Programming techniques on the pearl: We write the escess logger
Programming techniques on the pearl: We write the checker accsess log.(By Rel4nium | ngh.void.ru)
In this article I want to talk about the basics of programming on a pearl on a concrete example.
The first thing you need is an interpreter pearl. In linux-like systems, it is available
By default, but if you decide to program under * win then you will need: ActivePerl.Download,
Establish, problems should arise should not. I will not longly rassusolivat, and I shall pass to business,
So, let's proceed.
The purpose of the script is to probe the server for the presence of web shells in the system, execute
Commands through vulnerable scripts.
After we come up with the purpose of the script you need to determine what it should be able to do,
To make an algorithm of work.
Abilities:
- Work with files, open / close / read / write
- In order to consider the necessary information, it is necessary to organize the selection rules
- Search in the required file
- Enter search results in the log file
Algorithm:
1) you need to open the server log file
2) compile a search base for the desired names of files, commands, requests
3) enter it into the array
4) a large array of script names, etc., to enter into another array
5) organize a full array of searches
6) display the search result on the screen
7) record the result of the search in a file
Now proceed to writing the script code itself, following the above points.
#! / Usr / local / bin / perl
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^
The first line in the script, it tells the interpreter that this is a perl application.
# Apache log checker
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^
The grill symbol is used to insert a comment into the body
Print "\ n";
^^^^^^^^^^^^
The purpose of this command is to display some information on the screen, or output it to
File. In this case, this command is used to be simply skipped
String, ie \ n is used to move a string.
Print "[Log check for Apache \ t";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Display the phrase [Log check for Apache, after this phrase we use tabulation (ie as
Use the tab button). Pay attention to the syntax of writing the code, after the command print
We have double quotes, and already in them we prescribe that what we need to bring to the screen,
And the code binding field is used with a semicolon. If there is not any of these elements,
The interpreter will not like this pearl, and he will spit out a mistake.
The error can be of the form:
Syntax error at /patch/to/script.pl line 9, near "print"
Exclusion of /patch/to/script.pl aborted due to compilation errors.
From this error we can understand the following:
Error in the syntax, in line 9 in the print function, the script is interrupted due to compilation errors.
Ie the interpreter tells us that he does not like it, it remains only to correct the error in
9 line.
Print "(C) Next Generation Hackers Group> coded by rel4nium]";
Print ">>> Big thanks to Cr4sh and Gotius \ n \ n";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I spoke about typical bundles of code above.
$ File = "access.log"; # Log file
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^
Now let's look at the code a bit more complicated. In this bundle, the variable $ file, I assign the value
Access.log (I will no longer work with the file name, in our case access.log, but with the variable
$ File, which greatly increases the ease of use of the code)
###########################
# Web shells:
@search [0] = "nstview"; @search [1] = "remview"; @search [2] = "r57shell";
@search [3] = "nghshell"; @search [4] = "c99shell"; @search [5] = "dump_price";
@search [6] = "phpMyAdmin"; @search [7] = "bd.pl"; @search [8] = "KA_uShell";
@search [9] = "phpshell"; @search [10] = "r57pws"; @search [11] = "WebShell";
@search [12] = "shell"; @search [13] = "cmd ="; @search [31] = "telnet.cgi";
# Commands:
@search [14] = "ls -al"; @search [15] = "wget"; @search [16] = "curl";
@search [17] = "uname";
# Shell requests:
@search [19] = "ac = shell"; @search [20] = "work_dir = /"; @search [21] = "tmp";
@search [22] = "img = 1"; @search [23] = "img = 2"; @search [24] = "d =";
@search [25] = "& ef ="; @search [26] = "& shell = 1"; @search [27] = "c = l & d =";
@search [28] = "c = d & d ="; @search [29] = "php & var ="; @search [30] = "c = v & d =";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
In this piece of code, I use an @search array with variables from [0] to [30] .Te into an array
I enter 30 elements, in my case 30 words. ALWAYS the numbering of variables should
Begins with 0.
############################.
Open (FILE, "$ file") || Die "Apache log File not found \ n"; # Error? Check the specified path to the Apache log file
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^
I open the file (you remember in the beginning I was talking about equating the variable $ file, the log file access.log, here
Now this is what we needed, as you see, I do not enter the file name, but use a variable).
The design of opening the file is simple: open (FILE, "$ file")
Open - the command to open the file
FILE - handle file (the handle is again used for convenience, so in the future we can work not with
Variable $ file, and just use its handle). Again, pay attention to the rules for writing a bundle
Code. A || Die "Apache log File not found \ n"; It is used to display an error if the file
not found.
While (
^^^^^^^^^^^^^^^^^^^^^^^^
Start the FILE handle with a while loop (ie at the beginning there was access.log -> $ file -> FILE). The Cycle is
Repeated operation. In our case, we simply loop the access.log file, in order to find the
The necessary words. The loop is executed until all words are found (from the @search array)
{If (/ (@ search [0] | @search [1] | @search [2] | @search [3] | @search [4] | @search [5] | @search [6] | @search [ 7] | @search [8]
@search [9] | @search [10] | @search [11] | @search [12] | @search [13] | @search [14] | @search [5] | @search [16] | @ Search
[17] | @search [19] | @search [20] | @search [21] | @search [22] | @search [23] | @search [24] | @search [25] | @search [25 ] | |
@search [26] | @search [27] | @search [28] | @search [29] | @search [30] | @search [31]) / i) {push @matches, $ _;}}
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^
Here we use the logical operation if (if), enclosed in the {} brackets. Here is the process of searching
Variables of the array @ search.This condition goes like this: if any of the variables of the array @search
Found, it is stored in another array, called @matches.
As a result we get 1 array @matches, with the variables of array @search found in the file access.log.
Print @matches;
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Output the contents of the @matches array to the screen
Print "Work is finished! \ N";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Show on the screen Work is finished!
Open (LogFile, '>> logfile.txt');
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Create and open the logfile.txt file (with the help of the supplied files >>, these square brackets indicate
That you need to create a file for writing and open it). Then we assign the handle to LogFile
Print LogFile "IP adress \ t Time \ t \ t \ t \ t Script's \ n";
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^
Write to the open logfile (ie directly into the logfile.txt file)
Print LogFile @matches;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^
We print into the log file the contents of the array @matches, ie the queries / names of the @search array found.
Print LogFile "Work is finished! \ N";
.
We write to the log file that the work is finished
Close FILE;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Close the log file (with which this script works)
Close LogFile;
.
Close the log file
EOF
^^^^^^^^^^
Program completion line
Now the script is ready to work, and will be useful for the needs of the system administrator))
I think, with the help of my article, you understood a little the syntax, the main functions of the perl language,
And now you can already study the pearl further and deeper.
> I advise you to read:
Clinton Pierce Recognize yourself Perl for 24 hours
Perl Language Specification
> URL:
Www.wmate.ru
Www.codenet.ru
Ps Download the script described in the article is possible with ngh.void.ru/soft/d/checklog.rar
Comments
When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.