Hack Like a Pro: Perl Scripting for the Aspiring Hacker, Part 1

Perl Scripting for the Aspiring Hacker, Part 1

Welcome back, my hacker apprentices!

To enter the upper echelons of hackerdom, you MUST develop scripting skills. It's all great and well to use other hacker's tools, but to get and maintain the upper hand, you must develop your own unique tools, and you can only do that by developing your scripting skills.

The History of Perl

Probably the most widely used scripting language within the Linux environment is Perl, which is not an acronym, though many believe it stands for Practical Extraction and Report Language.

Perl was developed by the linguist Larry Wall in 1987. He designed it specifically to manipulate text. Wall was interested in designing a scripting language that would be capable of pulling text from multiple sources for reports, something we take for granted now, but not simple in a heterogenous enterprise environment of 1987.

Why Perl Is So Important in Linux

As nearly everything in Linux is a file and many of them simple text files, Perl has proven particularly useful in the Linux environment. In addition, Perl gives us the capability to use shell scripting commands in our scripts making it extremely useful for scripting hacking tasks that both require shell commands and text manipulation, such as website reconnaissance and hacking.

Perl also is the source of the useful regular expressions, or regex, that have made their way into many hacking, security, and Linux applications. These regular expressions give us so much more power to find text patterns in numerous applications like Snort, MySQL, etc. Regular expressions were first developed for Perl and in some cases are referred to as Perl Compatible Regular Expressions, or PCRE.

Perl on Your System

Fortunately, because Perl is so widely used in Linux, every Linux distribution comes with a Perl interpreter and Kali is no exception. If you are running Windows, you can download the Perl interpreter here.

Perl has been used to develop a number of hacking tools including nikto, onesixtyone, snmpenum, fierce, adminfinder, and so many others. Perl is also favored for its ability to be used for sending SQL scripts from a web application to a backend database (Amazon's website uses it for this purpose).

If we want to look for all the Perl scripts in Kali, we can do so by typing:

  • kali > locate *.pl

We can see that there are literally hundreds of scripts for multiple purposes in Kali. This is only the tip of the iceberg as an indication of the importance of Perl scripts in hacking and general purpose Linux administration.

Perl is so important, that I will be doing at least three Perl tutorials as we progress toward developing our own hacking tools/scripts with Perl, Python, and Ruby.

So, let's get started Perl-ing!

Step 1: Create a Script

You can develop your Perl scripts on any platform with the Perl interpreter installed and any text editor, including vim, emacs, kate, gedit, etc. Here we will be using the text editor Leafpad that's built into Kali to develop a simple Perl script. As we get more advanced, we will want to add an IDE environment that can make script development and debugging much simpler and more productive.

Let's open Leafpad by going to Applications, Accessories and then Leafpad.

With Leafpad open, let's type the following:

  • #! /usr/bin/perl
  • print "Hello Null Byte!\n;

The first line simply tells the system which interpreter to use to run the code that follows. The first segment, the "#!" is often referred to as the "shebang". In our case, we want this code to be interpreted by the Perl interpreter, so we follow the shebang with "/usr/bin/perl".

The second line is a simple print statement. We want the system to print "Hello Null Byte!". We end with the special character "\n" that terminates the line.

Let's now save it and call it "firstperlscript".

Step 2: Set Permissions

Let's navigate to the directory we saved it in and type:

  • ls -l

As you can see, our script has been saved with the default permission of 644. To be able to execute this script, we will need "execute" permissions, so we need to change the permissions to 755 like this:

  • chmod 755 firstperlscript

Step 3: Execute the Script

Now that we have the execute permission, we can run this mini script by typing:

  • ./firstperlscript

As you can see, it printed "Hello Null Byte!" just as we intended.

Step 4: Special Characters in Perl

Perl has numerous special characters that we can use. As you can see in the above script, we used the "\n" which is a new line character. A few other of Perl's special characters are:

  • \0xx - the ASCII character whose octal value is xx
  • \a - an alarm character
  • \e - an ESCAPE character
  • \n - a NEWLINE character
  • \r - a RETURN character
  • \t - a TAB character

There are many more, but this is just a sampling of the many special characters in Perl. We'll introduce more as we need them in subsequent Perl tutorials.

Step 5: Variables in Perl

Having executed a very simple Perl script, let's add some capability and complexity. Usually, when running any script, we will need some variables to hold information. Variables in Perl are designated similarly as in Linux, by using "$" before a label for the variable, such as $name.

Let's enter the following code into our text editor.

Now, let's examine this simple script line by line.

  1. The first line tells the system which interpreter to use in executing this script.
  2. The second line simply prints the statement.
  3. The third line prints a question asking the user what is their favorite website.
  4. The fourth line places the STDIN into a variable called $name.
  5. The fifth line uses the chomp function on the variable $name. This function will remove any potential new line characters that the user may have entered when answering our question.
  6. Finally, the sixth line prints our response with the input from the user that is in the variable $name.

Step 6: Execute the Script

Now, let's save this script as secondperlscript and change its permissions from 644 to 755, allowing us to execute it. Finally, let's execute it by typing:

  • ./secondperlscript

Success! We were able to capture the user input into the variable $name and then use that input in a print statement about our favorite website, Null Byte.

Step 7: Shell Commands in Perl

One of the advantages of using Perl is that it allows us to use shell commands directly from our script to the underlying system. There are multiple ways of doing this, but I prefer using the system function with the shell command enclosed in parentheses and double quotes (we will look at other methods in subsequent Perl tutorials).

To demonstrate this, let's add the following line to our script

  • system ("ifconfig");

Now let's save it as thirdperlscript and give ourselves permissions to execute it.

Step 8: Execute the Script

When the script runs, it does the same as our secondperlscript, but it also interacts directly with the operating system to grab the IP address and other networking info on the system of the user.

You can only imagine what this capability can do for us as hackers!

Keep coming back, my hacker apprentices, for future parts as we develop our Perl skills to become pro hackers!

8 Comments

When OWT ask's were smart to listen. Here is my code outline its been debuged and works to where I am at with it. I am starting to like perl and my old programming neurons that have been sitting stagnant in my brain are starting to kick in. I have to work for a few hours but will try to get back to it. In case any other noobs want to play with it I wanted to get it out.

#! /usr/bin/perl
print "hello Master\n";
# I love that part my computer calls me master
print " I am running pre post pen testing setup\n";
print "what process do you wish to run, options = pre or post\n";
$name = <STDIN>;
chomp $name;
print "$name\n";
if ($name eq pre){
print "yes Master running presetup\n";
}
#system (incert first command here) testing and debuging before I #acutally run a bash command
elsif ($name eq post){
print "yes Master resetting system\n";
}
#systm (1'st bash here)}
else {
print "Oh fat fingered Master #try again\n";
}
#I will add a loop here to the first If, have to sudy it tho
#not worried about exiting the loop and contol c will do it

Great tutorial ,Keep up the good work .

Regards
Jacky

OTW,

This is my first script that I made in perl, but I need help with adding a feature.

#! /usr/bin/perl
print("Please enter the name of the file you would like to search/n encase it in '', please.\n");
$filename = <STDIN>;
sleep(.2);
print("Now searching for $filename, please wait. This may take a few seconds\n");
sleep(.2);
system("cls");
system("find / -name $filename 2>errors.txt");
exit;

If I want to export what files I find to a text document, how would I do that? Thank you in advance, and keep up the inspiring tutorial! You have amazing tutorials!

Nice, I see you have been debuging your script. You put a "stdin" you need to chomp it though, Also I think you will find that your "find" command does not work. But to answer your question use the >> if your gonna add it to another file.

Thank you! What does chomp do? And I am wanting to set what output comes out of terminal as a variable, and I'm a bit stuck on that. This is a separate project by the way.

For example, I want to take what ifconfig wlan0 output is and save inet addr as a variable. My end goal is to make an automatic metasploit script.

Thank you Jon!

lol np,

per OWT in above article

The fifth line uses the chomp function on the variable $name. This function will remove any potential new line characters that the user may have entered when answering our question.

why reinvent the wheel. google lazykali.sh I think it already does what you want.

I am a noob also but you might want to start here for your output
http://www.if-not-true-then-false.com/2010/linux-get-ip-address/
then you will have to find out how to send the output to a string. should be something like this
my $result = `mycmd 2>&1

hope that helps or at least points you in the right directions.

OTW:

I wanted to ask, i understand that a dictionary attack is as good as the disctionary it uses. So, a richer cleaner dictionary will lead to better results. As such, i have been working on different dictionaries( from different sources, countries) that i have cleaned, reduced, eliminated duplicates ...

The problem is, that now i ended up with a 9Gb dictionary that would take forever to run. also it is logical that if we have a Wifi named James Wifi (and we know that his son's name is max, and his sister jannie) then those names and their variant should be tested 1st as they hold better probability of succes

Consequently, i thought of writing a script that would take in different arguments (such as a name, or numerical values) and the different dictionaries; and the output would be dictionaries that are sorted depending on the previous arguments. (however looking at the size of the dictionary simple sorts are not an option) so should i link the script to a structured database, or should i directly start taking advantage of the cloud and the Map reduce model ?

I would really appreciate it if we maybe could exchange ideas and words about this and more.

Thanks in advance
Soulei1990

do i need perl and also python for hacking ?

Share Your Thoughts

  • Hot
  • Latest