Linux PHP and Website Security

Extreme Guide To Perl | Exploit Launching With Perl

Hello Friends this is Rahul Tyagi and here is my first post for you , hope you will like it, today I will talk about a fabulous language called Perl. Perl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular amongst programmers.

In the web development environment, Perl is a very powerful way to create dynamic web pages. Perl can be used for virtually any web application you can think of, from hit counters to database management.

Perl is worth learning for practical reasons; it’s very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don’t require C’s machine efficiency. You will need to be able to understand their code.

Python VS Perl

The differences are they are two different languages, and nothing more. Just like the differences between PHP and Python, C Sharp and Python, C and Python and so on.

There are always people that like one language or hear something about a language and believe what they hear, and use those feelings to act like one is better than the other. None of these are true.

All of these languages are excellent. In fact, Perl is more mature than most and offers better reliability and security than most (comparing it to things like PHP, for example, but that’s not to say PHP is bad).

 Hackers and Perl

Perl as we  all know, is one of the powerful languages available on the web. And especially very popular among hacking communities. To write exploits for vulnerability available in any software. Here is a procedure which a Perl coder follows while writing an exploit for vulnerability found in any software.

From many underground communities and forums, many exploits are introduced, and for launching them hackers/crackers/pentesters use Perl platform, it’s very easy to fire an exploit towards the target. So how do they do that? Let’s see.

 

Downloading Active Perl

activeperl

Step 1:- Go to www.perl.org and click on download

Here we have three platforms if you are using Linux click the first one i.e. Unix/Linux , and on the other side MAC OS X and Windows platform is also available  for downloading .

Step 2:-   As you click on Windows you will be redirected to another website link from where you can download the perl language . The new website will look like as below image

activestate

 Just click on Download Active Perl 5.14.2, it’s for 32bit operating systems. After downloading it,  install it

Step 3:- It’s a total 15Mb of setup file. To install it, double click on the setup file.

perl installation

 

Finding Exploit from the Web

Well, now we have installed Perl into your machine  and what we need to do next is to find an exploit. There are two options that you can do;  we can make our own exploit or we can get a Perl exploit from the web.(Underground Forums, Blog etc).

Here are some forums from where you can get the latest exploits almost for free.

http://www.1337day.com

http://www.packetstormsecurity.org

http://www.exloit-db.com

Another very good section for getting latest Perl exploits is in hackforums.net coding section .

perl programming

More than 600 exploit scripts available to play with. Go to hackforums.net and see the coding section.

These are other websites available from where you can get the latest Perl exploits. For beginners, obviously it’s very difficult to make his/her own exploit. So in short time you can get your required exploit from the above links, but again I recommend building your own exploit is very important because no doubt there are many exploit codes that are available on the web but it does not matter in some cases, maybe there is a possibility in which you have the requirement for an exploit for a Router but on the web you are unable to find that script, In that case you have to develop your own exploit for the vulnerability you found.

I am not saying that you are not a hacker if you do not know any language but if you want to be a TRUE hacker then you should know coding in core, if not at least that much , which helps you to fulfill your requirements.

 

Getting and Launching the Exploit

Step 1:- First go to any of above site and download the required Perl exploit in my case I am downloading an Admin Page Finder script in Perl and Password Generation Script, that will help us to find Administrator Pages and will help us generate random passwords respectively.

Step 2:- Here is the code of Admin Page Finder Script. You can download it from this link, you just have to copy this script and paste it into notepad and save it as adminperl.pl.  ‘.pl’ extension represents Perl script.

adminperl.pl

Save it and your script will look like the same image file above  which is adminperl.pl.

 

Step 3:- For launching the exploit you have to use the command prompt.

cmd

Step 4:- Now for launching just go to the path directory of your Perl and type the name of the exploit

launching exploit

Step 5:- Here your script is working now just fill in the name of the site whose admin page you want to find for the further security assessments. And in the page type just type ‘any’ for the language input.

admin control panel finder

In the  image below you can see that its finding the admin page in my website by matching the page name with its pre-built database.

rahultyagi

For Further Learning  in Perl I prefer you should subscribe this link on youtube.

http://www.youtube.com/user/PerlTutorials

youtube

Limitations of Perl

If you want to run your program on a different computer, you can’t always be sure that Perl is installed everywhere. It is common enough on most modern Linux and Solaris installations, although some system administrators choose not to install it for various reasons. On Windows, though, it is not so common and you need to install it. The installation is easy to get and free, but it needs to be done before you can run anything.

Moreover, if you write a script which uses modules from CPAN, and want to run it on another computer, you need to install all the modules on that other computer, which can be a drag.

2 Comments

  1. buddy pls edit urheading “Getting and Launching the Exploit” admin.pl is not an exploit ..it is a script..

    when u say exploit do giv examples for SEH based exploit or other exploit in perl.. that will be helpful for noobs.. and pls stick to the topic.. else it will look lame.. sorry no offense.. 🙂

    Reply
    1. Hi there, I’m one of the admins of the blog. Thanks for the concern but I think is is just ok. It is true that admin.pl is not an exploit but a admin finder script, in this case it is an example. The author (Rahul Tyagi) just like to give an idea how to launch a script which in some instances may be an exploit, bot, and other scripts out there 😉

      Reply

Leave a Reply