I have been interested in the subjects of art and computer science for as long as I can remember, and thankfully, I had many people in my life who helped steer me in the right direction. My father took me to various computer classes and science museums as a child, and my mother and grandmother both encouraged me to be creative, while providing me with enough freedom to learn on my own. So when my brother gave me my first computer in around 2002, I was changed forever. I started learning Perl programming just a few years later, which was coincidentally around the same time that I had cracked my first Wi-Fi encryption key using Aircrack-ng. As time progressed, these two separate paths overlapped, leading me into the strange, complex universe, that is, computer science.
It wasn't until several years prior to writing this book that I truly began to understand the harmonious nature of Perl, Linux, and information security. Perl is designed for string manipulation, which excels in an operating system that treats everything as a file. Rather than writing Perl scripts to parse the output from other programs, I was now writing independent code that mimicked the functionality of other information security programs. At this stage, I had a newfound appreciation for the power of Perl, which opened the door for endless opportunities, including this book.
I was approached to write it to teach people how to "build a port scanner and extract information from Nmap or e-mail addresses from websites." This seemed a bit too trivial to justify an entire book, and I felt Perl deserved more. Because many information security professionals do not consider Perl to be a practical resource, I have chosen to take a different path. My goal in writing this book is to throw light on Perl's endless capabilities and to teach readers that Perl can take us anywhere, while being a valuable asset to anyone in the information security field.
I chose to take the reader into the dirty byte-level depths of cracking WPA2, packet sniffing and disassembly, ARP spoofing (the right way), and performing other advanced tasks, such as blind and time-based SQL injection. Throughout the course, my explanations loosely adhere to the Penetration Testing Execution Standard (PTES) designed by people who have spent their lives working in information security.
This book is written for people who are already familiar with basic Perl programming and who have the desire to advance this knowledge by applying it to information security and penetration testing. With each chapter, I encourage you to branch off into tangents, expanding upon the lessons and modifying the code to pursue your own creative ideas.
This project was an incredible journey for me, and unfortunately, it didn't come without psychological fees. Just like many of my projects in the past, I spent many hours simply sifting through outdated forums and weblog posts trying to find answers to strange errors or undesired program output. Being an open source advocate takes resilience, determination, and self-motivation. In fact, it was once described as "passion" to me in an interview. Through each project I seem to emerge a different person, and this was no exception. I realized this is because with Perl programming, I am constantly learning and no matter how intimate I may feel with the language, I can always do it better. Isn't that right, Tim Toady?
Chapter 1, Perl Programming, covers some intermediate Perl concepts that use CPAN for the Perl modules that will be used in this book. It also covers some extremely important built-in regular expression functions and explains how to get output from Linux application streams and kernel files.
Chapter 2, Linux Terminal Output, brushes on the Linux shell bash. This includes commands, output to the terminal, I/O streams, and some simple administration. Reading this chapter is necessary for any Perl programmer who does not use Linux or anyone who uses Linux but is reluctant to use a shell. You will also learn how a Perl script can call Linux commands directly from the shell.
Chapter 3, IEEE 802.3 Wired Network Mapping with Perl, teaches you how to write scripts and automation to scan and fingerprint live devices and get all network information.
Chapter 4, IEEE 802.3 Wired Network Manipulation with Perl, helps us understand how to use Perl to develop man-in-the-middle exploiting software and how to sniff traffic.
Chapter 5, IEEE 802.11 Wireless Protocol and Perl, covers the basic 802.11 WLAN terminologies and protocol functionality, how Linux handles and prepares wireless devices, the different types of scanning, how to capture 802.11 packets using Perl, how to write an 802.11 protocol analyzer using Perl, and an easy way to interface Perl with the Aircrack-ng suite.
Chapter 6, Open Source Intelligence, covers one of the most important phases of the penetration test, open source information gathering on targets. This includes personal information such as e-mail addresses and Google, LinkedIn, and Facebook data. It also covers Domain Name Service information gathering by tracing routes to hosts, zone transfers, DIG, Whois, and more. We also brush on supplemental online resources for client target information gathering.
Chapter 7, SQL Injection with Perl, teaches you simple SQL injection vulnerability discovery methods using Perl. You will learn about the different methods of SQL injection, post-exploitation processes, and even how to develop an advanced blind-time- and data-based SQL injection tool using Perl programming.
Chapter 8, Other Web-based Attacks, helps us discover how to use Perl to find and exploit different types of common web penetration testing attacks. This includes cross-site scripting, Local and Remote File Inclusion, and even exploiting plugins for content management software.
Chapter 9, Password Cracking, covers many ways in which we can crack hashed passwords using Perl programming. This includes salted and unsalted SHA1 and MD5 encryption methods, cracking password-protected compromised ZIP files, and even cracking WPA2. This chapter also briefly discusses Digital Credential Analysis and how intelligence gathering methods can be beneficial to cracking password hashes using brute force methods.
Chapter 10, Metadata Forensics, teaches us how to glean private data and personal information using simple, digital forensic methods with Perl programming. We mostly cover methods on how to extract metadata from files, including images and PDF files, and we construct our own tool for this task using Perl.
Chapter 11, Social Engineering with Perl, covers yet another very important aspect of penetration testing. You will learn how to construct viruses and how to perform simple spear phishing attacks using Perl programming after briefly covering some background in social engineering.
Chapter 12, Reporting, covers what we should put into a report and its different subsections. Reporting is the most important phase of the penetration test as it is a continuous task that lasts the entire duration of the penetration test. In this chapter, we will discover a few ways to format our output data from our previously written Perl programs and how we can easily use it to create text, CSV, PDF, and even graph images.
Chapter 13, Perl/Tk, explores ways in which we can create a graphical user interface for our previously written Perl programs. We take an in-depth look at the Perl::Tk module in an object-oriented manner, and see how to create windows, widgets, and other objects in an event-driven programming style.
The physical requirements in this book are a single 802.11 Wi-Fi router that is capable for WPA2 encryption, two workstations (which can be virtual if networked properly) that will act as an attacker and a victim, a smartphone device, an 802.11 Wi-Fi adapter that is supported by the Linux OS driver for packet injection, network shared storage, and a connection to the Internet. Hardware attacking includes networked device software, which includes simple HTTP login forms, such as a router and a switch, and smartphone administration software.
The software required for the attacker is a simple penetration-testing-themed live disk, such as WEAKERTH4N Linux (used throughout this book), which is freely available online. This live disk requires no installation to the hard drive and can be used even in virtual environments such as Oracle VM VirtualBox. Software for the target victim includes the Microsoft Windows operating system, the Linux operating system (any flavor), and server software such as HTTP/PHP, Oracle MySQL, and Microsoft Windows SMB services.
The skills required are basic Perl programming, simple networking experience, and minimal Linux experience, as most of the terminologies and tasks are detailed throughout this book.
Due to the unique manner in which the tasks are approached throughout this book, this knowledge can be used by a wide audience and the topics covered might be applied to a wide variety of situations. The target audience ranges from those who are novices to expert Perl programmers, and those who are generally interested in hacking or penetration testing, or penetration testers who want to learn more about how many point-and-click frameworks function. How much you walk away with at the end of this book depends on how curious you are about the subject.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Let's create a new subroutine called colCount() and see if we can easily obtain the column count of the current table."
A block of code is set as follows:
#!/usr/bin/perl -w
use strict;
open(DICT,"words.txt");
while(<DICT>){
print if($_ =~ m/([a-z])\1\1/);
}Any command-line input or output is written as follows:
user@shell:~ # command <arguments>
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Let's take a quick look behind the code using our web browser to find out more information about the Login page."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.