Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Making your own security tools (http://www.go4expert.com/articles/security-tools-t2551/)

vishal sharma 15Jan2007 00:02

Making your own security tools
 

Introduction



So you have read tons of tutorials , guides , FAQ's and you have some kind of image of what computer security is ... The next logical step that you should make is to start learning a programming language . I'm not going to describe each language ( its advantages and disadvantages ) because there are tons of paper that cover that ... Instead i will focus on just one language : Perl ( Practical Extraction and Reporting Language ) .

This language was written for manipulating text , but it has become one of the best languages available to programmers . You can write games , web applications , about everything you can think of . I wanna show you just how easy it is to write some security tools using Perl .

I'm going to start with a port scanner ... for those of you that don't know what a port scanner is , here is a little definition : a port scanner is a program that checks if a certain port is open ( by connecting to it ).

1.The port scanner



Code: PERL

# scanner.pl
use strict;
use warnings;
use IO::Socket;
$|++;
my($host,$a,$b)=@ARGV;
map { my $s=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$_);
print "$_ - open\n" if $s } ($a..$b);

That my friends is a very simple port scanner ! You can run it from your command line ( command prompt in windows or konsole in linux ) like this :

perl scanner.pl host_to_scan starting_port ending_port

2.The brute forcer



Perhaps you gained access to some computers , or you're just testing a password to see how strong it is . One of the most used encryption method is the md5 algorithm ( it's also the one used by the Linux/Unix/BSD Operating System ).

The md5 hash ( that's the name a password gets after it's being encrypted ) cannot be transformed back to its corresponding word . Let me give you an example : the word "security" after its md5 encryption will become the hash e91e6348157868de9dd8b25c81aebfb9 . Let's say you have the hash and you find out what word it is ... you would have to find a way to decrypt it , which isn't possible because md5 cannot be decrypted ... So that leaves you with the question : so how can i find out what word does a hash represent ? Well , since you can't decrypt it , why not try encrypting words and see if the resulting hash matches the hash we're trying to crack ?

Here's the perl code that does that :

Code: PERL

# brute.pl
use strict;
use warnings;
use Digest::MD5 qw(md5_hex);
my $hash=shift || die "Give me a hash to crack\n";
my $file=shift || die "Give me a dictionary file\n";
open(F,$file) || die "can't open the file\n";
while(<F>)
{
    print "Processing $_";
    chomp($_);
    my $t=md5_hex($_);
    print " $t\n";
    die "Found it -> $_\n" if($t eq $hash);
}

Here's how you run it :

perl brute.pl md5_hash_to_crack text_file

So you would have to supply it with an md5 hash and a dictionary file ( that has words in it , one per line ) . The script will read each of the words , encrypt it and check if the hash matches the hash we're trying to crack . If it does , we found the word :) !

ReekenX 25Jan2007 03:17

Re: Making your own security tools
 
Nice tutorial!

shabbir 25Jan2007 08:58

Re: Making your own security tools
 
Confine links to signature only

hanleyhansen 25Jan2008 20:59

Re: Making your own security tools
 
Good tutorial!! I want to learn more about Perl. Do you have any book recommendations? Can you write regular Windows programs in Perl like you can in in VB or C#? Is it cross-platform?

shabbir 26Jan2008 11:04

Re: Making your own security tools
 
Quote:

Originally Posted by hanleyhansen
Good tutorial!! I want to learn more about Perl. Do you have any book recommendations? Can you write regular Windows programs in Perl like you can in in VB or C#? Is it cross-platform?

Refer to the sticky thread in the PERL forum


All times are GMT +5.5. The time now is 11:53.