The Discordant Opposition Journal Issue 6 - File 8
:The Beauty of Perl:
cronus
For those of you who don't know what Perl is let me fill you in, its the Practical Extraction and Reporting Language. Its a nice programming/scripting language specifically designed to manipulate text and files. But more recent versions also contain socketing modules for more advanced programming. For those of you who do know what Perl is, you might be asking why is it so beautiful ? Or maybe you have already seen the light.
A little background, I work doing webdesign 9am to 5pm and I was, legitably, working on a website hosted on a Windows NT machine. The machine what hosted the site I was working on also hosted several dozen other domains.
I was coding a simple perl script to open up a blank file and create a guestbook entry. I was having difficulties because the script seemed unwilling to open a new file and write to it. I believed that problem was do to with the fact that it was a new file. After much brow-beating and even going onto IRC and asked around. A friend from EFnet was able to help. Cyph suggested that the problem was caused by trying to open a file on the machine with a URL. I tried to open the file like this;
$filename = "http://www.work.com/newfile";
open (FILE, ">$filename");
print FILE << "Did I create the file ?";
close (FILE);
This isn't an article that intends to teach Perl programming especially since I can barely code Perl. But the above code segment declared a filename with a URL, opened the file, printed text to the file and closed the file. But this won't work, but to open a file you need to give the absolute filepath. What I mean by that is not a URL like http://www.work.com/newfile but /htdocs/newfile. So I made the change.
But that still didn't work, it wasn't a UNIX system it just wanted to give that impression. The real pathname of the file was inclusive of the drive letter like e:\work.com\htdocs\newfile so I tried that;
# You have to put in \\ instead of \ to satisfy Perl
# Just trust me...
$filename = "e:\\work.com\\htdocs\\newfile";
open (FILE, ">$filename");
print FILE << "Did I create the file ?";
close (FILE);
Any now it worked, but the thought occured to me if I can edit a file by supplying its full pathname, then why can't I do anything I wanted to any file ? By using full Dos pathnames I could traverse the directories of the machines Harddrive and because NT doesn't have the same permissions system as UNIX I could [if I'd wanted to] edited any file I wanted.
I went on to use the Perl system() command to list whole directory contents and to type files. The system() command simply tells Perl to run the command within the brackets on the system. I had total run of the system with nothing more than a CGI enabled webspace.
The ethics of me being there on work, made me mail the machine's administrator and explain about what I'd found. I have heard of UNIX machines where they configure Perl to ignore certain commands such as the system command. With the system command on a UNIX machine I could have gotten a copy of the /etc/passwd file and cracked a password and gotten inside, but with a NT machine [which is what I was working on] it would have been simpler. Simply bind a shell to a port using NetCat or a similar tool.
I am a convert - maybe NT isn't so bad, but either way Perl is truly beautiful. Windows is what PC users are used to using, the poing and click interface is nice and simple to master. But Dos requires command line attention and requires a little more skill, but that coupled with a small knowledge of Perl gave me access to dozens of websites...
... intoxicated with the madness ...
cronus (at) iol (dot) ie
___________ ____ ____ __ __ ______
_/ ___\_ __ \/ _ \ / \| | \/ ___/
\ \___| | \( <_> ) | \ | /\___ \
\___ >__| \____/|___| /____//____ >
\/ \/ \/
http://www.sinnocence.com/fray
