Hitachi

U.S.A.

Hitachi Group Global Network

Americas

Asia

Europe

Middle East and Africa

Oceania

Close

Information Security Techniques: How to Build a Command Shell using newLISP
You are here: Home \ Security Practices \ Information Security Techniques: How to Build a Command Shell using newLISP
Information Security Techniques
Posted on Tuesday, May 10th, 2016 by

newLISP: Scripting Languages in Security

 

In this article, we’ll be looking at the role of scripting languages in Information Security and Penetration Testing.

My favorite scripting language is newLISP, a cross-platform LISP-like language. As described by its creator Lutz:

newLISP is a Lisp-like, general-purpose scripting language. It is especially well-suited for applications in AI, simulation, natural language processing, big data, machine learning and statistics. Because of its small resource requirements, newLISP is excellent for embedded systems applications. Most of the functions you will ever need are already built in. This includes networking functions, support for distributed and multicore processing, and Bayesian statistics.

 

Our toolset follows generic patterns in penetration testing, generally following approaches you’ll find in SANS and P-TES approaches.

I will explain basic to advanced programming and security techniques, but I won’t teach you to program in newLISP.

The good news is that newLISP is easy to learn if you already have some programming experience. Download newLISP from newlisp.org and check out some of these references to learn how fun this language is:

 

Why newLISP?

Many of you that already have programming experience may be asking, why not Python or Ruby? There are many programming libraries and existing resources for these languages, but newLISP holds the edge for me.

Although you’ll end up having to create a number of your own algorithms and libraries, newLISP comes with an extensive, yet simplified vocabulary and has batteries included in a very tiny footprint.

Some of my favorite newLISP features that will come in very handy for this series include:

  • Runtime extensibility
  • Cross-platform capability
  • Small footprint, 300kb disk footprint
  • Creation of native executable
  • Often 1MB runtime memory utilization for even complex processing, and network services

A tentative outline of this series will include the following topics, in no particular order.

  • Building a Command Shell for command line interaction, with plugins and workflows to automate repetitive tasks and creations of playbooks that can be re-run, replayed while logging all results
  • Integration of common security tools into the command shell: NMAP, Nessus, PCAP, filterer etc…
  • Integration with databases for storing results and reconnaissance data
  • Analysis and processing results to uncover associated data
  • Generation of independent excusable, supporting multiple platforms.

From here we’ll move on to more advanced topics of network services, custom exploits, fuzzers, aggregated machine learning and how to include these techniques to be successful on red and blue teams. Knowledge protects.


 

Part 1: Command Shell

To start things off we’ll create a simplified interactive command shell, which will eventually integrate with your host command line.

newLISP has two built-in functions that will help us create this command line, prompt-event and command-event. We’ll be changing the command prompt so we know when we’re actually in the shell and not the command line, and we’ll also implement a command interpreter with command-event.

An example of these functions can be found in action in newLISP source distribution, where a custom shell is implemented. We’ll be using some of this code, primarily for integrating newLISP help functionality and a plugin system that we’ll be developing throughout this series. Command completion will work on Linux bash terminals.

(prompt-event (fn (ctx) (string ctx ":"  "> ")))

The basic command event is evaluated for each shell input ‘s’ and will include the command line input on each carriage return. We need to process this string and evaluate our shell commands as required.

(command-event (fn (s) ))

For now, the shell will do nothing but return an empty result; we’ll define shell processing a little later.

And we’ll create a stand-alone self-executable for our command shell, by linking both the newlisp interpreter and our little work in progress command shell.

 

A Helping Hand

Being able to look up API documentation for function prototypes and usage examples is invaluable when trying to limit context switches between the task at hand and finding reference documentation.

This help function comes straight out of newLISP examples and can be used from within our shell to give contextual function prototype data and to look up documentation for a given function we’re looking to use.

(define (help func-name)

(when (= func-name "help") (set 'func-name ""))

(if (find func-name "|+*-") (push "\\" func-name))

(set 'helpfile (read-file (if (= ostype "Win32")

(string (env "NEWLISPDIR") "/newlisp_manual.html")

"/usr/share/doc/newlisp/newlisp_manual.html")))

(set 'html-text (join

(find-all (format {(syntax: \(%s.*?)(<br/>|</h4>)} func-name ) helpfile $1) "\n"))

(replace "<.*?>" html-text "" 0)

(replace "&lt;" html-text "<")

(replace "&gt;" html-text ">")

(replace "&amp;" html-text "&")

(println html-text)

"")

 

Here is a last quick screenshot showing our current context MAIN, and switching to a different context we call PEN-TEST to set the stage for some of our upcoming work on plug-ins and penetration testing. Newlisp Contexts are name-spaces separating data and functions that we define and call.

 

 

That’s it! The first step is done. Any questions?

Travis Kay
About author:
Travis Kay is a professional technologist in Information Security with working experience in several business domains. Travis has performed for nearly two decades, in roles of complex software development, architecture and security in business domains such as; Secondary Education, Insurance, Casino / Racino Management, Online Entertainment Gaming, Telecommunication , Healthcare, and Government Public Sector services.Travis has been the technical lead and primary consultant or engineer on several large scale identity and access management projects. Since 2004 Travis has worked on nearly two dozen Identity and Access Management projects of all sizes and scale. As a former PCI QSA and Practice Co-Lead for a Telecommunications Security Practice, Travis lead and consulted on many engagements for compliance under PCI 2.x for several years. As a current PCIP holder, Travis remains current with Payment Card Industry best practices and updated standards. Travis has conducted several penetration tests on Network Infrastructure, custom network protocols and web applications. Additionally, Travis has written custom tooling in the form of programs and workflows for automated, complex vulnerability assessments, reconnaissance, Open Source Information Intelligence and testing. Travis has extensive software development, system design and architectural experience with many programming languages and platforms. From working on open source application servers, programming languages, media players and Enterprise products. Travis remains and has been an active developer since 1995.

Latest Webinars | Watch Now

 

The Next Generation of Managed Security, in collaboration with PCM.

Watch Now

Reporting Data Privacy Obligations to the Board: A Practical Approach to Ongoing Compliance, in collaboration with Nymity.

Watch Now