MIS 5212.001 Week 4 Site:

Slides:



Advertisements
Similar presentations
Introducing JavaScript
Advertisements

Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer
MIS Week 4 Site:
The Web Warrior Guide to Web Design Technologies
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Modules and Objects Introduction to Computing Science and Programming I.
Working with JavaScript. 2 Objectives Introducing JavaScript Inserting JavaScript into a Web Page File Writing Output to the Web Page Working with Variables.
XP 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties Tutorial 10.
SUNY Morrisville-Norwich Campus-Week 12 CITA 130 Advanced Computer Applications II Spring 2005 Prof. Tom Smith.
Guide To UNIX Using Linux Third Edition
Guide To UNIX Using Linux Third Edition
MIS Week 3 Site:
Introduction to C Programming
Chapter 11 ASP.NET JavaScript, Third Edition. 2 Objectives Learn about client/server architecture Study server-side scripting Create ASP.NET applications.
Introduction to JavaScript. Aim To enable you to write you first JavaScript.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Introduction to Python
PHP meets MySQL.
Client Scripting1 Internet Systems Design. Client Scripting2 n “A scripting language is a programming language that is used to manipulate, customize,
Unit 3: Java Data Types Math class and String class.
Client Side Programming with JavaScript Why use client side programming? Web sides built on CGI programs can rapidly become overly complicated to maintain,
CMPS 211 JavaScript Topic 1 JavaScript Syntax. 2Outline Goals and Objectives Goals and Objectives Chapter Headlines Chapter Headlines Introduction Introduction.
1 JavaScript in Context. Server-Side Programming.
XP Tutorial 10New Perspectives on Creating Web Pages with HTML, XHTML, and XML 1 Working with JavaScript Creating a Programmable Web Page for North Pole.
Extending HTML CPSC 120 Principles of Computer Science April 9, 2012.
Shell Scripting AFNOG IX Rabat, Morocco May 2008.
Collecting Things Together - Lists 1. We’ve seen that Python can store things in memory and retrieve, using names. Sometime we want to store a bunch of.
Variables and ConstantstMyn1 Variables and Constants PHP stands for: ”PHP: Hypertext Preprocessor”, and it is a server-side programming language. Special.
Chapter 10: BASH Shell Scripting Fun with fi. In this chapter … Control structures File descriptors Variables.
Introducing JavaScript. Goals By the end of this lecture you should … Be able to describe the differences among object methods, object properties and.
Java server pages. A JSP file basically contains HTML, but with embedded JSP tags with snippets of Java code inside them. A JSP file basically contains.
XP Tutorial 10New Perspectives on HTML and XHTML, Comprehensive 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties Tutorial.
Applications Development
1 JavaScript
Introduction to JavaScript CS101 Introduction to Computing.
JavaScript Introduction.  JavaScript is a scripting language  A scripting language is a lightweight programming language  A JavaScript can be inserted.
Visual Basic for Application - Microsoft Access 2003 Programming applications using Objects.
 2008 Pearson Education, Inc. All rights reserved JavaScript: Introduction to Scripting.
Introduction to Python Dr. José M. Reyes Álamo. 2 Three Rules of Programming Rule 1: Think before you program Rule 2: A program is a human-readable set.
Python Let’s get started!.
PROGRAMMING IN PYTHON LETS LEARN SOME CODE TOGETHER!
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 4 – Shell Variables, More Shell Scripts.
M1G Introduction to Programming 2 2. Creating Classes: Game and Player.
Introduction to JavaScript MIS 3502, Spring 2016 Jeremy Shafer Department of MIS Fox School of Business Temple University 2/2/2016.
CSx 4091 – Python Programming Spring 2013 Lecture L2 – Introduction to Python Page 1 Help: To get help, type in the following in the interpreter: Welcome.
1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.
Python: Building Geoprocessing Tools David Wynne, Ghislain Prince.
National Diploma Unit 4 Introduction to Software Development Procedures and Functions.
XP Tutorial 10New Perspectives on HTML, XHTML, and DHTML, Comprehensive 1 Working with JavaScript Creating a Programmable Web Page for North Pole Novelties.
1 Agenda  Unit 7: Introduction to Programming Using JavaScript T. Jumana Abu Shmais – AOU - Riyadh.
JavaScript Tutorial First lecture 19/2/2016. Javascript is a dynamic computer programming language. It is lightweight and most commonly used as a part.
CITA 352 Chapter 7 Programming for Security Professionals.
Linux Administration Working with the BASH Shell.
Welcome to Introduction to Psychology! Let’s share a bit about where we are all from…
Introduction to JavaScript MIS 3502, Fall 2016 Jeremy Shafer Department of MIS Fox School of Business Temple University 9/29/2016.
CSE 374 Programming Concepts & Tools
Bash Introduction (adapted from chapters 1 and 2 of bash Cookbook by Albing, Vossing, & Newham) CPTE 440 John Beckett.
Intro to Ethical Hacking
SQL and SQL*Plus Interaction
Python Let’s get started!.
Introduction to Python
Introduction to TouchDevelop
HYPERTEXT PREPROCESSOR BY : UMA KAKKAR
Fundamentals of Functional Programming
Tutorial 10: Programming with javascript
Lab 4: Introduction to Scripting
Introducing JavaScript
Introduction to scripting
Presentation transcript:

MIS Week 4 Site:

 Introduction  In the news  Introduction to Ruby  Modules  Scripting  Next Week 2MIS

 Submitted  (HSBC online banking attacked  requests-over-http requests-over-http  ments-expensive-cybersecurity-system-disaster-says- new-report ments-expensive-cybersecurity-system-disaster-says- new-report  ity-theft-victim-this-site-helps-you-reclaim-your-life.html ity-theft-victim-this-site-helps-you-reclaim-your-life.html  tech/cyber/2016/01/29/cloud-cyber-policy-documents- trickle-out-dod/ / tech/cyber/2016/01/29/cloud-cyber-policy-documents- trickle-out-dod/ /  idUSKCN0V422D idUSKCN0V422D MIS

 Submitted  bug-found-in-paypal-servers/ bug-found-in-paypal-servers/  -wanted-1000-cybersecurity-jobs-at-opm-post-hack-hiring- approved-by-dhs/#3b65b8502cd2 -wanted-1000-cybersecurity-jobs-at-opm-post-hack-hiring- approved-by-dhs/#3b65b8502cd2  -j-p-morgan-chase-co-is-spending-a-half-billion-dollars-on- cybersecurity/#1596e9ca2a7f -j-p-morgan-chase-co-is-spending-a-half-billion-dollars-on- cybersecurity/#1596e9ca2a7f  gaming-apps-on-play-store gaming-apps-on-play-store  several.html#sthash.eGxqbDJG.dpuf several.html#sthash.eGxqbDJG.dpuf  technology-uses-fingerprint-recognition-childproof-firearms technology-uses-fingerprint-recognition-childproof-firearms MIS

 Submitted  (CA to propose ban encrypted smartphones)  hsbc-a-8835?rf= edbt&mkt_tok=3RkMMJWWfF9wsRonuarNcO%2FhmjT EU5z16e8pXa%2B%2FlMI%2F0ER3fOvrPUfGjI4ATsJrN6 %2BTFAwTG5toziV8R7DALc16wtwQWRLl hsbc-a-8835?rf= edbt&mkt_tok=3RkMMJWWfF9wsRonuarNcO%2FhmjT EU5z16e8pXa%2B%2FlMI%2F0ER3fOvrPUfGjI4ATsJrN6 %2BTFAwTG5toziV8R7DALc16wtwQWRLl  increasingly-hit-cyber-attacks-report increasingly-hit-cyber-attacks-report  energy-survey-oil-and-gas/ energy-survey-oil-and-gas/  ready-to-mark-all-http-sites-as-bad/ ready-to-mark-all-http-sites-as-bad/ MIS

 What I noted  Not an article, but information on last weeks Air Force “Cyber Weapon”  It’s their firewall! By declaring it a “Weapon” it prioritizes funding  microsoft-edges-inprivate-mode-if-you-value-your- privacy/ microsoft-edges-inprivate-mode-if-you-value-your- privacy/  vulnerability-leaves-owners-at-risk-of-data-theft/ vulnerability-leaves-owners-at-risk-of-data-theft/ MIS

 Metasploit is primarily written in Ruby  The book “Metasploit” also uses a lot of PowerShell in it’s examples  We are not going to try and make you either Ruby or PowerShell developers here tonight  Rather, we will look at some of the basic structure and steps you might go through to modify modules for you own purposes. MIS

 Interactive Ruby Shell (IRB or irb) is a REPL for programming in the object-oriented scripting language Ruby.  The program is launched from a command line and allows the execution of Ruby commands with immediate response, experimenting in real-time. It features command history, line editing capabilities, and job control, and is able to communicate directly as a shell script over the Internet and interact with a live server. MIS Source:

 Example MIS

 Hello World  Calculator MIS

 Use up arrow and edit + to *  Square MIS

 Square Root MIS

 Math is a built-in module for mathematics. Modules serve two roles in Ruby. This shows one role: grouping similar methods together under a familiar name. Math also contains methods like sin() and tan().  Next is a dot. What does the dot do? The dot is how you identify the receiver of a message. What’s the message? In this case it’s sqrt(9), which means call the method sqrt, shorthand for “square root” with the parameter of 9.  The result of this method call is the value 3.0. You might notice it’s not just 3. That’s because most of the time the square root of a number won’t be an integer, so the method always returns a floating-point number. MIS

MIS Source:

 Defining the method “Hi” as a shortcut to “Hello World”  Now, when we type hi ruby knows we mean Hello World MIS

 Lets say we want to customize a bit. Say Hello to one person  Note the error. That was me not remember to use “input” MIS

 Holding Spots in a String  What’s the #{name} bit? That’s Ruby’s way of inserting something into a string. The bit between the braces is turned into a string (if it isn’t one already) and then substituted into the outer string at that point. MIS

 You can also use this to make sure that someone’s name is properly capitalized:  A couple of other tricks to spot here. One is that we’re calling the method without parentheses again. If it’s obvious what you’re doing, the parentheses are optional. The other trick is the default parameter World. What this is saying is “If the name isn’t supplied, use the default name of "World"”. MIS

 Defining a class  The new keyword here is class. This defines a new class called Greeter and a bunch of methods for that class. Also This is an instance variable, and is available to all the methods of the class. As you can see it’s used by say_hi and say_bye. MIS

MIS

 Use.instance_methods to say methods available  Lots of inherited (Ancestry) methods are also listed MIS

 To see just the methods we defined (filter out inherited methods) us.instance_methods (false)  What methods will greeter respond to?  "to_s" (meaning convert something to a string, a method that’s defined by default for every object). MIS

 Lets add name  Using attr_accessor defined two new methods for us, name to get the value, and name= to set it. MIS

 After ours change we get: MIS

 I’ll show snippets here.  Full text will be loaded to blog MIS

 Save to root and run by typing  “ruby [file_name]  In my case “ruby Unir5212.rb” MIS

 Lines in the script beginning with # are comments and are ignored by the interpreter  The first line is a special case and tells the interpreter how to und the script  “say_hi” looks to make decisions MIS

 Now lets look at looping  From the script  “each” is a method that accepts a block of code then runs that block of code for every element in a list, and the bit between do and end is just such a block. The variable between pipe characters is the parameter for this block. MIS

 If you were doing this in C it might look like this: for (i=0; i<number_of_elements; i++) { do_something_with(element[i]); } MIS

 “say_bye” doesn’t use do list  Instead, it tests to see is a list exists Or not exist. If so, just use “…” MIS

 Now we move from Ruby back to Metasploit  Metasploit is written in Ruby  Ruby is the language used in the modules through out Metasploit MIS

 Here is what the start of this module looks like: MIS

 The previous page has some interesting lines to consider  “require ‘msf/core’”  Module will include all functionality from Metasploit’s core libraries  “class Metasploit3, Msf::Exploit::Remote  Defines this as an “Exploit” module  “include Msf::Exploit::Remote::SMB::Client”  Pulls in the SMB Client module that includes functionality to handle client interaction MIS

 Grab a module close to what you want to do  Tweak it to get the functionality you need  This may involve sharpening your coding skills first MIS

 Depending on the Exploit, you may need to know:  MSSQL  Oracle  PowerShell  Bash  Etc… MIS

 Modifying the tools is one of the distinguishing skills in top flight Consultants  Lots of people can run nmap, Nessus, and Metasploit, but to distinguish yourself in the field, this needs to be your jumping off point. Please Note: I’m not saying I am any good at this, there’s a reason I’m teaching the course instead of consulting ;-) MIS

 For Metasploit, scripting is basically modules for meterpreter  Same concept as earlier, but specific to meterpreter sessions  This is also a point where the book contains older information  Scripts are no longer being accepted for Metasploit  Script functionality is being ported to modules. MIS

 Metasploit is constantly evolving  To stay on top you may want to follow on twitter:  HD  Metasploit  Andréz  Check in on Rapid7 and DarkOperator   MIS

 metasploit/blog/2016/01/22/weekly- metasploit-wrapup metasploit/blog/2016/01/22/weekly- metasploit-wrapup MIS

 pro pro MIS

 MIS

 We spent almost all of our time in the open source Metasploit Framework due to licensing  Metasploit Pro looks just as good and works just as well as the commercial products just mentioned MIS

 In the news  Introduction to WebGoat  Exam will be postponed one week. MIS

? MIS