Transcript Hands-On Ethical Hacking and Network Security
Hands-On Ethical Hacking and Network Defense
Chapter 7 Programming for Security Professionals
Objectives
• • •
Explain basic programming concepts Write a simple C program Explain how Web pages are created with HTML
• •
Describe and create basic Perl programs Explain basic object-oriented programming concepts
Hands-On Ethical Hacking and Network Defense 2
Introduction to Computer Programming
• • •
Computer programmers must understand the rules of programming languages
•
Programmers deal with syntax errors One minor mistake and the program will not run
•
Or worse, it will produce unpredictable results Being a good programmer takes time and patience
Hands-On Ethical Hacking and Network Defense 3
Computer Programming Fundamentals
•
Fundamental concepts
• •
Branching, Looping, and Testing (BLT) Documentation
Hands-On Ethical Hacking and Network Defense 4
• • • •
Branching, Looping, and Testing (BLT)
Function
•
Mini program within a main program that carries out a task Branching
•
Takes you from one area of the program to another area Looping
•
Act of performing a task over and over Testing
•
Verifies some condition and returns true or false
Hands-On Ethical Hacking and Network Defense 5
}
Branching, Looping, and Testing (BLT) (continued)
main() { int a = 1 /* Variable initialized as an integer, value 1 */ if (a > 2) /* Testing if "a" is greater than 2 */ printf("A is greater than 2"); else GetOut(); /* Branching--calling a different function */ GetOut() /* Do something interesting here */ { for(a=1; a<11; a++) /* Loop to print 10 times */ { printf("I'm in the GetOut() function"); } }
Hands-On Ethical Hacking and Network Defense 6
Branching, Looping, and Testing (BLT)
• •
Algorithm
• •
Defines steps for performing a task Keep it as simple as possible
•
Bug
•
An error that causes unpredictable results Pseudocode
•
English-like language used to create the structure of a program
Hands-On Ethical Hacking and Network Defense 7
Documentation
• • • • •
Documenting your work is essential
• •
Add comments to your programs Comments should explain what you are doing Many programmers find it time consuming and tedious Helps others understand your work Industry standard
•
One bug for every 2000 lines of code Windows 2000 contains almost 50 million lines
•
And fewer than 60,000 bugs
Hands-On Ethical Hacking and Network Defense 8
Documentation (continued)
// The following function was added to the program June 15, 2005 // per a request from the Marketing Department.
// It appears that reports generated by the sales() function were // not giving the Marketing folks information about the sales in // Asia. This new function now uses data from text files from the // offices in Tokyo and Hong Kong. – Bob C. Twins
Hands-On Ethical Hacking and Network Defense 9
Learning the C Language
• • • • •
Developed by Dennis Ritchie at Bell Laboratories in 1972 Powerful and concise language UNIX was first written in assembly language and later rewritten in C Assembly language
•
Uses a combination of hexadecimal numbers and expressions C++
•
An enhancement of the C language
Hands-On Ethical Hacking and Network Defense 10
Learning the C Language (continued)
•
Compiler
•
Converts a text-based program (source code) into executable or binary code
•
Some C compilers can also create executable programs in C++
Hands-On Ethical Hacking and Network Defense 11
Hands-On Ethical Hacking and Network Defense 12
Anatomy of a C Program
•
The first computer program a C student learns /* The famous "Hello, world!" C program */ #include
Hands-On Ethical Hacking and Network Defense 13
Anatomy of a C Program (continued)
• • • • •
Use /* and */ to comment large portions of text Use // for one-line comments #include statement
•
Loads libraries that hold the commands and functions used in your program Parentheses in C mean you are dealing with functions main() function
•
Every C program requires a main() function
Hands-On Ethical Hacking and Network Defense 14
Anatomy of a C Program (continued)
•
Braces shows where a function begins and ends
•
Functions can call other functions
•
Parameters or arguments are optional
•
\n represents a line feed
Hands-On Ethical Hacking and Network Defense 15
Hands-On Ethical Hacking and Network Defense 16
Declaring Variables
• • • •
A variable represents a numeric or string value You can declare variables at the beginning of a program
•
You must declare a variable before using it C supports several variable types Conversion specifiers tells the compiler how to convert the values in a function
Hands-On Ethical Hacking and Network Defense 17
Hands-On Ethical Hacking and Network Defense 18
Hands-On Ethical Hacking and Network Defense 19
Declaring Variables (continued)
•
Operators
• • •
Compare values Perform mathematical calculations Types
• •
Mathematical operators Logical operators
Hands-On Ethical Hacking and Network Defense 20
Hands-On Ethical Hacking and Network Defense 21
Hands-On Ethical Hacking and Network Defense 22
Branching, Looping, and Testing in C
} {
•
Branching main() prompt(); //Call function to prompt user with a question display(); //Call function to display graphics on screen calculate(); //Call function to do complicated math cleanup(); //Call function to make all variables equal to //zero prompt() { [code for prompt() function goes here] } display() { [code for display() function goes here] } [etc.]
Hands-On Ethical Hacking and Network Defense 23
Branching, Looping, and Testing in C (continued)
} {
•
While loop main() int counter = 1; //Initialize counter variable while (counter <= 10) //Do what's in the brackets until false { printf("Counter is equal to %d\n", counter); ++counter; //Increment counter by 1; }
Hands-On Ethical Hacking and Network Defense 24
Hands-On Ethical Hacking and Network Defense 25
Branching, Looping, and Testing in C (continued)
} {
•
Do loop main() int counter = 1; //Initialize counter variable do { printf("Counter is equal to %d\n", counter); ++counter; //Increment counter by 1 } while (counter <= 10); //Do what's in the brackets until //false
•
For loop
Hands-On Ethical Hacking and Network Defense 26
Hands-On Ethical Hacking and Network Defense 27
Understanding HTML Basics
• • •
HTML is a language used to create Web pages HTML files are text files Security professionals often need to examine Web pages
•
Be able to recognize when something looks suspicious
Hands-On Ethical Hacking and Network Defense 28
Creating a Web Page Using HTML
• • •
Create HTML Web page in Notepad View HTML Web page in a Web browser HTML does not use branching, looping, or testing
• •
HTML is a static formatting language
•
Rather than a programming language < and > symbols denote HTML tags
• •
Each tag has a matching closing tag and
Hands-On Ethical Hacking and Network Defense 29
Hands-On Ethical Hacking and Network Defense 30
Hands-On Ethical Hacking and Network Defense 31
Hands-On Ethical Hacking and Network Defense 32
Understanding Practical Extraction and Report Language (Perl)
•
PERL
• •
Powerful scripting language Used to write scripts and programs for security professionals
Hands-On Ethical Hacking and Network Defense 33
Background on Perl
• • • • •
Developed by Larry Wall in 1987 Can run on almost any platform
•
*NIX-base OSs already have Perl installed Perl syntax is similar to C Hackers use Perl to write malware Security professionals use Perl to perform repetitive tasks and conduct security monitoring
Hands-On Ethical Hacking and Network Defense 34
Hands-On Ethical Hacking and Network Defense 35
Hands-On Ethical Hacking and Network Defense 36
Hands-On Ethical Hacking and Network Defense 37
Understanding the Basics of Perl
• •
perl –h command
•
Gives you a list of parameters used with perl perldoc
•
Displays the description of a perl scripting command
Hands-On Ethical Hacking and Network Defense 38
Hands-On Ethical Hacking and Network Defense 39
Hands-On Ethical Hacking and Network Defense 40
Hands-On Ethical Hacking and Network Defense 41
Understanding the BLT of Perl
•
Some syntax rules
• • • •
Keyword “sub” is used in front of function names Variables begin with the $ character Comment lines begin with the # character The & character indicates a function
Hands-On Ethical Hacking and Network Defense 42
Branching in Perl
# Perl program illustrating the branching function # Documentation is important # Initialize variables $first_name = "Jimi"; $last_name = "Hendrix"; &name_best_guitarist; sub name_best_guitarist { printf "%s %s %s", $first_name, $last_name, "was the best guitarist!"; }
Hands-On Ethical Hacking and Network Defense 43
Looping in Perl
} {
•
For loop for ($a = 1; $a <= 10; $a++) print "Hello security testers!\n" }
•
While loop $a = 1; while ($a <=10) { print "Hello security testers!\n"; $a++
Hands-On Ethical Hacking and Network Defense 44
Testing Conditions in Perl
if (($age > 12) && ($age < 20)) { print "You must be a know-it-all!"; } elsif ($age > 39) { print "You must lie about your age!"; } else { print "To be young..."; }
Hands-On Ethical Hacking and Network Defense 45
Testing Conditions in Perl (continued)
unless ($age == 100) { print "Still enough time to get a bachelor's degree."; }
Hands-On Ethical Hacking and Network Defense 46
Hands-On Ethical Hacking and Network Defense 47
• •
Understanding Object-Oriented Programming Concepts
New programming paradigm There are several languages that support object-oriented programming
• • • • •
C++ C# Java Perl 6.0
Object Cobol
Hands-On Ethical Hacking and Network Defense 48
Components of Object-Oriented Programming
• •
Classes
•
Structures that hold pieces of data and functions The :: symbol
• •
Used to separate the name of a class from a member function Example:
•
Employee::GetEmp()
Hands-On Ethical Hacking and Network Defense 49
Components of Object-Oriented Programming (continued)
// This is a class called Employee created in C++ class Employee { public: char firstname[25]; char lastname[25]; char PlaceOfBirth[30]; [code continues] }; void GetEmp() { // Perform tasks to get employee info [program code goes here] }
Hands-On Ethical Hacking and Network Defense 50
Summary
• • • • •
Writing an algorithm and using pseudocode
•
Good habits to adopt when writing computer programs Clear documentation of program code is essential C is one of the most popular programming languages BLT
•
Branching
• •
Looping Testing Many C compilers available
•
GNU GCC is an open-source compiler for Linux
Hands-On Ethical Hacking and Network Defense 51
Summary (continued)
• • • •
HTML
•
Primary language used to create Web pages Perl and C programming languages
•
Used to create most security tools and scripts Object-oriented programming
•
Based on classes
•
Structures containing both data and functions Win32 API
•
Interface to the Windows operating system
Hands-On Ethical Hacking and Network Defense 52