer looks inside and does what your file tells it to do.  "Permissions" mean what can be done by who with a file. For example, you  could set the permissions on your shell account file so that only someone in  your account could execute it. Or you could make it so anyone in the world  could run (execute) it -- something you usually do with the files in your  Web site, so that anyone who surfs in may read them.  ***************************************************  

 

 But there is one huge difference between DOS and Unix commands. In DOS, the  commands "mkdir" and "MKDIR" do exactly the same thing. In Unix, they would  be two totally different commands. Be absolutely careful in this lesson to  type all commands in lower case (small) letters, or this stuff will not work.  

 

How to Create and Run a Script  

 

 Why are we starting with shell script programming? The reason is that they  are easy. Honest, they *are* easy. So easy, there are several ways to make  them.  

 

 First, let's walk though the Pico way to create a simple script.  

 

1) Open an editor program. We'll use the easiest one: Pico. At the prompt in 

 your shell account, simply type in "pico hackphile." ("Hackfile" will be the  name of the script you will create. If you don't like that name, open Pico  with the name you like, for example "pico myfilename.")  

  This brings up a screen that looks a lot like the Pine email program's  "compose mail" screen.  

 

********************************************************  Evil genius tip: If your shell account is half-way decent, you will have 

 Pine and it will allow you to choose whatever editor you want for composing  email. Default is Pico. But you may configure it to use other editors such  as the far more powerful vi or emacs. Just go to the main menu on Pine, then  to Setup, then to Configure, then scroll down almost to the end of all the  options. There will be a line "editor = pico." Put in your favorite editor!  If you regularly use Pine to compose email, you will keep in practice by  using its editor, making it much easier to write programs.  ********************************************************  

 

 Here's what your Pico screen should look like:  

 

UW PICO(tm) 2.9                File: hackphile           

 

                                  [ New file ]  ^G Get Help  ^O WriteOut  ^R Read File ^Y Prev Pg   ^K Cut Text  ^C Cur Pos  ^X Exit      ^J Justify   ^W Where is  ^V Next Pg   ^U UnCut Text^T To Spell  

 

 At the bottom is some fast help, a list of commonly used Pico commands.  That "^" thingy means to hold down the control key while hitting the letter  of the alphabet that follows. Besides these commands, some others that it  helps to know for Pico are:  

 

^e moves the cursor to the end of a line 

 ^a moves the cursor to the beginning of a line  ^d deletes a character  ^f moves the cursor forward (or use the -> arrow key if it works)  ^b moves the cursor backward (or use the <- arrow key if it works)  ^p moves the cursor up (or use the up arrow key if it works)  ^n moves the cursor down (or use the down arrow key if it works)  ^t checks spelling  

 

2) Write in some Unix commands. Here are some fun ones:  echo I am a programmer and one heck of a hacker!  echo Today I am going to  echo $1 $2 $3 $4 $5 $6 $7 $8 $9  

 

3) Now exit Pico. Hold down the control key while pressing "x." Pico will  ask you if you want to save the file. Hit the "y" key to save. It will ask  you whether you want to save it with the name "hackphile." Unless your  change your mind, just hit the "enter" key and you are done.  

 

4) Next make it executable. On most systems, you can do this by typing  "chmod 700 hackphile." On some computers the command "chmod +x hackphile"  will work. On other computers you might have to write a line in your shell  script "#!/bin/bash" (or "#!/bin/tcsh" or "#!/bin/csh" etc. depending on the  

path to whatever shell you are using) to make it work. Sorry to be so  complicated on this instruction, but there are a lot of different kinds of  Unix and Unix shells out there. Groan.  

 

******************************************************  Newbie note: That "chmod" command sets permissions. Making a file executable  is only one of the many things that magical command does. It also controls  who can execute it, who can read it, and who can write it.  Damian Bates of Rt66 Internet points out that you could set the permissions  so only you could execute that shell script by typing "chmod u+rx filename"  (u=you). If you are in a Unix "group," you could allow your group to execute  it by typing "chmod g+rx filename" (g=group) or you could give everyone else  execute permissions by typing "chmod o+rx filename" (o=other).  Any of these  can be done in combination such as "chmod ug+rx filename (user and group can  read and execute but not write) or "chmod g-rwx filename"  If you hate typing all that stuff, you can use numbers as in "chmod 700,"  which gives you, and only you read, write and execute permission. To add  permission to read and execute, but not write, to everyone else, use "chmod  755." To learn more on how to use the number chmod commands, use the command  "man chmod."  *******************************************************  

 

5) Now type in: "hackphile forge email from Santa Claus." Press "enter" and 

 you will see on your screen: "I am a programmer and one heck of a hacker!  Today I am going to forge email from Santa Claus." 

 

 

 Pretty cool, huh? What that last echo command does is find the first word  you typed after the "hackphile" command, which is held in the memory  location $1, the second word in $2, and so on. Unlike more sophisticated  programming languages, you don't need to set up those dollar sign variables  in advance -- the stuff you type on the command line after the name of the  script automatically goes into those memory locations!  

 

 Now suppose you want a script to actually forge email from Santa Claus.  Unfortunately, this is where you learn the limitations of shell scripts. You  can put in the command "telnet foobar.com 25" and be ready to forge email.  But if the next command in your shell script is "mail from:  santa@north.pole.com," it just won't happen. The problem is that you are no  longer in your Unix shell. You now are running a mail program on foobar.com,  which does not bring up the rest in your sequence of shell commands.  

 

 But help is on the way. The programming languages of Perl and C will do the  job for you much more easily than a shell script. More on these in later  Guides, I promise!  

 

 How about more fun ways to make shell scripts?  

 

Shell Scripts on the Fly  

 

 In a rush? Do you always do things perfectly? If so, try the "cat" command 

 to create shell scripts.  

 

 Here's an example of a useful one. Type in:  

 

cat > list  ls -alK|more  w|more  

 

 Then hold down the control key while hitting the letter "d." This will  automatically end the "cat" command while saving the commands "ls -alK|more"  and "w|more" in the file "list." Then make it executable with the command:  "chmod 700 list." (If chmod 700 doesn't work on your system, try the  alternative ways to make it executable in 4) above.)  

 

 Now, whenever you want to see everything you could ever want to see about  your files, followed by a list of info on whoever else is also logged into  shell accounts at the Unix box you use, just type in the command "list."  This will give you something like:  

 

total 127  drwx-----x  8 cpm          1536 Dec 28 14:37 .  drwxr-xr-x985 root        17920 Dec 26 17:56 ..  -rw-------  1 cpm             0 Aug 27 08:07 .addressbook  -rw-------  1 cpm          2285 Aug 27 08:07 .addressbook.lu  lrwxrwxrwx  1 cpm             9 Oct 27 15:35 .bash_history -> /dev/null  -rw-r--r--  1 cpm          1856 Oct  8 09:47 .cshrc  

 

(snip)  

 

3:01pm  up 5 days,  6:48,  9 users,  load average: 1.87, 1.30, 1.08  User     tty       login@  idle   JCPU   PCPU  what  phill    ttyp0     2:39pm     1     11         -csh  flattman ttyp1     2:27pm            4      4  tf  kjherman ttyp2     1:13pm  1:43                telnet ftp.fubar.com  cpm      ttyp4     1:08pm           13         w  johnp    ttyp5    Sat 6pm     1   1:29      7  -tcsh  kjherman ttyp6     1:15pm  1:43                telnet fubar.com  kjherman ttyp8     1:16pm  1:43                /bin/csh /usr/local/bin/cmenu  momshop  ttyp9     2:50pm    10                /usr/local/bin/pine  swit     ttypa     9:56am  4:20     41         -csh  joy      ttypc     3:00pm            2      1  -csh 

    

 

***************************************************  Newbie note: What does all that stuff mean? Sorry, this is an advanced  GTMHH, so all I'm going to tell you is to give the commands "man ls" and  "man who" to find out all this stuff.  OK, OK, I'm sorry, here's a little more help. The "|" means "pipe." When you  have two commands on either side of a pipe command, this makes the output of  the command on the left hand side of the "|" pipe into the command on the  right hand side. So "w|more" tells your computer to do the command "w" and  pipe its output to the command "more." Then "more" displays the output on  your monitor one screen at a time, waiting for you to hit the space bar  before displaying the next screen.  What does "lrwxrwxrwx  1 cpm             9 Oct 27 15:35 .bash_history ->  /dev/null" mean? "l" means it is a linked file. The first set of rwx's mean  I (the owner of the account) may read, write, and execute this file. The 

 second rwx means my group may also read, write and execute. The last set  

means anyone in the world may read, write and execute this file. But since  it's empty, and will always stay empty, too bad, kode kiddies.  ***************************************************  

 

***************************************************  Evil genius tip: In case you saw that supposed bash history file of mine  some haxors were making phun of on some email lists, here's two ways you can  tell it was faked and they were seriously deficient in Unix knowledge.  a) See that funny notation above, "bash_history -> dev/null? My  .bash_history has been linked to dev/null (dev/null means "device null"  which is a fancy way of saying everything goes to bit heaven never to be  seen again) since Oct. 9, 1997 -- long before some sooper genius emailed  around that fake file!   Here's how you can make your bash history disappear. Simply give the  command "ln -s /dev/null ~/.bash_history."  b) If you have the bash shell, and haven't linked it yet to dev/null, get 

 into it and use the "talk" command to chat with someone for awhile. Then  give the command "more .bash_history." You will see that unlike that 

 supposed bash history file of mine, the stuff you type in during a "talk"  session does not appear in the .bash_history file. The guy who faked it  didn't know this! Either that, or he did know, and put that in to trick the  people who would read it and flame me into revealing their ignorance.  The guys who got caught by this trick tried to get out of their embarrassing 

 spot by claiming that a buffer overflow could make the contents of a talk  session turn up in a bash history file. Yeah, and yesterday they saw Elvis  Presley at a grocery story, too.  ***************************************************  

 

Slightly Stealthy Scripts  

 

 Now suppose you are worried about really clueless kode kiddies getting into  your shell account. Believe it or not, many people who break into computers  are almost totally ignorant of Unix. For example, at Def Con V a friend,  Daniel, conducted an informal poll. He asked dozens of attendees if they  knew the "cat" command. He found that over half the people there had never  even heard of it! Well, *you* know at least one way to use "cat" now!  

 

 Another example of haxor Unix cluelessness was a fellow who broke into my  shell account and planted a Trojan named "ls." His idea was that next time I  looked at my files using the Unix ls command, his ls would execute instead  and trash my account. But he forgot to give the command "chmod 700 ls." So  it never ran, poor baby.  

 

******************************************************  Evil genius tip: Damian advises "NEVER put '.' (the current working  directory or cwd) in your path! If you really want "." in your path, make  sure it is the last one. Then, if a Trojan like ls is in your current  directory, the _real_ ls will be used first. Set your umask (umask is the  command that automatically set permissions on all files you create, unless  you specify otherwise) to something more secure than 022, I personally use 

 077. Never give group or other write access to your directory and be leery  of what others can read."  For your reading enjoyment, use the commands "man chmod" and "man umask" to  get all the gory details.  

******************************************************  

 

 Here are ways to make shell scripts that the average clueless person who  breaks into a computer won't be able to run.  

 

 First, when you name your script, put a period in front of the name. For  example, call it ".secretscript". What that period does is make it a hidden  file. Some kode kiddies don't know how to look for hidden files with the  command "ls -a."  

 

 After you make your script, don't give the "chmod 700" command. Just leave  it alone. Then when you want to execute it, give the command "sh hackphile"  (substituting for "hackphile" the name of whatever script you wish to 

 execute). It will execute even though you never gave that chmod 700 command!  

 

 What you have done with the "sh" command is launch a temporary new Unix  shell, and then send into that shell the commands of your script.  

 

 Here's a cool example. Make this script:  cat > .lookeehere!  who|more  netstat|more  

 

 Remember to save this script by holding down the control key while hitting 

 the letter "d". Now try the command: ".lookeehere!" You should get back  something that looks like:  bash: ./.lookeehere!: Permission denied 

 That's what will stump the average kode kiddie, presuming he can even find 

 that script in the first place.  

 

 Now try the command "sh .lookeehere!" All of a sudden you get screen after  screen of really interesting stuff!  

 

 Your Internet Service provider may have disabled some of the commands of  this Guide. Or it may have just hidden them in directories that you can get  to if you know how to look for them. For example, if the "netstat" command  doesn't work, give the command "whereis netstat." or else "locate netstat."  

 

 If, for example, you were to find it in /usr/bin, you can make that command  work with "/usr/bin/netstat" in your script.      If neither the whereis or locate commands find it for you, if you are a  newbie, you have two choices. Either get a better shell account, or talk  your sysadmin into changing permissions on that file so you can execute it.  Many sysadmins will help you out this way -- that is, they will help if when  they check their syslog files they don't find evidence of you trying to 

 break into or trash computers. Neat trick: take your sysadmin to a fancy  restaurant and wait to ask him for access to EVERY Unix command until after  you have paid for his meal.  

 

*****************************************************  Evil genius tip: Your sysadmin won't let you run your favorite Unix  commands? Don't grovel! Compile your own! Most ISPs don't mind if you keep  and use your favorite Unix stuff in your own account. Says Damian, "I tend 

 

to keep my own binaries in ~/bin/ (My home directory slash bin) and put that  in my path. (With the directory being 700 or drwx------ of course)."  Where can you get your own? Try http://sunsite.unc.edu/pub/Linux/welcome.html  *****************************************************  

 

 Now it's time to really think about what you can do with scripts. Yes, a  shell script can take a complex task such as impressing the heck out of your  friends, and make it possible for you to do by giving just one command per  cool stunt.  

 

 If you are a bit of a prankster, you could create a bunch of scripts and  use them to make your friends think you have a special, super duper  operating system. And in fact you really will, honestly, be in control of  the most special, wonderful operating system on the planet. The beauty and  power of Unix is that it is so easy to customize it to do anything and  everything! Windows no! Unix yes!  

 

****************************************************  Evil Genius tip: Bring up the file .login in Pico. It controls lots of what 

 happens in your shell account. Want to edit it? You could totally screw up  your account by changing .login. But you are a hacker, so you aren't afraid,  right? Besides, if you mess up your shell account, you will force yourself  to either learn Unix real fast so you can fix it again, or else make friends  with tech support at your ISP as your try to explain why you accidentally  mapped the letter "e" to mean "erase." (I did that once. Hey, no one's 

 perfect!)  For example, do you have to put up with some babysitter menu every time you  log in? Do you see something that looks like "/usr/local/bin/menu" in 

 .login? Put a "#" in front of that command (and any other ones you want to 

 put to sleep) and it won't execute when you login. Then if you decide you  are sorry you turned it off, just remove the "#" and that command will work  again.   Damian adds "Of great importance to newbies and a sign of great  intelligence in advanced Unix gurus is backing up before you screw it up,  i.e., in your pico of .cshrc.  Their command lines should contain: mkdir  .trash;chmod 700 .trash;cp .cshrc .trash; pico .cshrc.  

 

 "Or, make the following alias in your .cshrc after creating your  '.trash'directory: alias backup 'cp \!$ ~/.trash'   "When you next source the .cshrc, you just type 'backup filename' and it  will be copied into the .trash directory in case you need it later.   "Modify the startup script, save the changes and then telnet in a second  time to see if it works.  If it doesn't, fix it or 'cp ~/.trash/.cshrc ~'. I  don't recommend you 'source' the newly modified file because if it's  screwed, so are you.  It's always best to keep one session untarnished, just 

 in case.  If it works OK on your 2nd login, then you can 'source 

 .cshrc;rehash;' in your first window to take advantage of the changes made."  *******************************************************  

 

 OK, now how about just cutting loose and playing with scripts? See what  wonderful things you can do with them. That's what being a hacker is all  about, right? And thanks to Damian Bates, great fan of the Bastard Operator  from Hell, for reviewing and contributing to this Guide. Check out his Web  site at http://bofh.mysite.org/damian. Parental discretion advised:)  

 "There is no way you're describing our system,  she could never have gotten past our security.  

 

But I'm going to find her and see that she's prosecuted ...  she broke the law, and she's going to pay!"   President of "Blah Blah Bank"  

 

 -->>> Does anybody ELSE see a small discrepancy here ???????  

 

  

Related Posts

• 
  HACKING INTO COMPUTER SYSTEMS !! A BEGINNERS GUIDE FULL
• 
  EVERYTHING A HACKER NEEDS TO KNOW ABOUT GETTING BUSTED BY THE FEDS
• 
  HACKING INTO COMPUTER SYSTEMS !! A Beginners Guide FULL
• 
  What is DoS (Denial-of-Service) Attack & How to perform DoS Attack
• 
  HACKING INTO COMPUTER SYSTEMS !! A BEGINNERS GUIDE FULL
• 
  HACKING INTO COMPUTER SYSTEMS !! A Beginners Guide FULL

Share this post

Subscribe Our Newsletter