Lab 08 ‐ Bash Scripting - rune-seregina/sys-255-fa24 GitHub Wiki

Objective
In this lab, I set out to gain familiarity with bash, which uses scripts to perform tasks. This included making a pingsweeper script to ping a range of IP addresses, an nslookup script to perform nslookup on a range of IPs within my network, and a nmap script to perform an nmap scan on a specified network.

Vocab:

  • Bash: Bourne-Again SHell, a CLI shell (user interface for accessing utilities of the OS) program/command language used by Linux for system administration, software development, or network engineering. It works by allowing users to write commands in a plain-text file that can be run as scripts by Bash.
  • Variables: are assigned values in programming languages. In Bash, variables are denoted by a $ placed before the variable name.
  • Environment Variables: every time a new session starts, an OS will keep track variables defining system properties tied to that session, aka an environment. These environment variables are special variables that contain information about the current login session and are usually set by default during installation/user creation.
  • Path Environment Variable: $PATH, tells a system where to look for executable files from the command line.
  • Shebang: #!, the bash interpreter, telling the system which interpreter to use to parse the rest of the file. Using shebang means bash is no executable using ./(script_name), since we've already specified the use of bash: "#!/bin/bash"
  • Awk: another Linux scripting language, for writing small programs to define and search for strings/patterns of text.
  • Brace Expansion: a parameter expansion allowing users to specify multiple similar string parameters without typing them out individually.
  • Input Parameters: aka Command Line Arguments. Positional parameters allow users to create a sort of "placeholder" parameter, ranging from $0-$9 in a single script. These parameters are supplied in the CLI during execution of the bash script instead of being placed directly in the script.
  • Nmap: a Linux CLI tool for networking scanning.

Resources used:

Other Useful Bash Documentation

IP Assignments:

  • WAN IP (synonymous with fw interface 1/em0): 10.0.17.112/24
  • LAN IP (synonymous with fw interface 2/em1): 10.0.5.2/24
  • wks02-rune IP: 10.0.5.150/24 (or as assigned by DHCP)
  • wks02/ad02/dhcp02/fs01/web01 default gateway: 10.0.5.2/24
  • wks02/dhcp02/fs01/web01 dns: 10.0.5.6
  • ad02-rune ip: 10.0.5.6/24
  • dhcp02-rune ip: 10.0.5.4/24
  • fs01-rune ip: 10.0.5.8/24
  • web01-rune ip: 10.0.5.10/24

Accounts:

  • ad02-rune: rune\Administrator (password A)
  • rune.local: rune.seregina (password A)
  • rune.local: rune.seregina-adm (password A)
  • rune.local: alice (password A)
  • rune.local: bob (password A)
  • dhcp-1-rune: rune (password A)
  • fs01-rune: Administrator (password B)
  • web01-rune: rune (password A)
  • $PATH Variable
  • image
  • $PATH contains a string of directories seperated by ":", and allows any executable files within the specified directories to be run without listing the full path to those executables. What this means for the OS is that anytime a command is types in the CLI without a specified path, the OS searches for an executable with that name using $PATH. It starts from the beginning of the PATH, and once it finds an executable with a matching name, it executes that file.

env

  • image
  • All environment variables, both the names and the current values for the log-in session.

info.sh

  • image
  • image
  • Explanation: Using environment variables, I created a very basic Bash script to display some text, as well as some information including the Kernel Version, Linux Versions, and Currently Logged in Users.
  • Kernel Version / command: uname -a display the name of the operating system (-a to print all information) / related env variables: SYSV3, sometimes LC_CTYPE, LC_MESSAGES, and NLSPATH.

awk

  • image
  • explanation
  • image
  • Explanation: I use Awk to parse /etc/group and /etc/passwd. '{print}' specifies which lines of text awk should be parsing for in the particular file. For the first awk command I printed for " group:" " groupid:" and " members:". $[1-9] denotes groups of non-whitespace characters. So I was parsing for the first ($1), third ($3) and fourth ($4) words in /etc/group and used grep to find users in the "wheel" group (Linux's administrator group). In the second awk command, I printed " name:" " uid:" " groupid:" " homedir: and " shell:" and parsed for $1, $3, $4, $6, and $7, respectively, in the /etc/passwd directory.

tree

  • image
  • Explanation: A tool for visually displaying directory structure of a file system.

loops/pingsweeper.sh

  • image
  • image
  • image
  • Explanation: "seq" in Linux is used to generate a list of numbers and is the basis of my pingsweeper bash script. In this script, the variable $i is defined as the sequence of numbers 1-10 (line 2). Then, "do" tells the script to run a loop of the command, since we need it to run 10 times with different numbers 1-10 (line 3). IP_ADDRESS is defined as 192.168.4.$i (line 4). The script displays text to show that it is running a ping command, then executes said ping command once to the variable $IP_ADDRESS (line 5 & 6). In order to filter out unsuccessful pings, I string together a grep for "64 bytes" (the response size of a ping) and the ping request itself (line 6). "done" denotes the end of a loop (line 7). The output displays 1 ping to 192.168.4.1-192.168.4.10, only displaying further text if the ping was successful (as seen in 192.168.4.3-192.168.4.8 but not 1,2,9, or 10).

nslookup.sh

  • image
  • image
  • Explanation: Now, $i is defined as a sequence between 1-150 (because 150 is the last named IP address on my network). Another loop is denoted using "do" and "done" (lines 4 & 11). Now, IP_ADDRESS is defined as 10.0.5.$i (line 5). A new variable named $OUTPUT is defined as $(nslookup $IP_ADDRESS 2>&1, where 2>&1 denotes redirection of standard error to standard output (line 6). The next few lines show an if/then statement which says that if grep is able to extract "name = " from $OUTPUT, then $OUTPUT should be displayed (side note, the grep -q flag is to grep "quietly" or to not display any sort of error or text if grep does not work) (lines 7-10). The output of this script displays all the hostnames existing between the IP addresses 10.0.5.1 and 10.0.5.150.

nslookup.sh with input parameter

  • image
  • image
  • Explanation: A small tweak was made to the original script, which now says variable NETWORK_PREFIX is equal to $1, which is a positional parameter to be filled in upon file execution. So, there is no IP address range given in the script and now the script will run nslookup on x.x.x.1-x.x.x.150 where x.x.x is denoted upon execution, as shown when I run the command as bash nslookup.sh 10.0.5

nmap bash script v1: parameters

  • image
  • image
  • Explanation: This bash script uses parameters to execute a command using the nmap tool. The first positional parameter is the TARGET_NETWORK, while the second parameter is actually a list of all parameters (denoted by @) starting at parameter 2 called NMAP_OPTIONS (lines 3-4). The reason I set up the second variable to allow multiple inputs is because nmap scans often use multiple flags (ex. -sS -vv). There is then a line of texts reading "Running nmap scan with parameters: $NMAP_OPTIONS $TARGET_NETWORK" (line 6) before the script actually executed the nmap command with the specified parameters on the last line. The user inputs the target network and parameters upon execution, as shown when I ran the command "bash nmapparameters.sh 10.0.5.0/2 -Ss -vv", which yielded an output text of the echo command I had in my script followed by the usual nmap scan and text.

nmap bash script v2: no parameters

  • image
  • image
  • Explanation: This other variation shows a bash script without positional parameters, where the user selects the option they want after executing the script. In this case, I set up 7 different scan options prefaced by text asking users to select which scan option they would like to run (lines 3-15). Then, I use a "case' statement to simplify the conditional, aka map each option to its corresponding nmap flag (lines 17-41). Finally, I allowed the option for the user to input any extra flags they wanted before initiating the scan based on the given variables. The output cycles the user through different options and then runs the scan much like the first script.

Troubleshooting

  • No troubleshooting here!

Reflection
I liked this lab a lot, I like the idea of scripting and it was a much needed introduction and opportunity to practice and learn some bash basics. I can definitely see myself using this information in the future!

⚠️ **GitHub.com Fallback** ⚠️