Previously, I have published a post that related to Python Penetration Testing where I will be sharing about Penetration Testing using Perl Language this round.
For those who are not familiar with PERL for Penetration Testing, the user will need to learn on the basic PERL language before going deep into advance stages.
Introduction to PERL
Perl is a programming language that contains two high-level and interpreted where it was created by Larry Wall on the year 1987.
For Linux User
The installation of PERL into Linux Machine would take the command-line such as
git clone https://github.com/Perl/perl5.git
Command-line above will clone of perl5 into the machine which is much easier to install rather than manually installed.
For Mac OS X User
As for Mac OS X User, the user only has to use Brew to install PERL into the machine. Before installing, we need to check whether Brew provides any installation option for PERL.
As we can see in the screenshot above, brew does support installation for the PERL into Mac OS X User. Once we verified this, we can continue the installation by using the command-line brew install perl
After everything is complete, the user can check whether that PERL is installed properly in the machine by typing the command-line Perl. For my case, I will be using the command-line perl -h to verify the installation of Perl.
PERL Basic Programming Language Example
For beginner user, the example below will be useful when doing some Penetration Testing using PERL. The file will need to save as .pl format which pl is been used by Perl Programming Language to ensure it works.
Normally, we will use warnings; as a module to be used but for studying purpose I will be using use demo;
The user will able to run the PERL script with the command-line perl -e demo.pl depending on the code that was constructed during the creation of Perl Script file.
The script will give output that we wanted if we are coded it correctly but we need to revised back the code when the error appears.
Exploit using PERL Language
One of the exploit that we can use with PERL Language would be Access Privileges. This normally give the pentester access privileges to the target’s machine where the following code been used.
Once finished modify the PERL script, the user can test the script to see if the PERL Script is been modify correctly.
Another way to exploit Access Privileges will be to run the PERL Language Script within the target’s machine. For this example, we will be using the existing PERL language while installing the PERL into the machine.
After the pentester gain access to the target’s machine, they can run the perl command perl -e exec “/usr/bin/bash”
If there is no error appear, the pentester can see where they are accessing whether a normal user or administrative user. It will be a success access privilege if the access has changed into administrative access privileges.
Reference: Beginner’s Introduction to Perl