Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: perl2exe compiled perl

From: "Peter Parker" <peterparker () fastmail fm>
Date: Mon, 14 Jan 2008 08:12:48 -0800
Check exe2perl --
http://www.mail-archive.com/perl-win32-users () listserv activestate com/msg24466.html

These are truely not compilers -- just wrappers -- something like
zip2exe -- extract script and execute on the fly.

A shortcut hack that you may try -- change the perl interpreter program
to cat ;-) 


Cheers!


On Sat, 05 Jan 2008 22:25:47 +0200, "LordDoskias"
<lorddoskias () gmail com> said:

Hello and best wishes for the new year ;)


Now, I have a file compiled with perl2exe and I want to extract the 
original perl source code. A search with google, revealed that earlier 
versions of the aforementioned program used Bogocrypt(XOR) for 
"encrypting  the files, unfortunately newer version seem not to use XOR 
because using what is mentioned on 
http://www.net-security.org/vuln.php?id=2464 didn't work. Looking at 
http://web.archive.org/web/20030413002553/http://ddtm.simon-cozens.org/~simon/perl2exe 

I saw there were other 2 attack vectors - bytecode to plain text attack 
or the bytecode sitting in the interpreter's memory and therefore making 
it vulnerable to dumping and feeding it to B::Deparse

So I'm asking all the perl monks here is there an easier way and what it 
is. If not, can you give me some url explaining the process of dumping 
the memory and feeding it to B::Deparse. All other ideas are more than 
welcome.

Regards.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


-- 
  peter
  peterparker () fastmail fm

-- 
http://www.fastmail.fm - mmm... Fastmail...


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: