Book Image

Penetration Testing with Perl

By : Douglas Berdeaux
Book Image

Penetration Testing with Perl

By: Douglas Berdeaux

Overview of this book

<p>This guide will teach you the fundamentals of penetration testing with Perl, providing an understanding of the mindset of a hacker. In the first few chapters, you will study how to utilize Perl with Linux and the regular expression syntax. After that, you will learn how to use Perl for WAN target analysis, and Internet and external footprinting. You will learn to use Perl for automated web application and site penetration testing. We also cover intelligence gathering techniques from data obtained from footprinting and simple file forensics with file metadata.</p> <p>By the end of this book, you will bring all of your code together into a simple graphical user interface penetration testing framework. Through this guide, you will have acquired the knowledge to apply Perl programming to any penetration testing phase and learn the importance of applying our technique in the methodology and context of the Penetration Testing Execution Standard.</p>

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with Perl
Douglas Berdeaux
Dec, 2014 | 332 pages
No titles found
Table of Contents (20 chapters)
Penetration Testing with Perl
Penetration Testing with Perl
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Perl Programming
Perl Programming
Files
Regular expressions
Perl string functions and operators
CPAN Perl modules
CPAN minus
Summary
2
Linux Terminal Output
Linux Terminal Output
Built-in bash commands
Input/output streams
Killing runaway forked processes
Summary
3
IEEE 802.3 Wired Network Mapping with Perl
IEEE 802.3 Wired Network Mapping with Perl
Footprinting
Internet footprinting
Common tools for scanning
Designing our own live host scanner
Summary
4
IEEE 802.3 Wired Network Manipulation with Perl
IEEE 802.3 Wired Network Manipulation with Perl
Packet capturing
MitM
Enabling packet forwarding
Network remapping with packet capture
Summary
5
IEEE 802.11 Wireless Protocol and Perl
IEEE 802.11 Wireless Protocol and Perl
802.11 terminologies and packet analysis
Linux wireless utilities
802.11 packet capturing with Perl
Writing an 802.11 protocol analyzer in Perl
Perl and Aircrack-ng
Summary
6
Open Source Intelligence
Open Source Intelligence
What's covered
Google dorks
E-mail address gathering
Domain Name Services
More intelligence
Summary
7
SQL Injection with Perl
SQL Injection with Perl
Web service discovery
SQL injection
MySQL post exploitation
Data-driven blind SQL injection
Time-based blind SQL injection
Summary
8
Other Web-based Attacks
Other Web-based Attacks
Cross-site scripting
File inclusion vulnerability discovery
Content management systems
Summary
9
Password Cracking
Password Cracking
Digital credential analysis
Cracking SHA1 and MD5
WPA2 passphrase cracking with Perl
Cracking ZIP file passwords
Summary
10
Metadata Forensics
Metadata Forensics
Metadata and Exif
Metadata extractor
Summary
11
Social Engineering with Perl
Social Engineering with Perl
Psychology
Perl Linux/Unix viruses
Spear phishing
Summary
12
Reporting
Reporting
Who is this for?
Documenting with Perl
Logging data to MySQL
HTML reporting
Summary
13
Perl/Tk
Perl/Tk
Event-driven programming
Explaining the Perl/Tk widgets
Widgets and the grid
The GUI host discovery tool
A tabbed GUI environment
Summary
Index
Index

Cracking SHA1 and MD5

In the next few subsections, we will look at how we can use Perl to crack the commonly used SHA1 and less likely used MD5 password hashes. This is a simple task in Perl but, as previously mentioned, requires a lot of CPU power to accomplish and is very slow. We will simply perform the hashing process on each line from a password list file and compare its output to the compromised password hash value.

SHA1 cracking with Perl

In this section, we will use the SHA1 Perl module, Digest::SHA, to create the password hashes for comparison. We will also try to crack the SHA1 hashes that we obtained in Chapter 7, SQL Injection with Perl. If we recall those hashes and usernames, we have the following commands:

Table: users has record count of: 6
1 trevelyn cbfdac6008f9cab4083784cbd1874f76618d2a97
2 gabriella a3ce284b3e5d63708dde3d7d9138f835a6760a57
3 chloe a2c91ed5cf3ec12fe5e4904d34667310ca8182af
4 julie 59c826fc854197cbd4d1083bce8fc00d0761e8b3
5 petey bf614e25ec8503d7c938bb0ea0609b74fd93d517...
Previous Section
End of Section 3
Next Section