0

If you don't install perl/python on your system then hackers can't use it (or they would make themselves obvious if they installed it)? I am just trying to understand why these languages are apparently useful for hackers. Seems bash/dos would be more useful.

kotozna
  • 143
  • 4
  • 2
    How did you get the impression that "these languages are apparently useful for hackers"? You might have misunderstood the context. – Philipp Oct 26 '14 at 17:19
  • Google...eg. http://security.stackexchange.com/questions/20473/what-defines-a-programming-language-as-useful-for-hacking – kotozna Oct 26 '14 at 20:01
  • Perl is installed by default on almost all *nix systems, except FreeBSD – Neil McGuigan Jul 19 '16 at 19:45

2 Answers2

3
  1. Not every attack requires running Perl/Python scripts on your machine. Exploiting buffer overflows, SQL injection via a network interface and others have no requirement for Perl/Python. Using those languages can make creation and delivery of the payload much easier

  2. Yes, an attacker could install their own interpreter. Depending upon the level of compromise (rootkit) and the common usage of the system (prod vs test) the installation may or may not be detectable and may or may not be dismissed if detected

  3. These languages were once the new, hot, sexy thing to learn, much like ruby and jquery are now. Many security experts wanted to learn these languages and so used them to create tools.

  4. Today, there are multiple tools that use these languages. This creates some amount of momentum to continuing to use these interpreters.

  5. These interpreters are pre-installed on many operating systems and run pretty consistently on different platforms. This makes development, test, and reuse easier. It also makes exploit easier when victim systems already have the interpreter installed.

  6. These interpreters have many highly useful libraries that provide extremely useful functionality. This makes tool development much easier. Tis functionality may not be as easily available with sh/dos. Especially so, consider that sh/dos relies on other programs to do most of the work, and can provide minimal builtins.

  7. Dos provides very limited scripting capability. It's very difficult to do something really complex with a dos script.

  8. Just like your interpreter of choice may or may not exist, the same may be said of almost any other software. Unix systems don't actually require a shell to operate. Missing the shell makes it more difficult to maintain, but it will still run.

  9. In situations where an interpreter is used on a system, both the interpreter and script may contain vulnerabilities. Hackers may enjoy exploiting these preinstalled vulnerabilities. Well known vulns make it even easier.

There are probably other considerations that make your common interpreter of choice no worse than and probably better than sh or dos, but I am too lazy to write more.

atk
  • 2,156
  • 14
  • 15
  • @kotozna happy to oblige :-) – atk Oct 26 '14 at 16:31
  • For #4 metasploit is written in ruby, unless I missunderstand what you mean by this point? – KDEx Oct 26 '14 at 18:32
  • IIRC, metasploit was originally written in python. It may gave been something else, but metasploit has been around longer than ruby has. Additionally, iirc, metasploit modules were historically written in python. – atk Oct 27 '14 at 01:28
  • Metasploit versions 1 & 2 was originally written in Perl, the change from Perl to ruby was [explained on the mailing list](https://dev.metasploit.com/pipermail/framework/2006-October/001325.html) – wireghoul Nov 14 '14 at 00:30
  • @wireghoul it appears you are correct and I was mistaken :). I have updated the answer to remove the nod to metasploit. – atk Nov 14 '14 at 00:50
1

In most cases the hacker has whatever scripting language he/she prefers on their own system. They use that scripting language to build their custom attacks to exploit a vulnerability in a remote exposed service.

You may be under the impression that the hacker uses python/perl to install their program on a remote host. This indicates that the hacker already has control. Unless we're talking about malware/trojans how did the hacker gain access to begin with? That is with their python/perl/whatever script they used to get a remote shell.

From there your remote shell will most likely be either bash or (preferably) powershell. Now you can continue to compromise the target network.

Edit

For further reference on why python/perl are popular 'hacking' languages check out this SE question.

KDEx
  • 4,981
  • 2
  • 20
  • 34
  • Ah I see. I was thinking hackers might use perl/python to cover their tracks once they are on the system. – kotozna Oct 26 '14 at 19:58
  • @kotozna Programming language isn't quite relevant to the covering tracks portion. Check out the edit for further info on your question. – KDEx Oct 26 '14 at 20:06