Hello, everybody, and welcome to the episode number 16 Up the RC Speakers. Vitamin Pearl Scripts. My name is Hal Ham, Georgina, and I'll be your instructor for today's session.
The Learning Operative system to say Understand how Fighting and Pearl can help us to gather information and create an executed scripts to help us in our penetration testing process.
So let's get a starter.
Well, first, this Let me do the meet,
tells you. In that scenario, I need I have and you can. You know we can go from that and create a script from from scratch.
First, let's say that we went to find all the files in within specific extension because we already let's say that we already had a bag dirt for Alina's machine. And let's say that this that this is actually the term in up from from Lennox back there we have. So
we can, you know, just create a file here. And but it's like, you know,
So I bury that Pai Tun
um and then we can import,
and, you know, we can tell, uh, ch dear to actually go to this specific location,
gosh, look at me forward slash that stop
And in that location close this in that location for filed in glove, Doc glove. And we tell him Thio, we want to actually get any file with a t X t extension.
Okay. And then just print
and we have to use each mode here to give it execute permissions.
And they just called Titan
There's a problem here. Oh, I didn't put I'm sorry.
Let's go back as this is a Ford. I have to
Okay, I have a least files here
were list that 61st. Name the 60. We used these files for previous video I Pierre I p's look t x t tested. Tested, You know, you get idea. So, yeah, we did actually find files, but this will only find files in that specific location.
What if we actually want to traverse directories and let's say that we actually want to find
files in entire always system or in the tire fire file system for for Arlene us. So we can just,
shall we modify this or Korean You? Let's just create a new one
and, you know, again import us
There's files in the OS dash. I'm sorry. That walk.
And what's the directory again? From the root.
Oh, this will take away. Ah,
We up in the four cycle?
if filed, that ends with
and we actually went to find again
Ends with that T x t.
1234567 Night, Day 789 dot Didn't judge me. You know, I don't like to use staffs. They go away, uh,
out of proportion when writing in terminal or when you see Nana. So I like to use a spaces, so yeah, unjust.
Print us the path that
and root the Kama file
close on its seafood. Worse if the worse. It will be the first time in history for me. I will work without any any profits.
you execute permissions
And there you go. You see? It never works for me at first, right?
Ah, I forgot once again.
This enough I No way.
I think my brain just
don't want me to see that
and executed in a lot of information came back. I mean, I have a lot of t x t files, so, uh, but eventually went well, that will be useful. I mean, we can actually even grab that,
for example. Uh, oops.
Sorry about that. For example. What happens if we actually grab? I don't know.
contains the word open.
And we'll get a better list for that. Uh,
yeah, I I heard you saying I don't want to do it in in the terminal, because this is called I am. I'm sort of pipeline and pearl scripts. I want to do it in Pearl. Okay, invite. Um, sorry. Okay, let's modify.
Um, the disc will be half
to include search for specific ward.
So we have no way we can just the same. Because at the end, we're just,
you know, get we're getting the same information. So we way actually file ends with we'd be risky. There is his line,
and we can actually still with open west dot
Um, but that join Groot file
you know, if I go here and I say if
and we're basically telling here Oh, I
We actually are telling here t to their pipeline script, too.
Open the file. You know, we already located to fire two op in it.
You know the file us f And if the possible, if the word password is in the file, where were you know, when we're reading it?
Let's do something about it.
I hate that path of sorry
And let's see if this works
How did the word? So it is. Actually, I'm gonna cut it right here is actually telling us that this file, right? This the file right here contains the word password inside.
So this is kind of a big deal to us, because maybe we're trying to escalate privileges. Um,
and, you know, we're trying to get maybe receive the user to leave. Ah, file with the password. I mean, I have seen I have seen cases where the user. Just, uh,
half mean it doesn't have the common sticky note attached today or paste in the keyboard or in or in the monitor with the password. But it does have a t x T file with all the user name and password for all the system cast.
Uh, this is where, uh,
single sign on guns handy when you just have to learn. I really, really long pass phrase. But this pass phrase will work for several systems. Use your company. So, yeah, I've seen cases where the user name that the users have user name and password in a text e file. So
maybe this script will find it
and report back to us
just to make sure. Let's change the words to look for, um, you know,
just to see if this is actually working is not
returning false positives.
this is not something you will find.
I hope you die right out correctly.
And he's finally finding finding, finding It doesn't seem that is finding something. Actually, it failed first.
Yeah, but you get the point. Um it's not something I will find in the inn here, so yeah, that can help us achieve several stuff that we went to a cheap. Um,
again, this is just an example how you can actually do that. But, um,
you can create your own port scanning tool with fightin. Maybe you don't want em up or h being to do the job, because there Now, I see they don't have the our options you want, and you just want to create your own ports cannon, and that's totally fine. You can actually create it
or you just want to, you know, automate a task, maybe download a list of names and get that be from the list of names and then see those FBI are actually responding. Or maybe before much trace route
For those I piece, I don't know. Whatever task your think about it, I let me assure you, you can actually, or maybe you can you can actually even use em up as you can. You know, call terminal commands or bash commands from from the Spuyten Strip. You can, you know, execute several commands from from from the pipe in strips.
And am I being one of them? And then maybe if you exploit Evelyn ability, maybe you want to already upload on it Got excusable to the victim or whatever
Whatever test will think about it, you can automate automated with, um ah, heightened strip. But, you know, let's switch to Pearl out.
So let me just create here a file,
for peril. And, you know, first would tell it to executed with pearls
knotting friends here. Just tell it to go with Pearl.
Okay. Ah, use strict.
I'll just copy paste entire thing.
Yeah, Yeah, You know, I'm Lacey, but I don't want to waste your time.
Let me just explain to you you can see that it was, you know, a long strip just to write it by hand. Especially when I forget to pop to put all the fire, all the all the symbols And you know,
eso basically in this long Not that long, but you know, long enough script to write it myself. I'm just trying Thio, see? No execute. If I execute withdrew privileges, I can see that the files are winnable.
We're trying to find all the files that are readable
by a specific user, in this case by the current user.
Okay, Uh, this is just I'm just gonna leave you right there in, you know, little files for current user, and they will print off them.
and basically siege mode,
and you can also use seven. Remember day seven for the owner, then the group than the rest of the world in this living system, you know, 777 That's fine. I don't care.
And if I just go here
executed, he will have quiet number.
Main files are actually readable by the by the AB
by the route user. But what happens if I switch? Ah,
users in Cali or, you know, yeah. If I switch users in college?
Uh, yeah, a sigh. Don't have let me see if I had another A different user. I can't remember.
Oh, no, you don't have. Okay, let's re one. Okay.
Barn was, uh, uh, extra bottles for this car for this session at the user.
it will be, you know,
uh, I'll hand drug. You know,
we created a buzz word. I know. Um,
Once I actually know what I'm going to use a three. The simple password. That's 123
Okay, full name hands with you now.
Route number one number. I don't know.
Information is great. I guess so. Yeah, that's correct.
Okay, if I go to cut password. Did I have
the number? So as we see as we saw in the previous, you know, execution of the borough, man, I had a lot of information that was actually readable by me by the road user. Uh, you know, if I execute this, uh, with, uh, you know, I just suits you, sir.
I just my user and I have to know,
I can see that. Not that much file, but that's a point, you guys. I mean, we already we can know which files we can find locations. We can even final attention where you can write files too. I mean, you you will face several in your penetration testing process.
You will see that most of time
you will end up trying to find
where you can actually read, uh, say files or upload files or, you know, see what files can be actually, uh, modified but U s Oh, yeah, you can actually
right this type of code so you can actually get, um,
the information you're looking for And you know, later in this course, we'll see something called sticky bit. Um, where you know, there's a configuration problem. Um,
where you know, file it's execute evil. It will be executed with Ruth permissions, but it's actually can be modified and execute by by any any user in
in the college system or in the linear system. And this will help. It will help you to escalate privileges, but we'll see that later in the courts. But for now, you can see the magic of use in Piketon Peril Scripts for, you know, really, really scenarios like the one I just know
But that's the point. You can automate and execute all this, um, in an automatic way so you can make your life easier.
Post assessment questions eyes this information gathering technique considered to be passive or active Well, definitely active. Even some of this information gathering to Nick's can be executed once you're in the big game system. When you're in in the Big 10 system.
Uh, so yeah, it's definitely active.
How can you important modules and fightin. We'll just write the command import and the modular wants important That set
what is performed by the command sees mode at plus X Well, this actually to give execute permissions to the file you are looking for or do you want
be summary? In this video we saw some fightin Pearl scripts to perform several bed testing techniques that makes our task.
We executed sump item pearl scripts to understand how How can they help us in our pain testing process?
Supplemental material I found really useful. I mean, I found this page really useful. It has, ah, lot off information about how to execute pipes and commands or biting scripts, and it actually has some really life scenarios. You can you can help you with your to sharpen.
programming skills. Ah, and also to go to for perilous. You know, they were page Pearl that are, um, yeah, you can You can go there and find, you know, sharpened your pearl scripts. So most of the time I get the question they have to be a programmer to be a pin fester. Well,
you don't have to be a master in programming, are inviting more in peril. But, you know, knowing the basics on, you know, getting familiar with the scripts, languages and everything, it can help you because you sometimes we'll end up my fine
squibs said. We're already created to exploit a vulnerability,
and most in some of the time you will actually have to create your own scripts
to actually exploit will then ability. So, yeah, maybe you don't have to be a master, but you do have to, uh,
you had to be familiar with when they had programming languages. You will, you will be using. And it could be only one. I mean, you can go in a state with fightin, and that's perfectly fine. But some public exploits you'll see it will be written in peril
in Ruby on the other problem languages. So you just have to know the basics
off its programming language a list
and look forward in the next video. We'll cover Sambolin ability scanners. Well, that's it for today, folks. I hope you're the video and talk to you soon