Introduction So you have read tons of tutorials , guides , FAQ's and you have some kind of image of what computer security is ... The next logical step that you should make is to start learning a programming language . I'm not going to describe each language ( its advantages and disadvantages ) because there are tons of paper that cover that ... Instead i will focus on just one language : Perl ( Practical Extraction and Reporting Language ) . This language was written for manipulating text , but it has become one of the best languages available to programmers . You can write games , web applications , about everything you can think of . I wanna show you just how easy it is to write some security tools using Perl . I'm going to start with a port scanner ... for those of you that don't know what a port scanner is , here is a little definition : a port scanner is a program that checks if a certain port is open ( by connecting to it ). 1.The port scanner Code: # scanner.pl use strict; use warnings; use IO::Socket; $|++; my($host,$a,$b)=@ARGV; map { my $s=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$_); print "$_ - open\n" if $s } ($a..$b); That my friends is a very simple port scanner ! You can run it from your command line ( command prompt in windows or konsole in linux ) like this : perl scanner.pl host_to_scan starting_port ending_port 2.The brute forcer Perhaps you gained access to some computers , or you're just testing a password to see how strong it is . One of the most used encryption method is the md5 algorithm ( it's also the one used by the Linux/Unix/BSD Operating System ). The md5 hash ( that's the name a password gets after it's being encrypted ) cannot be transformed back to its corresponding word . Let me give you an example : the word "security" after its md5 encryption will become the hash e91e6348157868de9dd8b25c81aebfb9 . Let's say you have the hash and you find out what word it is ... you would have to find a way to decrypt it , which isn't possible because md5 cannot be decrypted ... So that leaves you with the question : so how can i find out what word does a hash represent ? Well , since you can't decrypt it , why not try encrypting words and see if the resulting hash matches the hash we're trying to crack ? Here's the perl code that does that : Code: # brute.pl use strict; use warnings; use Digest::MD5 qw(md5_hex); my $hash=shift || die "Give me a hash to crack\n"; my $file=shift || die "Give me a dictionary file\n"; open(F,$file) || die "can't open the file\n"; while(<F>) { print "Processing $_"; chomp($_); my $t=md5_hex($_); print " $t\n"; die "Found it -> $_\n" if($t eq $hash); } Here's how you run it : perl brute.pl md5_hash_to_crack text_file So you would have to supply it with an md5 hash and a dictionary file ( that has words in it , one per line ) . The script will read each of the words , encrypt it and check if the hash matches the hash we're trying to crack . If it does , we found the word !
Good tutorial!! I want to learn more about Perl. Do you have any book recommendations? Can you write regular Windows programs in Perl like you can in in VB or C#? Is it cross-platform?