Sunday, November 30, 2008

Make ur own security Tool

So you have read tons of tutorials , guides , FAQ's and you have some kind of image of what computer security is ... The next logical step that you should make is to start learning a programming language . I'm not going to describe each language ( its advantages and disadvantages ) because there are tons of paper that cover that ... Instead i will focus on just one language : Perl ( Practical Extraction and Reporting Language ) .
This language was written for manipulating text , but it has become one of the best languages available to programmers . You can write games , web applications , about everything you can think of . I wanna show you just how easy it is to write some security tools using Perl .

I'm going to start with a port scanner ... for those of you that don't know what a port scanner is , here is a little definition : a port scanner is a program that checks if a certain port is open ( by connecting to it ).

I.The port scanner

use strict;
use warnings;
use IO::Socket;
map { my $s=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$_);
print "$_ - open\n" if $s } ($a..$b);

That my friends is a very simple port scanner ! You can run it from your command line ( command prompt in windows or konsole in linux ) like this :

perl host_to_scan starting_port ending_port

II.The brute forcer

Perhaps you gained access to some computers , or you're just testing a password to see how strong it is . One of the most used encryption method is the md5 algorithm ( it's also the one used by the Linux/Unix/BSD Operating System ).
The md5 hash ( that's the name a password gets after it's being encrypted ) cannot be transformed back to its corresponding word . Let me give you an example : the word "security" after its md5 encryption will become the hash e91e6348157868de9dd8b25c81aebfb9 . Let's say you have the hash and you find out what word it is ... you would have to find a way to decrypt it , which isn't possible because md5 cannot be decrypted ... So that leaves you with the question : so how can i find out what word does a hash represent ? Well , since you can't decrypt it , why not try encrypting words and see if the resulting hash matches the hash we're trying to crack ?
Here's the perl code that does that :

use strict;
use warnings;
use Digest::MD5 qw(md5_hex);
my $hash=shift || die "Give me a hash to crack\n";
my $file=shift || die "Give me a dictionary file\n";
open(F,$file) || die "can't open the file\n";
print "Processing $_";
my $t=md5_hex($_);
print " $t\n";
die "Found it -> $_\n" if($t eq $hash);

Here's how you run it :

perl md5_hash_to_crack text_file

So you would have to supply it with an md5 hash and a dictionary file ( that has words in it , one per line ) . The script will read each of the words , encrypt it and check if the hash matches the hash we're trying to crack . If it does , we found the word !

This concludes the first part of building your own security tools . Next time we'll talk about creating a bot and keeping track of your filesystem.

Do you Enjoyed Visiting our Blog then You may Also Intereted into Receiving Daily updates by mail. No Spam One Mail per Day.Just Check your Spam Box After Subscribing to Our Blog And make Our Mails Spam free in your Mail Box.Enter your email address:

Related Posts by Categories


Post a Comment

Earn Money

Blog Archive


Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com