INTRODUCTION TO SCRIPTING
ENUMERATION
Wouldn’t
the world be so much easier if we could complete the entire task with a simple
push of a button. Imagine all the time we would save and all the places we
could visit. That is if we have the money for it: p
Scripting
helps us achieve this to a certain extent. Scripting allows us to understand
the backend a program and automatically sort it according to our need. Let’s
now look into what scripting is and how it will help us in the world of
hacking.
INTRODUCTION TO SCRIPTING
Every
website or any software has two parts to it:
Front end:
Everything that a user can see and interact with on a website or an app. Things
like Images, texts, links, forms, etc.….
Back end:
These are the things that are hidden from the user like Logic, Database,
functionally. These are non-essential to the user but essential to the software
or app.
As a hacker
you are more concerned about the back end of a website and the content stored
in it. To understand the back end, you will need to understand scripts.
Watch this
video to know more about them…
WHAT IS
“SHELL” SCRIPTING?
Being an
ethical hacker means you play around with the command-line. Like it or not,
there are just some things that are done much more easily via this interface
than by pointing and clicking.
Do you
remember the text files that you could fill with commands to execute and
windows would run them in turn? It was a clever and neat way to get some things
done, like run games in your high school computer lab when you couldn’t open
system folders or create shortcuts.
Shell
scripts allow us to program commands in chains and have the system execute them
as a scripted event, just like batch files. They also allow for far more useful
functions, such as command substitution. Here are some of the things you can
accomplish with shell scripting
1. You can invoke a command, like date,
and use its output as part of a file-naming scheme.
2. You can automate backups and each
copied file can have the current date appended to the end of its name.
3. Scripting allows you to use
programming functions – such as ‘for’ loops, if/then/else statements, and so
forth – directly within you operating system’s interference.
Need to do
something repetitive and tedious? Script it! Need a shortcut for a really
convoluted command? Script it! Want to built a really easy to use command-line
interface for something?
Script it!
WHAT IS
“XSS” SCRIPTING?
Cross-site
scripting (XSS) is a code injection attack that allows an attacker to execute
malicious JavaScript in another user’s browser.
A
vulnerability is exploited in the website visited by a victim, such that the
website to deliver the malicious JavaScript, which appears as a legitimate part
of the website by the victim, and the website is used to act as an
unintentional accomplice to the attacker.
The attacks
are done by using HTML, JavaScript, VBScript, ActiveX, Flash, but the most used
XSS malicious JavaScript.
Types of
XSS Attacks: XSS attacks are often divided into three types-
1. Persistent XSS- where the malicious
string originates from the website’s database.
2. Reflected XSS- where the malicious
string originates from the victim’s request.
3. DOM-based XSS – where the
vulnerability is in the client-side code rather than the server-side code.
1. Which one of the following allows an
attacker to perform malicious activities in another user’s browser?
a. XSS
b. Shell Scripting
c. Database Scripting
Ans- a. XSS
KEY
TAKEAWYS!
Are you
still confused about what the front-end and what the back-end part of a website
are?
Fear not.
Let’s go through those concepts again.
·
The
Front end of a website is everything that is visible and that can be interacted
with. This includes the content and all the buttons on the website.
·
The
Back end of the website is not visible to the user. It contains the database,
network configurations and other files necessary to keep the website running
smoothly.
Posts
0 Comments