Hack Like a Pro: Perl Scripting for the Aspiring Hacker, Part 1
Welcome back, my hacker apprentices!
To enter the upper echelons of hackerdom, you MUST develop scripting skills. It's all great and well to use other hacker's tools, but to get and maintain the upper hand, you must develop your own unique tools, and you can only do that by developing your scripting skills.
Probably the most widely used scripting language within the Linux environment is Perl, which is not an acronym, though many believe it stands for Practical Extraction and Report Language.
Perl was developed by the linguist Larry Wall in 1987. He designed it specifically to manipulate text. Wall was interested in designing a scripting language that would be capable of pulling text from multiple sources for reports, something we take for granted now, but not simple in a heterogenous enterprise environment of 1987.
As nearly everything in Linux is a file and many of them simple text files, Perl has proven particularly useful in the Linux environment. In addition, Perl gives us the capability to use shell scripting commands in our scripts making it extremely useful for scripting hacking tasks that both require shell commands and text manipulation, such as website reconnaissance and hacking.
Perl also is the source of the useful regular expressions, or regex, that have made their way into many hacking, security, and Linux applications. These regular expressions give us so much more power to find text patterns in numerous applications like Snort, MySQL, etc. Regular expressions were first developed for Perl and in some cases are referred to as Perl Compatible Regular Expressions, or PCRE.
Fortunately, because Perl is so widely used in Linux, every Linux distribution comes with a Perl interpreter and Kali is no exception. If you are running Windows, you can download the Perl interpreter here.
Perl has been used to develop a number of hacking tools including nikto, onesixtyone, snmpenum, fierce, adminfinder, and so many others. Perl is also favored for its ability to be used for sending SQL scripts from a web application to a backend database (Amazon's website uses it for this purpose).
If we want to look for all the Perl scripts in Kali, we can do so by typing:
- kali > locate *.pl
We can see that there are literally hundreds of scripts for multiple purposes in Kali. This is only the tip of the iceberg as an indication of the importance of Perl scripts in hacking and general purpose Linux administration.
Perl is so important, that I will be doing at least three Perl tutorials as we progress toward developing our own hacking tools/scripts with Perl, Python, and Ruby.
So, let's get started Perl-ing!
You can develop your Perl scripts on any platform with the Perl interpreter installed and any text editor, including vim, emacs, kate, gedit, etc. Here we will be using the text editor Leafpad that's built into Kali to develop a simple Perl script. As we get more advanced, we will want to add an IDE environment that can make script development and debugging much simpler and more productive.
Let's open Leafpad by going to Applications, Accessories and then Leafpad.
With Leafpad open, let's type the following:
- #! /usr/bin/perl
- print "Hello Null Byte!\n;
The first line simply tells the system which interpreter to use to run the code that follows. The first segment, the "#!" is often referred to as the "shebang". In our case, we want this code to be interpreted by the Perl interpreter, so we follow the shebang with "/usr/bin/perl".
The second line is a simple print statement. We want the system to print "Hello Null Byte!". We end with the special character "\n" that terminates the line.
Let's now save it and call it "firstperlscript".
Let's navigate to the directory we saved it in and type:
- ls -l
As you can see, our script has been saved with the default permission of 644. To be able to execute this script, we will need "execute" permissions, so we need to change the permissions to 755 like this:
- chmod 755 firstperlscript
Now that we have the execute permission, we can run this mini script by typing:
As you can see, it printed "Hello Null Byte!" just as we intended.
Perl has numerous special characters that we can use. As you can see in the above script, we used the "\n" which is a new line character. A few other of Perl's special characters are:
- \0xx - the ASCII character whose octal value is xx
- \a - an alarm character
- \e - an ESCAPE character
- \n - a NEWLINE character
- \r - a RETURN character
- \t - a TAB character
There are many more, but this is just a sampling of the many special characters in Perl. We'll introduce more as we need them in subsequent Perl tutorials.
Having executed a very simple Perl script, let's add some capability and complexity. Usually, when running any script, we will need some variables to hold information. Variables in Perl are designated similarly as in Linux, by using "$" before a label for the variable, such as $name.
Let's enter the following code into our text editor.
Now, let's examine this simple script line by line.
- The first line tells the system which interpreter to use in executing this script.
- The second line simply prints the statement.
- The third line prints a question asking the user what is their favorite website.
- The fourth line places the STDIN into a variable called $name.
- The fifth line uses the chomp function on the variable $name. This function will remove any potential new line characters that the user may have entered when answering our question.
- Finally, the sixth line prints our response with the input from the user that is in the variable $name.
Now, let's save this script as secondperlscript and change its permissions from 644 to 755, allowing us to execute it. Finally, let's execute it by typing:
Success! We were able to capture the user input into the variable $name and then use that input in a print statement about our favorite website, Null Byte.
One of the advantages of using Perl is that it allows us to use shell commands directly from our script to the underlying system. There are multiple ways of doing this, but I prefer using the system function with the shell command enclosed in parentheses and double quotes (we will look at other methods in subsequent Perl tutorials).
To demonstrate this, let's add the following line to our script
- system ("ifconfig");
Now let's save it as thirdperlscript and give ourselves permissions to execute it.
When the script runs, it does the same as our secondperlscript, but it also interacts directly with the operating system to grab the IP address and other networking info on the system of the user.
You can only imagine what this capability can do for us as hackers!
Keep coming back, my hacker apprentices, for future parts as we develop our Perl skills to become pro hackers!