How to execute and find Perl exploits

posted on January 26th, 2007


In computer security, an exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to get unintended or unanticipated behavior out of computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack. [source: wikipedia]

That’s exactly the thing we want to do isn’t it? In the next few steps I’ll teach you how to find and execute an exploit while running Windows.

1. First you need to get an exploit. You can use the a Google term like “wordpress exploit”. Soon you’ll find out that http://www.milw0rm.com/ is one of the best sites to find exploits (the search button is on the top of the site).

2. Found an exploit? Let’s verify that it’s a Perl exploit. The source of Perl exploits always start with the following:

#!/usr/bin/perl
#

3. Now download the exploit or save it as a .pl file. If you can’t download it, copy the source in notepad and save it as exploit.pl

4. Download ActivePerl.

Windows (x86)http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.819-MSWin32-x86-267479.msi

Windows (x86_64 AMD64): http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.819-MSWin32-x64-267479.msi

5. Install ActivePerl by executing the file you downloaded. Hit next a few times, mark “Add Perl to the PATH” and “Create Perl file extension variable”, click next again and hit install. After the installation hit finish.

6. Now open an command prompt. In Windows Vista: Press [Windows Button] + [R], type ‘cmd’ without the quotes and hit enter. In XP go to start > execute, type ‘cmd’ without the quotes and hit enter.

7. Browse to the folder withe the exploit.pl. I hope you know how to use the command prompt, if you don’t I’ll suggest you’ll leave this site now cause exploits can do serious harm and I don’t think you know what you are doing. If you knew how to do it a few years ago and can’t remember: ‘cd ..’ to ‘leave the folder’ and ‘cd folder’ to open a folder. Use ‘dir’ to list the contents of a folder.

8. Arrived in the right folder? Type exploit.pl and hit enter. There’ll appear some sort of usage instruction on the screen. Example:

exploit.pl <www.example.com> </path/> “cmd”

This means that you need to type exploit.pl followed by the website’s URL (www.example.com) and then followed by the path, the location of the script you’re going to exploit (/path/).

9. All you need to do now is think twice and then hit enter.

10. I hope you understand that it is illegal to use exploits on things/sites that aren’t yours.  This site isn’t responsible for your actions, we only provide information for people who want to know HOW to do it, not for people that WANT to do it. Forget everything you read above if you think that you are going to do some harm with the information.

11. Make a donation to paypal@profit42.com, I need to get a new computer….

One comment:

  1. kabababrubarta said on March 27th, 2007 at 1:52 am :

    Nice site! kabababrubarta

Leave a Reply