Perl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular amongst programmers.
In the web development environment, Perl is a very powerful way to create dynamic web pages. Perl can be used for virtually any web application you can think of, from hit counters to database management.
Perl is worth learning for practical reasons; it’s very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way I suggest you should use Python, to avoid C programming on jobs that don’t require C’s machine efficiency. You will need to be able to understand their code.
Python VS Perl
The differences are they are two different languages, and nothing more. Just like the differences between PHP and Python, C Sharp and Python, C and Python and so on.
There are always people that like one language or hear something about a language and believe what they hear, and use those feelings to act like one is better than the other. None of these are true.
All of these languages are excellent. In fact, Perl is more mature than most and offers better reliability and security than most (comparing it to things like PHP, for example, but that’s not to say PHP is bad).
Hackers and Perl
Perl as we all know, is one of the powerful languages available on the web. And especially very popular among hacking communities. To write exploits for vulnerability available in any software. Here is a procedure which a Perl coder follows while writing an exploit for vulnerability found in any software.
From many underground communities and forums, many exploits are introduced, and for launching them hackers/crackers/pentesters use Perl platform, it’s very easy to fire an exploit towards the target. So how do they do that? Let’s see.
Downloading Active Perl
Step 1:- Go to www.perl.org and click on download
Here we have three platforms if you are using Linux click the first one i.e. Unix/Linux , and on the other side MAC OS X and Windows platform is also available for downloading .
Step 2:- As you click on Windows you will be redirected to another website link from where you can download the perl language . The new website will look like as below image
Just click on Download Active Perl 5.14.2, it’s for 32bit operating systems. After downloading it, install it
Step 3:- It’s a total 15Mb of setup file. To install it, double click on the setup file.
Finding Exploit from the Web
Well, now we have installed Perl into your machine and what we need to do next is to find an exploit. There are two options that you can do; we can make our own exploit or we can get a Perl exploit from the web.(Underground Forums, Blog etc).
Here are some forums from where you can get the latest exploits almost for free.
Another very good section for getting latest Perl exploits is in hackforums.net coding section .
More than 600 exploit scripts available to play with. Go to hackforums.net and see the coding section.
These are other websites available from where you can get the latest Perl exploits. For beginners, obviously it’s very difficult to make his/her own exploit. So in short time you can get your required exploit from the above links, but again I recommend building your own exploit is very important because no doubt there are many exploit codes that are available on the web but it does not matter in some cases, maybe there is a possibility in which you have the requirement for an exploit for a Router but on the web you are unable to find that script, In that case you have to develop your own exploit for the vulnerability you found.
I am not saying that you are not a hacker if you do not know any language but if you want to be a TRUE hacker then you should know coding in core, if not at least that much , which helps you to fulfill your requirements.
Getting and Launching the Exploit
Step 1:- First go to any of above site and download the required Perl exploit in my case I am downloading an Admin Page Finder script in Perl and Password Generation Script, that will help us to find Administrator Pages and will help us generate random passwords respectively.
Step 2:- Here is the code of Admin Page Finder Script. You can download it from this link, you just have to copy this script and paste it into notepad and save it as adminperl.pl. ’.pl’ extension represents Perl script.
Save it and your script will look like the same image file above which is adminperl.pl.
Step 3:- For launching the exploit you have to use the command prompt.
Step 4:- Now for launching just go to the path directory of your Perl and type the name of the exploit
Step 5:- Here your script is working now just fill in the name of the site whose admin page you want to find for the further security assessments. And in the page type just type ‘any’ for the language input.
In the image below you can see that its finding the admin page in my website by matching the page name with its pre-built database.
For Further Learning in Perl I prefer you should subscribe this link on youtube.
Limitations of Perl
If you want to run your program on a different computer, you can’t always be sure that Perl is installed everywhere. It is common enough on most modern Linux and Solaris installations, although some system administrators choose not to install it for various reasons. On Windows, though, it is not so common and you need to install it. The installation is easy to get and free, but it needs to be done before you can run anything.
Moreover, if you write a script which uses modules from CPAN, and want to run it on another computer, you need to install all the modules on that other computer, which can be a drag.
No comments:
Post a Comment