What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front


Perl for Win32 on Win95 (and some NT)
by Keydet89@yahoo.com

[Purpose of this article]
[What is Perl?]
[Where do I get Perl?]
[Where can I find more information regarding Perl?]
[What can I do with Perl?]

[Purpose of this article]

The purpose of this article is to be instructional in nature.  This
article is directed toward Windows-oriented systems administrators who have never heard of or used Perl, but it will also be useful to
other people, such as systems administrators who are experienced with Unix and Perl, but new to Windows.  Individuals who work with large amounts of text or perform basic systems administration tasks on Win95 or NT will also find this useful.

This article is not meant to be a tutorial on programming in Perl,
primarily because there are so many other texts available that are
excellent tutorials.  This article is meant simply to show the
utility in Perl, and to spark the reader's interest in finding more
information regarding Perl.   After all, isn't the insatiable desire
to learn one of the marks of a hacker?

It should be noted that the information in this article, when combined with an active imagination, could potentially be used for less than honorable purposes.  Inasmuch, it is the author's opinion that it is best to make information on tools and techniques available for public consumption, because security through obscurity is no security at all.

[What is Perl?]

Larry Wall, Perl's author, describes Perl as follows: "Perl is an interpreted language optimized for scanning arbitrary text files, extracting information from those text files, and printing
reports based on that information. It's also a good language for any
system management tasks. The language is intended to be practical (easy to use, efficient, complete) rather than beautiful (tiny, elegant, minimal)." [**this definition was taken from:
http://language.perl.com/info/synopsis.html]

Perl is an interpretted language, meaning that instead of compiling
the source file  into an executable file, the file is interpretted
by the interpretor at run time.  The interpretor calls upon platform
dependant libraries in order to execute the commands that make up
the source file, or script.  Perl programs are generally referred to
as scripts.

As with other languages, there are naming conventions for Perl files.
Perl modules (more on modules later) have the ".pm" extension.  Scripts generally have the ".pl" extension, but you will often see the ".plx" extension identifying the file as an executable script.  If you intend to write scripts for public consumption, it is a good idea to follow a convention in programming, so that other folks will be able to understand your scripts without having to contact you for lengthy
explanations.

The program "perl.exe" is the interpretor.  You run Perl scripts by
calling the interpertor, then the script you want to run, followed by any arguements that you wish to pass to the script.

[Where do I get Perl?]

The binaries for Perl on Win32 can be obtained from:
http://www.perl.com/CPAN-local/ports/win32/Standard/x86/

As of this writing, the particular file of interest is:
perl5.00402-bindist04-bc.zip

Be sure to read the associated readme file:
perl5.00402-bindist04-bc.readme

[How do I install Perl on Win95?]
The binary distribution of Perl is a 5.9Mb file, so be prepared for
a wait in downloading (and it's worth it!  While you are waiting, read through some back issues of GTMHH and the Happy Hacker Digest!!).

Download the zipped archive, and extract it.  You'll get a lot of
files, but to make things easier on yourself, move the subdirectory
called "perl" to a location under your root directory...an additional
partition or hard drive, such as d: or e: will suffice just as easily.

****************************************************
NEWBIE NOTE:  The easiest way to move the subdirectory while using
windows is to drop and drag it...hold down the left mouse button on
the "perl" directory and drag it to the new desired location before
releasing the mouse button.  This will automatically relocate the
directory and all subdirectories and files.

If you need more assistance, check out:
http://www.pconline.com/~erc/perl95.htm
******************************************************

Once you have completed moving the directory, you need to add the location of the "bin" subdirectory to your PATH statement.  If you moved the directory to beneath your root directory on c:, that
statement will be "c:\perl\bin".

*****************************************************
NEWBIE NOTE:  Your PATH statement tells the command shell where to
look for commands.  The PATH statement can be embedded in your
autoexec.bat file, if you are using Win95 (or added as an
environment variable under Control Panel -> System -> Environment if you are using NT).  If you are simply relying on your autoexec.bat file to load your enviroment variables, then the entry should look like:

PATH = .;c:\;c:\windows;c:\windows\system;c:\windows\command;
       c:\perl\bin

or you could simply create a batch file called setperl.bat, and
include the statement:

SET PATH = %PATH%;c:\perl\bin

Now when you want to run Perl scripts, all you need to do is
execute the batch file to update your environment variables.
*****************************************************

[Where can I find more information regarding Perl?]
http://reference.perl.com/query.cgi?windows

This site provides several links to information regarding Perl,
as well as links to example scripts.

[Perl for Win32 FAQ]
http://www.endcontsw.com/people/evangelo/Perl_for_Win32_FAQ.html

[The Perl Journal]
http://www.tpj.com/

[Yahoo's Perl Page]
http://www.yahoo.com/Computers_and_Internet/Programming_Languages/Perl/

Further, the O'Reilly and Assoc. publishing site has examples online
from the "Learning Perl on Win32 Systems" book at:
http://www.oreilly.com/catalog/lperlwin/

[What can I do with Perl?]

Perl is great for searching and organizing text.  This is especially
true for volumnious log files.  But Perl is also an excellent tool
for automating systems administration tasks...which then obviously
lends itself to being an excellent hacking tool.

Again, please keep in mind that this article is not meant to be a
full-blown tutorial, describing all of the intricacies of Perl.
Rather, it is meant as an introduction, to show how this tool can
be used, and to ignite further curiosity within the reader, to explore
the subject deeper.

******************************************************
It needs to be noted here that there are modules within the Perl
distribution that will not work on Win95, as they are designed
for use with NT.  A "module" is similar to a library in C++, in that
it is made up of commands to that are designed to make your job easier. The commands are already set up as an Application Programming Interface, so that all you need to do is provide the correct arguements, in the correct order, and you can expect a particular result.

However, the fact that all of the modules will not work with Win95
is hardly more than a minor annoyance.  There are already several
programs that exist on Win95 that can be used within the Perl scripts that you write to do considerable work.  In essence, any command that is command-line in nature (ie, it is run from the command prompt, not as a GUI program) is an excellent candidate for being included in your Perl scripts.  Such programs can be found on a variety of sites and resources, to include the TUCOWS archive (http://www.tucows.com) and the Win95 Resource Kit.
****************************************************

As with other languages, the first program that is generally written
is the "Hello, World" program.  Open an editor (Notepad or the DOS Editor program will do) and enter the following line:

print "Hello, World!\n";

Save the file as "hello.plx", and at the prompt, enter:

c:\>perl hello.plx

Assuming that your PATH statement is set up correctly, you will see:

Hello, World!

Now, let's add some arguements to our little program.  Change the
hello.plx file to now contain the following lines:

if (length($ARGV[0]) == 0) {
  print "Usage:  perl hello.plx message";
}
else {
  print "Hello, $ARGV[0]\n";
}

What we've done now is included arguements, or ways of configuring our script for use at run-time.  The command line arguements are entered one after another, and we could continue to add further error checking to verify correct number of arguements, and the format of each arguement.  However, that exercise will be left to the reader.

Now, let's try something interesting.  What we'll do is enter, say,
the network portion of a class C IP address (the first three octets),
and have our script (called "test.plx") print out the range from 2 to
30 for the host portion (NOTE:  The host portion of a class C IP
address is the last octet.  As the last octet is really a byte, or a
series of 8 ones and zeros, the smallest number possible is 0, and the largest is 255.  The test script can be easily modified to print out the entire range.)

The script "test.plx" should contain the following lines:

-----  begin script  -----

if (length($ARGV[0]) == 0) {
  print "Usage:  perl test.plx IPADDR";
  exit 0;
}
else {
  print "Entering test.  Using $ARGV[0]\n";
}

$ip = $ARGV[0];

$host = 2;

while ($host <= 30) {
  $testip = $ip . ".$host";
  print "$testip\n";
  $host++;
}

-----  end script  -----

Run the script by typing:

perl test.plx 131.120.67

at the command prompt, and you will see the full class C addresses
scroll by.

********************************************************
PROGRAMMING NOTE:  We've seen a couple of simple scripts so far, and now is a good time to mention a couple of things.  As you can see, Perl has the familiar control structures (while and for loops, if/else statements, etc).  Variables are prefaced with the "$" symbol, arrays are prefaced with the "@" symbol, and hashes are prefaced with the "%" symbol.  Perl is capable of much more, to include sorting and formatting text, all sorts of error-checking, etc.  Also, keep in mind that the motto of Perl is "there's more than one way to do it".
********************************************************

Now, what is the use of this?  What can I do with this?  If you
remember an earlier GTMHH that dealt with accessing win95 machines
across the Internet, there were a couple of commands that are native to win95 (and NT) that we were interested in, and some particular responses that we were looking for.  As a review, we used the "nbtstat" and "net view" commands, and the particular response we were looking for was the hex code "<20>" in the NetBIOS Name Table, indicating that the host was advertising shares.

******************************************************
NEWBIE NOTE:  For the nbtstat and net commands to work, you have to have NetBIOS installed.  To install NetBIOS, choose Control Panel -> Network -> Add -> Protocol -> Microsoft -> NetBEUI.  Also make sure that you have "Client for Microsoft Networks" installed.
*****************************************************
****************************************************
SYSADMIN NOTE:  The following Perl script can be used to scan your subnets and look for win95 hosts that have been modified to enable file and print sharing, or that have had additional shares added to the list.
******************************************************

The following script can be used to scan a class C IP address range, looking for win95 hosts with sharing enabled.  If a host is found to have sharing enabled, the IP address will be printed to a log.  If "net view" returns any disk shares, those disk shares will also be added to the log.

NOTE:  This script does only minimal checking of the arguement passed to it.  The required arguement is the network address of a Class C IP address; ie, 132.67.89 (NOTE:  Do NOT add a trailing period).

-----  begin script  -----

//  script:  sweep.plx
//  usage:   perl sweep.plx classCIP
//  author:  Keydet89@yahoo.com

// check number of arguements; if the command line doesn't
// have the correct number of arguements, quit.
//
// the format for the arguement is the first three octets
// representing the network address of a Class C IP address
// ie, 130.20.67 (NOTE:  do NOT add a trailing period)
if (length($ARGV[0]) == 0) {
  print "Usage:  perl sweep.plx classCIP";
  exit 0;
}
else {
  print "Starting sweep.  Using $ARGV[0]\n";
}

// open log file for saving data
// Note:  You can maintain a running log file by using the
// appropriate redirection operator...ie, open(LOG,">>sweep.log")
open(LOG,">sweep.log") || die "Could not open log file.";

// assign arguement to a variable to make it easier to use
$ip = $ARGV[0];

// assign first host; generally speaking, host = 1 is
// used for the router interface leading into the subnet
$host = 2;

// span hosts through 254
while ($host < 255) {

// put IP address together
  $testip = $ip . ".$host";

// verify that IP address is properly constructed
  print "Trying $testip\n";

// open the nbtstat command
  open(NBT, "nbtstat -A $testip | ");

// the following while loop looks for the <20> entry
// in the NetBIOS Name Table.  If found, indicate that file
// sharing is enabled and write the data to the log.  Do the
// same with "net view", writing disk shares to the log.
  while(<NBT>) {
    if (grep(/<20>  UNIQUE/,$_) {
      print "Sharing enabled.\n";
      print LOG "Sharing enabled for host $testip\n";

      open(VIEW, "net view \\\\$testip | ");

      while(<VIEW>) {
        if (grep(/Disk/, $_) {
          print "Disk share: $_";
          print LOG "Disk share: $_ ";
        }
      }
    }
  }

// increment the host portion of the IP address
  $host++;
}

// close the log file
close(LOG) || die "Could not close log file: $!\n";

-----   end script   -----

That's it!  With a little thought and imagination, not to mention
knowledge of Perl, anyone (sysadmins, especially) can modify this
script to gather more information, or attempt to access the shares
that are identified.

****************************************************
EVIL GENIUS or SYSADMIN NOTE:  There is a Win32 extension called Win32::GetNextAvailDrive.  This extension can be used in combination with the "net use" command to map drive shares to the local machine.
***************************************************

Please note that a script similar to parts of the above script can
be found in the appendix of Simple Nomad's NT Hack FAQ
(http://www.nmrc.org/indexg.html).  That script was written by Dave LeBlanc of ISS...but I could not get it to work on my system.

There are other neat little things you can do with Perl.  Here's one
out of the "Learning Perl on Win32 Systems" book (by Schwartz, Olson, and Christiansen):

-----  begin script  -----

use Win32;
($string, $major, $minor, $build, $id) = Win32::GetOSVersion();
@os = qw(Win32s, Win95, WinNT);
print "$os[$id] $major\.$minor $string (Build $build)\n";

-----   end script   -----

Run this script, and you'll get version information regarding your
operating system.

Another nifty little trick you can use Perl for is a port scanner.
Win95 will make use of the IO::Socket module, allowing you to
access TCP sockets.

************************************************
SYSADMIN NOTE:  One of the things that a sysadmin/webmaster should do when maintaining a site is to either delete or change the banners that appear for their services.  This makes it harder for a potential attacker to figure out what operating system he is dealing with. Along those lines, Perl can be used on the web server to listen for PHF exploit attempts.  You can write a script so that when someone attempts the PHF exploit, the script sends them a bogus /etc/passwd file (this is particularly tricky for NT admins...NT doesn't have an /etc/passwd file!!) and then emails the sysadmin the environment variables that are available from the browser.

Further, Perl has a great deal of utility with regards to NT
systems.  As mentioned above, the modules work on NT, but not on
Win95.

One of the uses of Perl on Un*x systems is to cull log files, looking
for suspicious activity.  You can do the same thing on NT with the
Event Logs.  You won't be able to get near the sophistication of
some expert systems used in intrusion detection software, but you
can do quite a bit.  By enabling auditing on the correct events, and
generally locking down your security overall, you can do quite a bit
to keep on top of things.

Speaking of security, you can also use Perl to create, examine, and
change Registry entries on NT.  (NOTE:  Before doing anything with the NT Registry, run the RDisk utility, and only make one change at a time.)  For example, you can create a script that will create or enable certain security features, such as producing a login banner, enabling Syskey encryption of the Registry on SP3 systems, etc.

Using Perl in combination with the command line tools available from the Resource Kit will give you an incredible toolkit, allowing you to handle any situation that may arise.
*************************************************

In the future, look for a Perl for Win32 article dealing with
NT-specific issues.
 


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

 

Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.