code noob

[nightkid]

i dont some simple php injection but im picking a language to study and master before i move onto another and i narrowed it down to python/perl/java but can someone run down a quick basic tutorial of how a script actually works
i know u write 1 out in a txt editor and compile it but how would you run it? double click it? and perhaps if it was a vulnerability script how would you set it to access that particular box? i dont tend to use the last stated information for unlawful acts but just the concept confuses me.
any information given will be greatly appreciated.

[bad_brain]

usually you run it command line, simply by starting the engine and telling it what file to use, for example:

Code: Select all

perl script.pl

[maboroshi]

Yes with Python you would type

Code: Select all

python /path/to/script/script.py

to execute it. Assuming the environment variables are set to point to your python interpreter.

You can compile python code into an executable using py2exe and create an installer using spoon installer for basic stuff

py2exe

Code: Select all

http://sourceforge.net/projects/py2exe/

Spoon Installer

Code: Select all

http://sourceforge.net/projects/spoon-installer/

As for your other question about running a hack do you mean an RFI or are you referring to a different type of exploit

wiki explains RFIs here quite well

Code: Select all

http://en.wikipedia.org/wiki/Remote_File_Inclusion

As for remote exploits to quote wiki

"A 'remote exploit' works over a network and exploits the security vulnerability without any prior access to the vulnerable system."

So running a Remote Exploit will most likely involve specifying the victims IP address (search www.google.com for what is an IP address) Executing the Exploit and then to telnet to the ip/port specified. A good start for learning imo would be http://www.metasploit.com/


Although I could be way off

*cheers*

maboroshi

[ebrizzlez]

Python and Perl run off what is referred to as a Interpreter. The interpreter executes the script line by line, so you must call the interpreter to execute the code as bad_brain showed an example of perl.

Most Perl scripts have built in global variables for the target machine, so you would have to open up the script and specify the target. Meanwhile, others you can pass through as a parameter of the target host for example:

Code: Select all

perl script.pl -127.0.0.1

Global variables are normally easy to spot because they layout the scope of a normal function and they are normally commented if the script is scripted by a good programmer.

PHP,Python,Perl, and Ruby are all scripted languages and can be run under the commandline. Java uses bytecode which is like an interpreter but more of a virtual interpreter that translates and executes the bytecode into machine code that can than be executed by the processor. But java can also be accessed by the commandline, or by a Java console.

Edit: Maboroshi is our python expert. Learn from the best.

But I would warn about he compiler for any scripted language, most of them make a bloated file with a bunch of .dlls to run, so unless you are developing well put programs as Maboroshi does and want to distrubute it to people who don't have such a language as perl or python than you really don't have to compile the script into an executable.

[nightkid]

thanks for the replies guys. you gave alot of useful information, as for my primary language i think i will use perl. and also thanks for the links, you guys are the best.

[maboroshi]

I agree with you ebrizzles on the code bloat with compiling Interpreted Applications.

Maboroshi