Penetration Testing with Perl by Douglas Berdeaux

Author:Douglas Berdeaux
Language: eng
Format: mobi, pdf
Publisher: Packt Publishing
Published: 2014-12-30T08:00:00+00:00

sub page{ # check for pages

my $res = $ua->get("http://".$host.":".$port."/".$_[0]);

if($res->is_success){

@content = split(/\015?\012/,$res->content);

return $_[0];

}

return 0;

}

END {

$sock->close() if $sock;

}

The section portion of the preceding code loops through the returned result in $buf and checks for a web server. If found, $web becomes true. If it's true, we loop through a few file extensions and test the server for an index page of each extension.

Finally, if a page is found, we loop through its returned content in @content from the content() method of the $res object, and print any links found. These links are found using the regular expression <a.*href=("|')([^"']+)("|'). The carat in the square brackets negates both quotation marks, which means "match anything except for a single quote and a double quote character".

Now, we can browse these pages and look for forms or other means for data input to possibly exploit. If we get a proper return value from page(), then we call last() to break from the foreach() loop. The END{} block contains one simple line to close our socket when the program exits.

We can also easily add a new global variable to the application, and increment it from page() in order to keep track of our HTTP requests and have that printed from the END{} block as well.

Let's run this application in the hope of finding more clues to the potential vulnerabilities of our target, and analyze the output:[trevelyn@shell ~]$ perl test.pl lab.weaknetlabs.com 180

Web Server Found: lighttpd/1.4.28

Page: index.html

File: comments.php

File: http://lab.weaknetlabs.com/vuln/index.php

File: ../../var/www/index.html

File: /vuln/showget.php?id=3

[trevelyn@shell ~]$

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.