PowerShell and Linux Command Line Resources We Love for the National Cyber League Games


Back with more shark analogies, John “Mako” McGill discusses how we can use the built-in scripting engines in Linux and Windows – Bash and Powershell – to automate and simplify (almost) everything we do in the NCL.

There is something lurking under the surface of your operating system. Fast, efficient, and incredibly powerful… while many versions of Windows and Linux have passed by, the command line has persisted, stubbornly refusing to evolve. Staring from the black window of the command prompt, it eyes the next target…

Welcome back to Pro Tip Tuesday where we dive below the surface to meet our friends, powershell and the bash shell. Once reserved for “power users”, learning how to use these tools can make life much easier in the NCL. The main advantage is that we can write scripts which allow us to perform several actions with a single command.

For example, say that you wanted to write a password file with the flag NCL-MAKO-0000 through NCL-MAKO-9999. In Linux, you can chain together several commands like this:

seq -s “NCL-MAKO-” 0000 9999 > password.lst

That is great, right? What if you then wanted to use that list as input for John the Ripper?

john –wordlist=password.lst myhashes.txt

And then you wanted to display the passwords after the task completes?

john –show myhashes.txt

Great! But this is just using the command line. Using scripts allows us to “batch” all of these commands into a single file. So how do we do that exactly?

Well it starts with a file. We can use ‘cat’ or ‘touch’ to create it. We will give it the name myscript.sh in this example. Then, we open that file in our favorite editor (such as vi, or nano). The first line must tell us what kind of file this is going to be (called a shebang):

#!/bin/bash

Then we start adding in the commands, one per line:

seq -s “NCL-MAKO-” 0000 9999 > password.lst

john –wordlist=password.lst myhashes.txt

john –show myhashes.txt

Then we save it and exit the editor. Next we must make the script “executable”. We use the chmod command for this.

chmod +x myscript.sh

Lastly, we use the ‘.’ operator to execute the script:

./myscript.sh

The script will now execute, line by line. You have just written your first script!

Powershell is a little different. As the name would imply, it requires a pretty good understanding of Windows Objects and processes. Powershell scripts usually have the extension *.ps1. It is usually used for scanning a system, exfiltrating data, privilege escalation, and persistence. Most of this is beyond the scope of a CTF, although it may be very handy in debugging and reverse engineering. For simple scripting, we can use a basic .bat file.

To create a .bat file, simply open wordpad and start typing commands. Save as a file with the .bat extension and when you doubleclick it, it executes! This can be very handy if you need to run several commands as an administrator – just right click the script and choose the “run as administrator” option.

I already know all this! What else have you got?

Try using programming structures in Bash. You can add basic if-then statements or case-switch type statements to add decision-making capabilities to your script. Adding command line parameter processing allows you to write scripts that can be reused with different options each time. Here are some other ideas for specific categories:

Open Source Intelligence: Write a script that will automatically search google, bing, and yahoo and display the top 10 results of each. Use your favorite Google “dorks”.

Cryptography: Write a script to search for basic file info for steganography, look for magic bytes, separate files, check steghide and stegdetect, and check metadata. Write a script that will try basic decryption using known encoding techniques like binary-to-hex-to-ascii, base64, or rot13.

Password Cracking: Combine several command-line tools into a single script file or use a script file to remember your favorite cracking tool command line parameters.

Log Analysis: Write a script that will find all the objects (like IP addresses) or reformat the log into a format that is easier to read.

Network Traffic Analysis: Combine tools like grep and tshark for easier searching.

Wireless Access Enumeration: Combine tools like aircrack-ng and password generation tools like CeWL.

Scanning and Recon: Ever have trouble remembering all those nMap switches? Make a menu driven script that lets you select the type of scan you want to do.

Web Application Exploitation: Use curl to send post and get commands while fuzzing values.

Enumeration and Exploitation: Automate the reverse engineering process by fuzzing values, searching values using the ‘strings’ command, or batching basic commands.

Pro Shark tips:

The deeper you dive, the darker it gets. Don’t spend a lot of time trying to script during the games; you may only end up wasting time trying to get your scripts to work!

Smart sharks seek easy prey. Use scripts to go after the easy stuff, to save time for when you need a little extra effort on the hard challenges.

Don’t wait until there is already blood in the water. This is one of those things that if you spend time preparing before the games, you will benefit the most.

Happy hunting, Shark-Friends!

John “Mako” McGill

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.