i dont some simple php injection but im picking a language to study and master before i move onto another and i narrowed it down to python/perl/java but can someone run down a quick basic tutorial of how a script actually works
i know u write 1 out in a txt editor and compile it but how would you run it? double click it? and perhaps if it was a vulnerability script how would you set it to access that particular box? i dont tend to use the last stated information for unlawful acts but just the concept confuses me.
any information given will be greatly appreciated.
code noob
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
usually you run it command line, simply by starting the engine and telling it what file to use, for example:
Code: Select all
perl script.pl
Yes
Yes with Python you would type
to execute it. Assuming the environment variables are set to point to your python interpreter.
You can compile python code into an executable using py2exe and create an installer using spoon installer for basic stuff
py2exe
Spoon Installer
As for your other question about running a hack do you mean an RFI or are you referring to a different type of exploit
wiki explains RFIs here quite well
As for remote exploits to quote wiki
Although I could be way off
*cheers*
maboroshi
Code: Select all
python /path/to/script/script.py
You can compile python code into an executable using py2exe and create an installer using spoon installer for basic stuff
py2exe
Code: Select all
http://sourceforge.net/projects/py2exe/
Code: Select all
http://sourceforge.net/projects/spoon-installer/
wiki explains RFIs here quite well
Code: Select all
http://en.wikipedia.org/wiki/Remote_File_Inclusion
So running a Remote Exploit will most likely involve specifying the victims IP address (search www.google.com for what is an IP address) Executing the Exploit and then to telnet to the ip/port specified. A good start for learning imo would be http://www.metasploit.com/"A 'remote exploit' works over a network and exploits the security vulnerability without any prior access to the vulnerable system."
Although I could be way off
*cheers*
maboroshi
Last edited by maboroshi on 24 Dec 2008, 13:55, edited 1 time in total.
-
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
Python and Perl run off what is referred to as a Interpreter. The interpreter executes the script line by line, so you must call the interpreter to execute the code as bad_brain showed an example of perl.
Most Perl scripts have built in global variables for the target machine, so you would have to open up the script and specify the target. Meanwhile, others you can pass through as a parameter of the target host for example:
Global variables are normally easy to spot because they layout the scope of a normal function and they are normally commented if the script is scripted by a good programmer.
PHP,Python,Perl, and Ruby are all scripted languages and can be run under the commandline. Java uses bytecode which is like an interpreter but more of a virtual interpreter that translates and executes the bytecode into machine code that can than be executed by the processor. But java can also be accessed by the commandline, or by a Java console.
Edit: Maboroshi is our python expert. Learn from the best.
But I would warn about he compiler for any scripted language, most of them make a bloated file with a bunch of .dlls to run, so unless you are developing well put programs as Maboroshi does and want to distrubute it to people who don't have such a language as perl or python than you really don't have to compile the script into an executable.
Most Perl scripts have built in global variables for the target machine, so you would have to open up the script and specify the target. Meanwhile, others you can pass through as a parameter of the target host for example:
Code: Select all
perl script.pl -127.0.0.1
Global variables are normally easy to spot because they layout the scope of a normal function and they are normally commented if the script is scripted by a good programmer.
PHP,Python,Perl, and Ruby are all scripted languages and can be run under the commandline. Java uses bytecode which is like an interpreter but more of a virtual interpreter that translates and executes the bytecode into machine code that can than be executed by the processor. But java can also be accessed by the commandline, or by a Java console.
Edit: Maboroshi is our python expert. Learn from the best.
But I would warn about he compiler for any scripted language, most of them make a bloated file with a bunch of .dlls to run, so unless you are developing well put programs as Maboroshi does and want to distrubute it to people who don't have such a language as perl or python than you really don't have to compile the script into an executable.
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]