1. Shell Scripting, Ruby & Hacking Shaikh Abdullah aka Hackuin Asst. Investigation Officer, CCPS, Crime Investigation Department. Exploit Code Not People!!Exploit Code Not People!! [Hackthissite.org] 2. About Me: IT-Security Enthusiastic In to this field from last quarter of '99 Worked with HP-Bangalore as Production Support Engineer. Various Small companies like Brigade/infoTech/Adea ... Currently Working for Crime Invistigation Department ( since 2009) Goes with handler, Hackuin over internet. Love researching IT-sec and Scripting (Bash/Ruby).. Used to hang-over various forums/irc/fb-groups, like #ubuntu, #linux, #bash, #hts #g4h Playing SNOOKER, CHESS, POKER @ POKERSTARS and SWIMMING 3. Agenda : Zsh + Tmux + Vim and why? Advance shell scripting. Ruby essentials Screen-scarping/web-scarping : : Nokogiri POST data to websites : : Mechanize Ruboto IRB android. Rvm Live-coding/Demo on IP to dword/hex (usually used in 419 SCAMS) Using Mechanize/Nokogiri [ http://www.dnsqueries.com/en/ip_v4_converter.php ] Live-coding/Demo on Facebook: Figuring our the Email address of the targeted profile Forget Password page Koala gem for facebook Mixing up shellscript and Ruby script to get the results from, [ https://m.facebook.com/login/identify/?ctx=recover ] 4. Zsh + Vim + Tmux It's Like: 5. Zsh: Powerful/Advance shell Plenty of default alais for scripters/developers Cloudapp 1,2,3,.. or ..., .... [ directory Transversals ] D64 and e64 (decode and encode) Features Navigate through directorys/files Intellegent auto-complete Command streamed/buffered File Globing search's Process Kill command 6. Vim: Simply awesome editor. You simple move through lines with hjkl Delete line with d D, delete words dw Move through word with w & b Awesome Plugins Auto pair (bracket completion) Ruby Plugins Emmet etc.. Recording/Macros: Another feature where you can record your sequence of commands. 7. Tmux: Tmux : Terminal Multiplexer Creates session for your workflow Secure your sessions/workflow Have multiple user interface like peer programming Attach and detach sessions Divide in multiple panes 8. Advance Shell Scripting Shell Scripting: Don't use extensively too many commands and pipe's to get simple results. Example: 9. Advance Shell Scripting Shell Scripting: Don't use extensive too many commands and pipe's to get simple results. Example: $ifconfig |grep 'Bcast' |awk '{print $2}' |cut -d : -f2 Simple way: $ifconfig |awk '/Bcast/{print substr($2,6)} Dont Mix awk and grep, awk itself have excellent regualr exp. Example: $ ip addr |grep HEAD / HTTP/1.0 pipe heredoc> pipe heredoc> __ Carriage Returns 11. Ruby Nokogiri - Mechanize Ruby is easy to learn Huge documentation is available Ruby on rails is a kickstart Widely used. 12. Ruby Nokogiri - Mechanize Nokogiri ( ) is an HTML, XML, SAX, and Reader parser. Nokogiri's feature is the ability to search documents via XPath or CSS3 selectors. Easy to use for data scarping from any websites where formal API is unavailable. 13. Ruby Nokogiri - Mechanize Demo: 14. Ruby Nokogiri - Mechanize Mechanize: The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. Form fields can be populated and submitted. Mechanize also keeps track of the sites that you have visited as a history. INSHORT: Usually used for POST data request. POST authentication Request 15. Ruby Nokogiri - Mechanize Mechanize Demo: 16. Facebook Demo: 17. Thanks && Regards,Thanks && Regards, - Shaikh Abdullah- Shaikh Abdullah