RSA in 5 lines of perl

#!/usr/local/bin/perl -s do 'bigint.pl';

($_,$n)=@ARGV;s/^.(..)*$/0$&/;

($k=unpack('B*',pack('H*',$_)))=~ s/^0*//;

$x=0;$z=$n=~s/./$x=&badd(&bmul($x,16),hex$&)/ge;

while(read(STDIN,$_,$w =((2*$d-1+$z)&~1)/2)){$r=1;$_=substr($_."\0"x$w,$c=0,$w);

s/.|\n/$c=&badd(&bmul ($c,256),ord$&)/ge;$_=$k;s/./$r=&bmod(&bmul($r,$r),$x),$&?$r=&bmod(&bmul($r,$c ),$x):0,""/ge;($r,$t)=&bdiv($r,256),$_=pack(C,$t).$_ while$w--+1-2*$d;print}

Source: RSA in 5 lines of perl

ExifTool by Phil Harvey

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Nintendo, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

Source: ExifTool by Phil Harvey

Calculating distance between longitude and latitude pairs

Problem: I need a simple way to calculate distance between two pairs of longitude and latitude coordinates.

Apparently there are several ways of making this calculation.  Since none of my calculations would exceed 15 miles I was able to use the flat earth calculation which is the simplest but inaccurate as distances increase between the two points according to this wikipedia article.  Here’s a blurb about the flat-earth formula:

Flat-surface formula

A planar approximation for the surface of the earth may be useful over small distances. The accuracy of distance calculations using this approximation become increasingly inaccurate as:

  • The separation between the points becomes greater;
  • A point becomes closer to a geographic pole.

There were a bunch of sites that came up with all the different formulae over this but I’m not launching a satellite or programming a guided missile. The following code came from perlmonks which is a very reputable reference for anything to do with programming in perl. Here is the subroutine I chose to use. Article was written in 2002.


use Math::Trig
sub FlatEarth {
my ($lat1, $long1, $lat2, $long2) = @_;
my $r=3956; my $a = (pi/2)- deg2rad($lat1);
my $b = (pi/2)- deg2rad($lat2)
my $c = sqrt($a**2 + $b**2 - 2 * $a *$b *cos(deg2rad($long2)-deg2rad($long1)));
my $dist = $c * $r; return $dist;
}

Via Finding the Distance between longitude and latitude pairs.

The above code seems to work.  Most of the calculations I needed to do were under a mile.

Decoding radio-controlled bus stop displays

I had the opportunity to observe a display stuck in the middle of its bootup sequence, displaying a version string. This revealed that the system is called IBus and it’s made by the Swedish company Axentia. Sure enough, their website talks about DARC and how it requires no return channel, making it possible to use battery-powered displays in remote areas.

Not much else is said about the system, though; there are no specs for the proprietary protocol. So I implemented the five-layer DARC protocol stack in Perl and was left with a stream of fully error-corrected packets on top of Layer 5, separated into hundreds of subchannels. Some of these contained human-readable strings with names of terminal stations. They seemed like an easy starting point for reverse engineering.

via absorptions: Decoding radio-controlled bus stop displays.

Possible Exploit Vector for DarkLeech Compromises

The script attempted to exploit the Horde/IMP Plesk Webmail Exploit in vulnerable versions of the Plesk control panel. By injecting malicious PHP code in the username field, successful attackers are able to bypass authentication and upload files to the targeted server. These types of attacks could be one avenue used in the DarkLeech compromises. Although not as common as the Plesk remote access vulnerability (CVE-2012-1557) described in the report, it does appear that this vulnerability is being actively exploited. 

via Possible Exploit Vector for DarkLeech Compromises.

How to find out if X is an element in an array?

Try using the modern “smart match” operator:
if ( $tofind ~~ @in )

via How to find out if X is an element in an array?.

Had to do this for a script I’m writing where I need to compare two lists and find out which elements in list A aren’t in list B.   This was the simplest of all the solutions described in the above link.  I haven’t actually implemented this yet…

Update 12/19.  The above does indeed work.  Not sure how they do it.  It would seem comparing two lists of length n would be an O(n**2) problem.  Might have to look into a proper database however it’s still manageable at this scale.

Also, a shoutout to perlmonks.org, a site that usually gets high rankings on my searches for perl related information and that is always concise and easy to read to  divine the info I was searching for.  The above link is a perfect example.  It points to a page that contains a lot of different implementations of what is probably a very common algorithmic problem.

Dig pcap File For Fun and Productivity

To solve the problem I used Perl (feel free to use your favorite language) to open a pcap file and do some analysis. Let us look at finding sessions where the client sent data but the server didn’t send any data in response. To make it easy I’ve included all the steps I took and, where appropriate, the code. Since the point is to illustrate how to use script language like Perl to do the job, the code is greatly simplified. For the convenience of reader, the complete code is listed at the end.

Via Dig pcap File For Fun and Productivity | BreakingPoint.

Extracting Data from Network Captures pcap with Perl

When I am analyzing network activity generated by malware, I am most interested in HTTP get/posts, the addresses the malware is communicating with, and the data that was actually sent or received.

via Extracting Data from Network Captures pcap with Perl « Mick’s Mix.

Chaosreader is a Perl script that takes a pcap file as its argument and will create communication summaries in a report format. It will also pull data from the tcp streams (within the pcap) and re-assemble the actual files.

Perl/Tk Tutorial – Create GUI with Perl’s Tk Module

In Unix/Linux you can execute your perl scripts by typing “perl <filename>” at command prompt. But before you do that make sure you have both Perl and its Tk module. Most linux distributions have perl – but quite a few don’t have the Tk module. Make sure that the system you are using have the Tk module. If you don’t have it, go to http://www.cpan.org and download the perl module. Or you can use the perl’s CPAN module to install the Tk module. To do this, open a terminal and enter the following command
perl -MCPAN -e shell
cpan> install Bundle::CPAN
cpan> reload cpan
cpan> install Tk

via Perl/Tk Tutorial – Create GUI with Perl’s Tk Module.

hype-free: Parsing pcap files with Perl

Recently I was reading the blogpost on the BrekingPoint labs log about parsing pcap files with Perl and I immediately said to myself: it is impossible that there isn’t a module on CPAN, because Perl is great. Turns out I was right, there is Net::TcpDumpLog which can be combined with the NetPacket family of modules to parse the higher level protocols. Because example code is rather sparse on the POD pages of the respective modules, here is a small example to illustrate their use:

via hype-free: Parsing pcap files with Perl.