SlideShare una empresa de Scribd logo

Perl basics for pentesters part 2

Descargar como PPTX, PDF
n|u - The Open Security Community
n|u - The Open Security Community
1 de 26
Perl Basics for Pentesters Part 2 Sanjeev Jaiswal (Jassi) Perl Programmer and Security Enthusiast #nullhyd
Part 1 Perl Introduction Perl data Types Control structures and loops Special Variable Functions to memorize File handling Part 2 Regular Expression Modules to know Perl Helpers Scripts for Pentesting Perl codes basic examples Future Scope Demo of tools like dnsenum, fierce, nikto, sqlninja What we will cover
Regular Expression
•Regex operators: m, s, tr •Metacharacters: ^, $, ., , |, (, ), [, ], *, +, ?, {, } •Quantifiers (iterators): *, +, ?, {m}, {m,n}, {m,} •Characters classes: [], ^(negation), - (ranges) •Character class abbr: d, D, s, S, w, W, •Anchors: ^, $, b ,B, A,Z, z •Modifiers: m,s,i,g,e,x etc. Real Power of Perl
next if $file =~ m/.{1,2}/; #skip if its . or .. if($ARGV[0] =~/^(d+.){3}d+$/) { .. } # IPv4 $word =~ s/^s+|s+$//; #trim a word return int( (split /./, $string)[0] ); #string to int conversion my $email =~ /^([a-zA-Z][w_.]{6,15})@([a-zA-Z0-9-]+).([a-zA-Z]{2,4})$/; #email validation my ($matched) = $content =~ /$phone_code(.*?)d+/sg ? $1 : 'No Result.'; my ($alexa_rank) = $content =~ m#globe-sm.jpg(?:.*?)">(.*?)</strong>?#gis ($version) = $content =~ /versions+(d+.d+(?:.d+)?)/mig; } # wp-version m#wp-(?:admin|content|includes)/(?!plugins|js).*?ver=(d+.d+(?:.d+)?(?:[- w.]+)?)#mig; } $dob =~ #^((?:19|20)dd)[-/.](0[1-9]|1[012])[-/.](0[1-9]|[12][0-9]|3[01])$#; #yyyy-mm-dd format Real Power of Perl Demystified
Perl Modules to learn
•CGI – Handles CGI request and responses •DBI – for any database related stuffs •Net::IP – manipulate IPv4/IPv6 address •Net::RawIP - manipulate raw IP packets with interface to libpcap •Net::DNS – DNS resolver implemented in Perl •Net::SNMP - Object oriented interface to SNMP •IO::Socket - Object interface to socket communications •WWW::Mechanize - Automating web browsing •LWP::UserAgent – web user agent class •http://search.cpan.org/~jabra/ for all scan parsers Modules useful for Pentesters
Perl Helpers
•perldoc perlmodlib – modules with Perl distribution •perldoc perllocal – Locally installed modules •perldoc perlfunc – list of perl functions •perldoc perlop – list of perl operators •perldoc perl – overview of perl •perldoc -m Net::Ping – see the code behind it ;) •perldoc -f map – help for a specific function •perldoc IO::Socket – documentation for the given module •man IO::Socket – same as above •perl -MData::Dumper -e 'print 1 ' -module installed or not •perl -MCGI -e 'print "$CGI::VERSION n" ' -module version
Scripts for Pentesting
•dnsenum, dnswalk, fierce •nikto - web server scanner •sqlninja - SQL Server injection and takeover tool •snmpenum, snmpwalk, snmpcheck •arp-fingerprint – Fingerpring a system using ARP •cisco-torch.pl, CAT •WeBaCoo - Web Backdoor Cookie Script kit •uniscan - RFI, LFI and RCE, XSS, SQLi vulnerability scanner •Slowlowris - HTTP DoS Tool Perl scripts in Kali/Others
Demo
•DNS Info •Header Response Info •Website Details •Get WordPress Version •Simple Port scan •IP from ifconfig •Get GHDB list in a file •Windows OS Version details Kickstart with simple scripts
#!/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $socket; my $host = $ARGV[0] || die "Usage: perl $0 <hostname>n"; my @ports = qw(21 22 23 25 53 69 80 110 137 139 143 150 162 443 445); for(@ports){ my $success = eval { $socket = IO::Socket::INET->new( PeerAddr => $host, PeerPort => $_, Simple Port Scan
use WWW::Mechanize; use LWP::UserAgent; my $url = $ARGV[0] || die "Should pass site name $0 <sitename>n"; $url = "http://".$url unless($url =~ m/^http/); print "# Checking Response Header for generator tagn"; Find WordPress Version
use LWP::UserAgent; # for web requests use WWW::Mechanize; # My favourite web scrapper module $url = "http://".$url unless($url =~ m/^http/); # Using LWP::UserAgent method 1 my $ua = LWP::UserAgent->new(); Get Header Response
use WWW::Mechanize; my $mech = WWW::Mechanize->new(); my $url = " https://www.exploit-db.com/google-hacking-database/"; $mech->get( $url ); my $link = $mech->find_link( url_regex => qr/ghdb/ ); my ($ghdb_count) = $link->[0] =~ m|ghdb/(d+)/|; my $exploit_url = "http://www.exploit-db.com/ghdb/"; open FH, "+<", "ghdb.txt" or die "Can't open ghdb.txt: $!n"; chomp( my @ghdb_content = <FH> ); my $present_count = 0; ($present_count) = split(/./, $ghdb_content[$#ghdb_content]) if(scalar @ghdb_content > 1); binmode(FH, ":utf8"); for( ($present_count + 1) .. $ghdb_count ){ my $final_url = $exploit_url."$_"; my $mc = WWW::Mechanize->new(); $mc->get( $final_url ); my $dork = $mc->content(); my $link = $mc->find_link( url_regex => qr/search|image.*?q=/); $link->[1] =~ s/[^[:ascii:]]+//g if($link->[1]); Save GHDB in text file
use Net::DNS; use Net::IP; die "Usage: perl $0 [site_name|IP Address]n" unless(scalar $ARGV[0]); if($ARGV[0] =~/^(d+.){3}d+$/){ $ip_address = new Net::IP($ARGV[0],4); } else { $site = $ARGV[0]; $site =~ s#http[s]?://##; $site =~ s/www.//; } my $res = Net::DNS::Resolver->new; if($site){ show_ip(); show_ns(); show_mx(); show_soa(); } show_ip_lookup() if($ip_address); Get DNS Info of a site
open my $in, "/sbin/ifconfig |"; my (@addrs); while (my $line = <$in>) { if ($line =~ /inet addr:((d+.){3}d+)/) { push @addrs, $1; Get IP from ifconfig
Future Scope
•Can write DoS exploits •Buffer overflow test •MITM exploits •Fuzzying •Nmap scripts •RFI,RCE exploits •Network Pentesting •Web Attacks automations •Integrate with RE Tools •Data Scrapping and many more We can do almost everything
Resources
•http://www.cpan.org/ •http://perldoc.perl.org/ •https://twitter.com/jabra •http://www.sans.org/ •https://www.kali.org/ •https://www.blackhat.com/ •https://www.owasp.org/index.php/Perl •http://www.aliencoders.org/forum/Forum-perl •http://www.iconsdb.com for icons used Links you can follow
•Learning Perl by Brian D foy •Programming Perl by Larry Wall •Penetration Testing with Perl Douglas Berdeaux •Network Programming with Perl Lincon D. Stein •Perl for System Administration David Edelman Books you can read
•https://twitter.com/jabra Joshua Abraham •https://twitter.com/weaknetlabs Douglas Berdeaux •https://twitter.com/briandfoy_perl Brian D Foy •https://twitter.com/davorg Dave Cross •https://twitter.com/timtoady Larry Wall •https://twitter.com/merlyn Randal L. Schwartz •https://twitter.com/szabgab Gabor Szabo People you can follow
Questions

Recomendados

Perl Basics for Pentesters Part 1
Perl Basics for Pentesters Part 1Perl Basics for Pentesters Part 1
Perl Basics for Pentesters Part 1n|u - The Open Security Community
 
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet
 
Migrating to Puppet 4.0
Migrating to Puppet 4.0Migrating to Puppet 4.0
Migrating to Puppet 4.0Puppet
 
PHP Basics and Demo HackU
PHP Basics and Demo HackUPHP Basics and Demo HackU
PHP Basics and Demo HackUAnshu Prateek
 
PHP data structures (and the impact of php 7 on them), phpDay Verona 2015, Italy
PHP data structures (and the impact of php 7 on them), phpDay Verona 2015, ItalyPHP data structures (and the impact of php 7 on them), phpDay Verona 2015, Italy
PHP data structures (and the impact of php 7 on them), phpDay Verona 2015, ItalyPatrick Allaert
 
Manifests of Future Past
Manifests of Future PastManifests of Future Past
Manifests of Future PastPuppet
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationWorkhorse Computing
 
PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)Nikita Popov
 

Recomendados

Perl Basics for Pentesters Part 1
Perl Basics for Pentesters Part 1Perl Basics for Pentesters Part 1
Perl Basics for Pentesters Part 1n|u - The Open Security Community
 
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...
Puppet Camp Chicago 2014: Smoothing Troubles With Custom Types and Providers ...Puppet
 
Migrating to Puppet 4.0
Migrating to Puppet 4.0Migrating to Puppet 4.0
Migrating to Puppet 4.0Puppet
 
PHP Basics and Demo HackU
PHP Basics and Demo HackUPHP Basics and Demo HackU
PHP Basics and Demo HackUAnshu Prateek
 
PHP data structures (and the impact of php 7 on them), phpDay Verona 2015, Italy
PHP data structures (and the impact of php 7 on them), phpDay Verona 2015, ItalyPHP data structures (and the impact of php 7 on them), phpDay Verona 2015, Italy
PHP data structures (and the impact of php 7 on them), phpDay Verona 2015, ItalyPatrick Allaert
 
Manifests of Future Past
Manifests of Future PastManifests of Future Past
Manifests of Future PastPuppet
 
BSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationBSDM with BASH: Command Interpolation
BSDM with BASH: Command InterpolationWorkhorse Computing
 
PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)Nikita Popov
 
Perl6 in-production
Perl6 in-productionPerl6 in-production
Perl6 in-productionAndrew Shitov
 
Text in search queries with examples in Perl 6
Text in search queries with examples in Perl 6Text in search queries with examples in Perl 6
Text in search queries with examples in Perl 6Andrew Shitov
 
I, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 OverlordsI, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 Overlordsheumann
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in RakuWorkhorse Computing
 
Introduction to Perl
Introduction to PerlIntroduction to Perl
Introduction to Perlworr1244
 
Perl basics for Pentesters
Perl basics for PentestersPerl basics for Pentesters
Perl basics for PentestersSanjeev Kumar Jaiswal
 
Perl 5.10
Perl 5.10Perl 5.10
Perl 5.10acme
 
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Puppet
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationWorkhorse Computing
 
Perl6 grammars
Perl6 grammarsPerl6 grammars
Perl6 grammarsAndrew Shitov
 
Dumping Perl 6 (AmsterdamX.pm)
Dumping Perl 6 (AmsterdamX.pm)Dumping Perl 6 (AmsterdamX.pm)
Dumping Perl 6 (AmsterdamX.pm)brian d foy
 
On secure application of PHP wrappers
On secure application of PHP wrappersOn secure application of PHP wrappers
On secure application of PHP wrappersPositive Hack Days
 
Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Workhorse Computing
 
Looping the Loop with SPL Iterators
Looping the Loop with SPL IteratorsLooping the Loop with SPL Iterators
Looping the Loop with SPL IteratorsMark Baker
 
New SPL Features in PHP 5.3
New SPL Features in PHP 5.3New SPL Features in PHP 5.3
New SPL Features in PHP 5.3Matthew Turland
 
Metadata-driven Testing
Metadata-driven TestingMetadata-driven Testing
Metadata-driven TestingWorkhorse Computing
 
Dumping Perl 6 (French Perl Workshop)
Dumping Perl 6 (French Perl Workshop)Dumping Perl 6 (French Perl Workshop)
Dumping Perl 6 (French Perl Workshop)brian d foy
 
Learning Perl 6
Learning Perl 6 Learning Perl 6
Learning Perl 6 brian d foy
 
PrettyDump Perl 6 (London.pm)
PrettyDump Perl 6 (London.pm)PrettyDump Perl 6 (London.pm)
PrettyDump Perl 6 (London.pm)brian d foy
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Workhorse Computing
 
Null hyderabad - October Newsbytes
Null hyderabad - October NewsbytesNull hyderabad - October Newsbytes
Null hyderabad - October Newsbytesn|u - The Open Security Community
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Pythonn|u - The Open Security Community
 

Más contenido relacionado

La actualidad más candente

Text in search queries with examples in Perl 6
Text in search queries with examples in Perl 6Text in search queries with examples in Perl 6
Text in search queries with examples in Perl 6Andrew Shitov
 
I, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 OverlordsI, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 Overlordsheumann
 
Introduction to Perl
Introduction to PerlIntroduction to Perl
Introduction to Perlworr1244
 
Perl 5.10
Perl 5.10Perl 5.10
Perl 5.10acme
 
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Puppet
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationWorkhorse Computing
 
Dumping Perl 6 (AmsterdamX.pm)
Dumping Perl 6 (AmsterdamX.pm)Dumping Perl 6 (AmsterdamX.pm)
Dumping Perl 6 (AmsterdamX.pm)brian d foy
 
On secure application of PHP wrappers
On secure application of PHP wrappersOn secure application of PHP wrappers
On secure application of PHP wrappersPositive Hack Days
 
Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Workhorse Computing
 
Looping the Loop with SPL Iterators
Looping the Loop with SPL IteratorsLooping the Loop with SPL Iterators
Looping the Loop with SPL IteratorsMark Baker
 
New SPL Features in PHP 5.3
New SPL Features in PHP 5.3New SPL Features in PHP 5.3
New SPL Features in PHP 5.3Matthew Turland
 
Dumping Perl 6 (French Perl Workshop)
Dumping Perl 6 (French Perl Workshop)Dumping Perl 6 (French Perl Workshop)
Dumping Perl 6 (French Perl Workshop)brian d foy
 
Learning Perl 6
Learning Perl 6 Learning Perl 6
Learning Perl 6 brian d foy
 
PrettyDump Perl 6 (London.pm)
PrettyDump Perl 6 (London.pm)PrettyDump Perl 6 (London.pm)
PrettyDump Perl 6 (London.pm)brian d foy
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Workhorse Computing
 

La actualidad más candente (20)

Perl6 in-production
Perl6 in-productionPerl6 in-production
Perl6 in-production
 
Text in search queries with examples in Perl 6
Text in search queries with examples in Perl 6Text in search queries with examples in Perl 6
Text in search queries with examples in Perl 6
 
I, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 OverlordsI, For One, Welcome Our New Perl6 Overlords
I, For One, Welcome Our New Perl6 Overlords
 
Memory Manglement in Raku
Memory Manglement in RakuMemory Manglement in Raku
Memory Manglement in Raku
 
Introduction to Perl
Introduction to PerlIntroduction to Perl
Introduction to Perl
 
Perl basics for Pentesters
Perl basics for PentestersPerl basics for Pentesters
Perl basics for Pentesters
 
Perl 5.10
Perl 5.10Perl 5.10
Perl 5.10
 
Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...Replacing "exec" with a type and provider: Return manifests to a declarative ...
Replacing "exec" with a type and provider: Return manifests to a declarative ...
 
BASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic InterpolationBASH Variables Part 1: Basic Interpolation
BASH Variables Part 1: Basic Interpolation
 
Perl6 grammars
Perl6 grammarsPerl6 grammars
Perl6 grammars
 
Dumping Perl 6 (AmsterdamX.pm)
Dumping Perl 6 (AmsterdamX.pm)Dumping Perl 6 (AmsterdamX.pm)
Dumping Perl 6 (AmsterdamX.pm)
 
On secure application of PHP wrappers
On secure application of PHP wrappersOn secure application of PHP wrappers
On secure application of PHP wrappers
 
Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!Hypers and Gathers and Takes! Oh my!
Hypers and Gathers and Takes! Oh my!
 
Looping the Loop with SPL Iterators
Looping the Loop with SPL IteratorsLooping the Loop with SPL Iterators
Looping the Loop with SPL Iterators
 
New SPL Features in PHP 5.3
New SPL Features in PHP 5.3New SPL Features in PHP 5.3
New SPL Features in PHP 5.3
 
Metadata-driven Testing
Metadata-driven TestingMetadata-driven Testing
Metadata-driven Testing
 
Dumping Perl 6 (French Perl Workshop)
Dumping Perl 6 (French Perl Workshop)Dumping Perl 6 (French Perl Workshop)
Dumping Perl 6 (French Perl Workshop)
 
Learning Perl 6
Learning Perl 6 Learning Perl 6
Learning Perl 6
 
PrettyDump Perl 6 (London.pm)
PrettyDump Perl 6 (London.pm)PrettyDump Perl 6 (London.pm)
PrettyDump Perl 6 (London.pm)
 
Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.Keeping objects healthy with Object::Exercise.
Keeping objects healthy with Object::Exercise.
 

Destacado

Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSebastien Gioria
 
Again with the Ajax accessibility
Again with the Ajax accessibilityAgain with the Ajax accessibility
Again with the Ajax accessibilityChristian Heilmann
 
Javascript done right - Open Web Camp III
Javascript done right - Open Web Camp IIIJavascript done right - Open Web Camp III
Javascript done right - Open Web Camp IIIDirk Ginader
 

Destacado (20)

Null hyderabad - October Newsbytes
Null hyderabad - October NewsbytesNull hyderabad - October Newsbytes
Null hyderabad - October Newsbytes
 
Stegano Secrets - Python
Stegano Secrets - PythonStegano Secrets - Python
Stegano Secrets - Python
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd
 
News Bytes - June 2015 - Null HYD
News Bytes - June 2015 - Null HYDNews Bytes - June 2015 - Null HYD
News Bytes - June 2015 - Null HYD
 
Shell Scripting & Ruby Hacking
Shell Scripting & Ruby HackingShell Scripting & Ruby Hacking
Shell Scripting & Ruby Hacking
 
Secure Coding For Java - Une introduction
Secure Coding For Java - Une introductionSecure Coding For Java - Une introduction
Secure Coding For Java - Une introduction
 
Attack chaining for web exploitation
Attack chaining for web exploitationAttack chaining for web exploitation
Attack chaining for web exploitation
 
Secure java script-for-developers
Secure java script-for-developersSecure java script-for-developers
Secure java script-for-developers
 
Again with the Ajax accessibility
Again with the Ajax accessibilityAgain with the Ajax accessibility
Again with the Ajax accessibility
 
Javascript done right - Open Web Camp III
Javascript done right - Open Web Camp IIIJavascript done right - Open Web Camp III
Javascript done right - Open Web Camp III
 
Null Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi HantoucheNull Singapore - Can We secure the IoT - Chadi Hantouche
Null Singapore - Can We secure the IoT - Chadi Hantouche
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Three things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar FlakeThree things that rowhammer taught me by Halvar Flake
Three things that rowhammer taught me by Halvar Flake
 
DNS hijacking - null Singapore
DNS hijacking - null SingaporeDNS hijacking - null Singapore
DNS hijacking - null Singapore
 
Managing third party libraries
Managing third party librariesManaging third party libraries
Managing third party libraries
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
Hacker's jargons
Hacker's jargonsHacker's jargons
Hacker's jargons
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
 

Similar a Perl basics for pentesters part 2

Learning Puppet basic thing
Learning Puppet basic thing Learning Puppet basic thing
Learning Puppet basic thing DaeHyung Lee
 
Scaling php applications with redis
Scaling php applications with redisScaling php applications with redis
Scaling php applications with redisjimbojsb
 
Performance Profiling in Rust
Performance Profiling in RustPerformance Profiling in Rust
Performance Profiling in RustInfluxData
 
Introductionto fp with groovy
Introductionto fp with groovyIntroductionto fp with groovy
Introductionto fp with groovyIsuru Samaraweera
 
Integrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suiteIntegrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suiteBram Vogelaar
 
Scale 16x: Terraform all the Things
Scale 16x: Terraform all the ThingsScale 16x: Terraform all the Things
Scale 16x: Terraform all the ThingsNathan Handler
 
Fixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsFixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsMartin Jackson
 
DPC 2012 : PHP in the Dark Workshop
DPC 2012 : PHP in the Dark WorkshopDPC 2012 : PHP in the Dark Workshop
DPC 2012 : PHP in the Dark WorkshopJeroen Keppens
 
Hacking with ruby2ruby
Hacking with ruby2rubyHacking with ruby2ruby
Hacking with ruby2rubyMarc Chung
 
Groovy On Trading Desk (2010)
Groovy On Trading Desk (2010)Groovy On Trading Desk (2010)
Groovy On Trading Desk (2010)Jonathan Felch
 
Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)Phil Calçado
 
Replacing "exec" with a type and provider
Replacing "exec" with a type and providerReplacing "exec" with a type and provider
Replacing "exec" with a type and providerDominic Cleal
 
Supercharging WordPress Development in 2018
Supercharging WordPress Development in 2018Supercharging WordPress Development in 2018
Supercharging WordPress Development in 2018Adam Tomat
 
Fun with exploits old and new
Fun with exploits old and newFun with exploits old and new
Fun with exploits old and newLarry Cashdollar
 
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony TechniquesKris Wallsmith
 
Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Shinya Ohyanagi
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)DECK36
 

Similar a Perl basics for pentesters part 2 (20)

Learning Puppet basic thing
Learning Puppet basic thing Learning Puppet basic thing
Learning Puppet basic thing
 
Scaling php applications with redis
Scaling php applications with redisScaling php applications with redis
Scaling php applications with redis
 
Performance Profiling in Rust
Performance Profiling in RustPerformance Profiling in Rust
Performance Profiling in Rust
 
Introductionto fp with groovy
Introductionto fp with groovyIntroductionto fp with groovy
Introductionto fp with groovy
 
Integrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suiteIntegrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suite
 
Groovy unleashed
Groovy unleashed Groovy unleashed
Groovy unleashed
 
Scale 16x: Terraform all the Things
Scale 16x: Terraform all the ThingsScale 16x: Terraform all the Things
Scale 16x: Terraform all the Things
 
Fixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data PatternsFixing Growing Pains With Puppet Data Patterns
Fixing Growing Pains With Puppet Data Patterns
 
Starting Out With PHP
Starting Out With PHPStarting Out With PHP
Starting Out With PHP
 
Bioinformatics p5-bioperlv2014
Bioinformatics p5-bioperlv2014Bioinformatics p5-bioperlv2014
Bioinformatics p5-bioperlv2014
 
DPC 2012 : PHP in the Dark Workshop
DPC 2012 : PHP in the Dark WorkshopDPC 2012 : PHP in the Dark Workshop
DPC 2012 : PHP in the Dark Workshop
 
Hacking with ruby2ruby
Hacking with ruby2rubyHacking with ruby2ruby
Hacking with ruby2ruby
 
Groovy On Trading Desk (2010)
Groovy On Trading Desk (2010)Groovy On Trading Desk (2010)
Groovy On Trading Desk (2010)
 
Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)
 
Replacing "exec" with a type and provider
Replacing "exec" with a type and providerReplacing "exec" with a type and provider
Replacing "exec" with a type and provider
 
Supercharging WordPress Development in 2018
Supercharging WordPress Development in 2018Supercharging WordPress Development in 2018
Supercharging WordPress Development in 2018
 
Fun with exploits old and new
Fun with exploits old and newFun with exploits old and new
Fun with exploits old and new
 
Advanced symfony Techniques
Advanced symfony TechniquesAdvanced symfony Techniques
Advanced symfony Techniques
 
Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2
 
Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)Our Puppet Story (GUUG FFG 2015)
Our Puppet Story (GUUG FFG 2015)
 

Más de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Más de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Perl basics for pentesters part 2

  • 1. Perl Basics for Pentesters Part 2 Sanjeev Jaiswal (Jassi) Perl Programmer and Security Enthusiast #nullhyd
  • 2. Part 1 Perl Introduction Perl data Types Control structures and loops Special Variable Functions to memorize File handling Part 2 Regular Expression Modules to know Perl Helpers Scripts for Pentesting Perl codes basic examples Future Scope Demo of tools like dnsenum, fierce, nikto, sqlninja What we will cover
  • 4. •Regex operators: m, s, tr •Metacharacters: ^, $, ., , |, (, ), [, ], *, +, ?, {, } •Quantifiers (iterators): *, +, ?, {m}, {m,n}, {m,} •Characters classes: [], ^(negation), - (ranges) •Character class abbr: d, D, s, S, w, W, •Anchors: ^, $, b ,B, A,Z, z •Modifiers: m,s,i,g,e,x etc. Real Power of Perl
  • 5. next if $file =~ m/.{1,2}/; #skip if its . or .. if($ARGV[0] =~/^(d+.){3}d+$/) { .. } # IPv4 $word =~ s/^s+|s+$//; #trim a word return int( (split /./, $string)[0] ); #string to int conversion my $email =~ /^([a-zA-Z][w_.]{6,15})@([a-zA-Z0-9-]+).([a-zA-Z]{2,4})$/; #email validation my ($matched) = $content =~ /$phone_code(.*?)d+/sg ? $1 : 'No Result.'; my ($alexa_rank) = $content =~ m#globe-sm.jpg(?:.*?)">(.*?)</strong>?#gis ($version) = $content =~ /versions+(d+.d+(?:.d+)?)/mig; } # wp-version m#wp-(?:admin|content|includes)/(?!plugins|js).*?ver=(d+.d+(?:.d+)?(?:[- w.]+)?)#mig; } $dob =~ #^((?:19|20)dd)[-/.](0[1-9]|1[012])[-/.](0[1-9]|[12][0-9]|3[01])$#; #yyyy-mm-dd format Real Power of Perl Demystified
  • 7. •CGI – Handles CGI request and responses •DBI – for any database related stuffs •Net::IP – manipulate IPv4/IPv6 address •Net::RawIP - manipulate raw IP packets with interface to libpcap •Net::DNS – DNS resolver implemented in Perl •Net::SNMP - Object oriented interface to SNMP •IO::Socket - Object interface to socket communications •WWW::Mechanize - Automating web browsing •LWP::UserAgent – web user agent class •http://search.cpan.org/~jabra/ for all scan parsers Modules useful for Pentesters
  • 9. •perldoc perlmodlib – modules with Perl distribution •perldoc perllocal – Locally installed modules •perldoc perlfunc – list of perl functions •perldoc perlop – list of perl operators •perldoc perl – overview of perl •perldoc -m Net::Ping – see the code behind it ;) •perldoc -f map – help for a specific function •perldoc IO::Socket – documentation for the given module •man IO::Socket – same as above •perl -MData::Dumper -e 'print 1 ' -module installed or not •perl -MCGI -e 'print "$CGI::VERSION n" ' -module version
  • 11. •dnsenum, dnswalk, fierce •nikto - web server scanner •sqlninja - SQL Server injection and takeover tool •snmpenum, snmpwalk, snmpcheck •arp-fingerprint – Fingerpring a system using ARP •cisco-torch.pl, CAT •WeBaCoo - Web Backdoor Cookie Script kit •uniscan - RFI, LFI and RCE, XSS, SQLi vulnerability scanner •Slowlowris - HTTP DoS Tool Perl scripts in Kali/Others
  • 12. Demo
  • 13. •DNS Info •Header Response Info •Website Details •Get WordPress Version •Simple Port scan •IP from ifconfig •Get GHDB list in a file •Windows OS Version details Kickstart with simple scripts
  • 14. #!/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $socket; my $host = $ARGV[0] || die "Usage: perl $0 <hostname>n"; my @ports = qw(21 22 23 25 53 69 80 110 137 139 143 150 162 443 445); for(@ports){ my $success = eval { $socket = IO::Socket::INET->new( PeerAddr => $host, PeerPort => $_, Simple Port Scan
  • 15. use WWW::Mechanize; use LWP::UserAgent; my $url = $ARGV[0] || die "Should pass site name $0 <sitename>n"; $url = "http://".$url unless($url =~ m/^http/); print "# Checking Response Header for generator tagn"; Find WordPress Version
  • 16. use LWP::UserAgent; # for web requests use WWW::Mechanize; # My favourite web scrapper module $url = "http://".$url unless($url =~ m/^http/); # Using LWP::UserAgent method 1 my $ua = LWP::UserAgent->new(); Get Header Response
  • 17. use WWW::Mechanize; my $mech = WWW::Mechanize->new(); my $url = " https://www.exploit-db.com/google-hacking-database/"; $mech->get( $url ); my $link = $mech->find_link( url_regex => qr/ghdb/ ); my ($ghdb_count) = $link->[0] =~ m|ghdb/(d+)/|; my $exploit_url = "http://www.exploit-db.com/ghdb/"; open FH, "+<", "ghdb.txt" or die "Can't open ghdb.txt: $!n"; chomp( my @ghdb_content = <FH> ); my $present_count = 0; ($present_count) = split(/./, $ghdb_content[$#ghdb_content]) if(scalar @ghdb_content > 1); binmode(FH, ":utf8"); for( ($present_count + 1) .. $ghdb_count ){ my $final_url = $exploit_url."$_"; my $mc = WWW::Mechanize->new(); $mc->get( $final_url ); my $dork = $mc->content(); my $link = $mc->find_link( url_regex => qr/search|image.*?q=/); $link->[1] =~ s/[^[:ascii:]]+//g if($link->[1]); Save GHDB in text file
  • 18. use Net::DNS; use Net::IP; die "Usage: perl $0 [site_name|IP Address]n" unless(scalar $ARGV[0]); if($ARGV[0] =~/^(d+.){3}d+$/){ $ip_address = new Net::IP($ARGV[0],4); } else { $site = $ARGV[0]; $site =~ s#http[s]?://##; $site =~ s/www.//; } my $res = Net::DNS::Resolver->new; if($site){ show_ip(); show_ns(); show_mx(); show_soa(); } show_ip_lookup() if($ip_address); Get DNS Info of a site
  • 19. open my $in, "/sbin/ifconfig |"; my (@addrs); while (my $line = <$in>) { if ($line =~ /inet addr:((d+.){3}d+)/) { push @addrs, $1; Get IP from ifconfig
  • 21. •Can write DoS exploits •Buffer overflow test •MITM exploits •Fuzzying •Nmap scripts •RFI,RCE exploits •Network Pentesting •Web Attacks automations •Integrate with RE Tools •Data Scrapping and many more We can do almost everything
  • 24. •Learning Perl by Brian D foy •Programming Perl by Larry Wall •Penetration Testing with Perl Douglas Berdeaux •Network Programming with Perl Lincon D. Stein •Perl for System Administration David Edelman Books you can read
  • 25. •https://twitter.com/jabra Joshua Abraham •https://twitter.com/weaknetlabs Douglas Berdeaux •https://twitter.com/briandfoy_perl Brian D Foy •https://twitter.com/davorg Dave Cross •https://twitter.com/timtoady Larry Wall •https://twitter.com/merlyn Randal L. Schwartz •https://twitter.com/szabgab Gabor Szabo People you can follow