This is the 16th post of a series for teaching cyber-security in a coding-club. Read [part 15]

Bash scripts

The Shell

By now you should be familiar with the operation of the shell (and the programs which run on it using the Bash language).

You can thank Brian Fox for creating the shell and sharing it freely with the world.
Brian Fox
Together with other computer scientists they started a movement called Free Software where anybody in the world could copy, modify and use their creations. Today, most computers in the world (the ones called servers which make websites possible) are powered by their tools. Free software is different from Microsoft Windows in that you can look "under the hood" and find out what it is doing. Here's another amazing coder who also creates and promotes free software:

Allison Randal

Combining shell commands

Now let's get back to business. You need to go inside our secret server. To do that you need to find the IP address of the server, and ssh into it. At this point, you should understand what the previous sentence means.

To do this you need to know the user and password. Now, admin is a very common user, so that would be a good thing to try.

ssh [email protected]

Where X.X.X.X would be the numbers for the IP address. Once you try that it would ask:

[email protected]'s password: ________________

And you could try "hello1". If it doesn't work you would have to ssh again and try something new like "rabbits33" or "asdf;lkj". However there are hundreds of thousands of combinations! It would take forever to try all of them by hand.

In fact, if the password has 8 characters (letters and numbers) there are 2,821,109,907,456 possible combinations. If you try one every second, it will take you 800 centuries to try them all!! (☉_☉)

So what can we do?

We need to write a short shell program to do things for us.

Loops

Doing something 10,000 times!

Let's think about how we could try different combinations. Let's start with a simpler problem: Can we get the shell to print the numbers 1 to 10? In other words, can we get:

$ 1
2
3
4
5
6
7
8
9
10

Well, you could type each and every number, but that would not be fun if we had to print 1 → all the way to → 10,000.

for loops

To tackle this problem the Bash language (and many other programming languages) has something called loops. It's a procedure which gets repeated over and over with a little change each time.

Our procedure looks something like this:

x = 1
print x

now change x = 1 to x = 2
print x

now change x = 2 to x = 3
print x

and so on.

Bash has a special way to write this. The syntax is the following:

for x in {1..10}

which means:

• consider that x is the first element of the list {1,2,3,4,5,6,7,8,9,10}.
  Then

• consider that x is the second element of the list {1,2,3,4,5,6,7,8,9,10}
  Then

• consider that x is the third element of the list {1,2,3,4,5,6,7,8,9,10}

• ... And so on until:

• consider that x is the last element of the list {1,2,3,4,5,6,7,8,9,10}

Now, for each value of x you can make the computer do something. Let's start with something very easy called echo which means print it to the shell. Our loop is going to be:

for x in {1..10}
do
  echo $x
done

Which means:

• first x is 1, so do echo 1
• then x is 2, so do echo 2
• then x is 3, so do echo 3
• etc

Go ahead and type those lines in the shell. You can type one line after another, or you can separate them with semicolons:

for x in {1..10}; do echo $x; done

Did it work? Can you print the first 10,000 numbers to the shell?

But how then, do hackers use those loops to hack servers? Find out in [Part 17]