Week 3

• Overview
  • Assignment 3.1
  • Class Activity 3.1
  • Assignment 3.2

Overview

Did Class Activity 3.1 and Assignments 3.1 and 3.2

Assignment 3.1

Not much to say here - I had to write a PowerShell script that could perform a reverse DNS lookup for all IP addresses in a /24 network. Already had the script from last semester. Even though I have PowerShell on my main system, because it's PowerShell Core for Linux, it does not have the Windows PowerShell Resolve-DNSName CMDlet. I'm annoyed by that.

I collect shells of the command-line variety. PowerShell is one of the few shells in my collection that sees actual use, though I never enjoy using it - it runs slow, and it is so different than what I'm used to, but there are times where it's the right tool for the job.

Class Activity 3.1

I had to do a bunch of DNS enumeration related things, some of which involved using the following structure:

for i in 192.0.2.{1..254}; do
  timeout .1 bash -c "echo >/dev/tcp/$ip/53" 2>/dev/null && echo "$ip"
done

The /dev/tcp/$host/$port construct is a kshism that, like many other ksh innovations, was adopted into bash.

I attempted a UDP scan, but it did not work, because any shell that supported this kshism returned success whether or not it actually connected - thinking about it now, given the nature of UDP, that makes sense - they sent the packet out, and that was a success. UDP offers no way of telling if the packet actually arrived.

Thanks to this assignment, I decided to put all 16 shells in my collection to the test, to see which of them were able to run echo >/dev/tcp/192.168.122.1/53 (the address of the DNS server for my libvirt-managed QEMU/KVM VMs). The results had a few surprises.

I have the following shells in my collection:

• bash (the GNU Bourne Again SHell)
• ash (the BusyBox Almquist shell, which I compiled as a standalone program, in order to increase the size of my shell collection. Not bad, if you don't mind limited tab completion support)
• ksh (the 1993 lineage of AT&T's KornShell)
• mksh (MirBSD's fork of pdksh, which is an otherwise-abandoned public-domain reimplementation of KornShell. mksh is the sh bundled with Android)
• osh (the Oil Shell project's Bash-compatible shell, which aims to be an upgrade path to the Bash-incompatible oil shell itself)
• yash (Yet Another SHell - it's a POSIX shell, with some extensions, mostly focused on interactive features)
• zsh (The Z shell - the most popular alternative to bash, the default shell on a fresh Kali install, as well as on macOS)
• fish (the "Friendly Interactive SHell" - it's user-friendly, and POSIX inspired, but not POSIX compatible.)
• nu (A shell that tries to add the best of PowerShell and UNIX Pipelines. I am absolutely not a fan, because they keep breaking my custom prompt by changing the configuration system.)
• ion (The default shell for RedoxOS, the UNIX-like OS written (almost) entirely in Rust. More POSIX-like than FISH, but also not POSIX compatible)
• tcsh (csh is a shell with C-inspired syntax. tcsh is csh with tab completion and better interactive features.)
• pwsh (PowerShell Core. It's PowerShell, and it's cross platform, and it runs about as fast as a snail that's taken sedatives. It's technically open source, but it's its own build dependency, and is not at all able to work with, for example, Debian's way of doing things. Maybe I'll like it more if it can get a build process that doesn't require you to run a PowerShell script to download who knows what off of who knows where.)
• elvish ("Expressive Programming Language + Versatile Interactive Shell" - not a fan of it, only have it because the alternative is a smaller shell collection)
• xonsh (pronounced like "Conch" (get it?) - it's what you get if you try to extend Python with Bash-inspired features until you get a Python Shell. Great for scripting, but slow - though nowhere near as slow as PowerShell - more like a snail that hasn't taken sedatives)
• dash (the Debian Almquist Shell - simple, stable, mininalist, not at all flashy. Just like the distro it was made for. It is the only appropriace shell to symlink /bin/sh to)
• rc (Byron rc, specifically - based on the shell of the same name from "Plan 9 from Bell Labs", the experimental OS created by the creators of UNIX once they moved on).

Of those, most returned a file/directory not found error of some kind. The exceptions were as follows:

• nu literally echoed >/dev/tcp/192.168.122.1/53
• ksh and bash opened the socket connection and returned success, which makes sense. It is a kshism that bash copied, after all. What surprised me is yash also did that - given that it's literally called "Yet Another SHell" and I only installed it because it was another shell in the collection. Maybe I've overlooked it.

Assignment 3.2

DNS uses TCP and UDP. I knew that, but it was good to get a hands-on feel for what that means in practice.