Can't exec cd at squid_extract_v01.pl

ETC Homework & Coursework Questions
1

Hi all!

I've got a quick question about extracting a file.

I'm working out of the book Network Forensics: Tracking Hackers through Cyberspace and I am stuck on a problem, or well not a problem but following the book and I'm getting an error. the book is asking me to use this command

for cache_file in `grep -lir 'sketchy\.evl\|evil\.evl 'squid`; do perl squid_extract_v01.pl -f $cache_file -o squid-extract-evl /; done

and I keep running into this error

Can't exec cd at squid_extract_v01.pl line 1.

when running

grep -lir 'sketchy\.evl\|evil.evl'
I do get a list of all the files

this is what is at the top of the perl script if it matters.
#! cd Ff -w use strict; use URI; use Getopt::Long;

1 Like
2

Hello,

It looks like the top of your Perl script has gotten mangled somehow. That first line is called a shebang line, and tells the system which shell or interpreter should be used to run the script. In your case, you some how have ended up with the command cd Ff at the start of this line. And so your shell literally thinks that this is a script that should be run through an external binary called cd. Now that's a shell builtin and doesn't exist (and even if it did who knows what it would do), and so that's why you're getting this error - the system canot find and exec a command called cd to run the rest of your script through.

I suspect the first few lines of your script should look like this, instead:

#!/usr/bin/perl -w
use strict;
use URI;
use Getopt::Long;

But to be honest, if the first part of your script has gotten that badly mangled, it makes me wonder about the rest of it too - so don't be surprised if you get further errors. But anyway, give that a try and see how you get on.

3

Yeah I really couldn't figure out what that cd Ff part was trying to do, the script was already installed with the Virtual machine we are using, and all my professor said was to "enter the command with my system in the same file area as the program"

when I tried his idea, I kept getting the same error as before, I've got a feeling it has something to do with the script as a whole.

When I tried out your solution I got more errors that say things like
"Can't Locate URI.pm in @INC (@INC contains: /usr/lib64perl5 /usr.share.perl5.) at squid_extract_v01.pl line 3"

So I added "perl -I" to the command with the location of the file and now Its giving me this cluster of an issue

"Unrecognized chacter \x03; marked by <-- HERE after <-- HERE near column 1 at squid/00/05/0000058A line 1"

here is the script from the book below

#! cd Ff -w

use strict;

use URI;

use Getopt::Long;



# by Alan Tu

# June 19, 2009

## This program is free software; you can redistribute it and/or

## modify it under the terms of the GNU General Public License

## as published by the Free Software Foundation; either version 3

## of the License, or any later version.

##

## This program is free software: you can redistribute it and/or modify

## it under the terms of the GNU General Public License as published by

## the Free Software Foundation, either version 3 of the License, or

## any later version.

##

## This program is distributed in the hope that it will be useful,

## but WITHOUT ANY WARRANTY; without even the implied warranty of

## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

## GNU General Public License for more details.

##

## You should have received a copy of the GNU General Public License

## along with this program.  If not, see <http://www.gnu.org/licenses/>.



## Humbly added to, but not necessarily improved, by George Bakos

## June 10, 2010



## Modified by Rick Smith to allow extracting all files the entire squid cache 

## directory or a single file.

## 17 December 2010



our $version_string = 'Version: v0.1   20101217';







# # #

## Command line options processing

# # #



sub init()

{

	our %opt;

	our $verbose = 1;

	our $debug = 1;

	

	GetOptions(\%opt, 	

			"help", 				# Print the help/usage message

			"path=s",			# a cofiguration file (may contain all other input required)

			"file=s",				# A single file is passed.

			"output=s",				# the base file name with no extension for the output files created

			"verbose",				#

			"debug")				#

					or usage();		# Print the help/usage message if the options are correct.

					

	usage() if $opt{help};	## They asked for the help/usage message

	

	if ( !( (defined $opt{path}) || (defined $opt{file}) ) ) {

		print STDERR "Not enough options received...\n";

		usage()

	};



	if ( defined $opt{verbose} ) {

	#	use Smart::Comments;

		 $verbose = 0;

	};



	if ( defined $opt{debug} )  {

	#	use Smart::Comments '###', '####';

		$debug = 0;

	};



}



## # #

## Message about this program and how to use it

## # #



sub usage()

{

	print STDERR << "EOF";



usage: $0 [-h] [-i <file>] [[-p <path>]|[-f <file>]]



-h                       : this helpful(?) message (totally optional)

-f <file>                : the path to a single squid cache file

-p <path to cache>       : the path to a squid cache directory

-o <output directory>    : the path to the output directory for output files created 

                           (Optional, Default: /tmp/squidsnarf)



($version_string)

EOF

exit;

}



## # # # # # # # # # # # # # #

## Main

## # #



## # #

## Get the command line options.

## # #

use vars qw/ %opt /;

init();



# Global variables

our $debug;

our $verbose;



## # #

##  Process the options passed to the script.

## # #



# check for specified outdir

my $odir = "/tmp/squidsnarf";

if (defined $opt{output}) {

	$odir = $opt{output};

};



# check for a specified squid cache file

my $in_file = "";

if (defined $opt{file}) {

	$in_file = $opt{file};

};



# check for a specified squid cache directory

my $in_dir = "";

if (defined $opt{path}) {

	$in_dir = $opt{path};

};



# open the extraction log file

if (defined ($odir)) {

	if (!(-d $odir)) {

		system("mkdir -p ${odir}");

	};

        open(LOGFILE, ">>$odir/extract_log.txt") or 

        	die "*** can't create extract lot: $odir//extract_log.txt\n$!";

};

print LOGFILE "####------odir: $odir\n" unless $debug;

print LOGFILE "####---in_file: $in_file\n" unless $debug;

print LOGFILE "####----in_dir: $in_dir\n\n" unless $debug;





## # #

##  Process the options passed to the script.

## # #



# Array of hex digits to create the directory names in squid cache.

my @dir_array = ("0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F");



# Process the files.

if (-f $in_file) {

proc_file($in_file)

}

elsif (-d $in_dir ) {

	foreach my $top (@dir_array) {

		foreach my $next1 (@dir_array) {

			foreach my $next2 (@dir_array) {

				my @files = <$in_dir/0$top/$next1$next2/*>;

				foreach my $file (@files) {

   					print LOGFILE "working file: $file\n";

   					proc_file($file);

 				}	 

			}

		}

	}

}

else {

usage();

};



## # #

##  Process each cache file and extract the embedded file.

## # #



sub proc_file 

{

	our $debug;

	our $verbose;

	my $infile = $_[0];

	open (INFILE, "$infile") or die "*** can't open: $in_file\n$!";

	binmode(INFILE);

	local $/ = undef; # suck in the whole file

	my $file = <INFILE>;

	

	# jump to the URL

	$file = substr($file, 0x3c);

	

	$file =~ m|^([^\00]+)[\?\00]| ;

	

	my $uri = $1;

	print LOGFILE "Extracting $uri\n\n";

	

	# pull path and name from url

	my $url = URI->new($uri);

	

	my $dname  = $url->host();

	my @pathbits = $url->path_segments();

	my $params = $url->query();

	my $path = $url->path();

	

	my $fname = "default";

	my $dpath = "";



	if (defined ($path)) {

		$path =~ m/(.*)\/(.*)$/;

		$dpath = $1;

		$fname = $2;

	};

	

	# clean some cruft out of the path and file name.

	$dpath =~ s/[^a-zA-z0-9\.\+\-\%\/]/\./g;

	$fname =~ s/[^a-zA-z0-9\.\+\-\%]/\./g;

	

	# print some debug info

	print LOGFILE "####----path: $path\n" unless $debug;

	print LOGFILE "####---dpath: $dpath\n" unless $debug;

	print LOGFILE "####---fname: $fname\n\n" unless ($debug or $verbose);

	

	if ( $fname eq "" ) { 

		$fname = "default";

	};

	

	# Set the final path for the extracted path

	my $final_path = $odir . "/" . $dname . "/" . $dpath;



	# create destination directory if needed

	print LOGFILE "###---final_path: $final_path \n\n" unless ($debug or $verbose);



	if ((-d "$odir/$dname/$dpath/$fname") ){ 

		$final_path = $final_path . "/dir";

		system("mkdir -p ${final_path}")

	}

	else {

		system("mkdir -p ${final_path}")

	};



	print LOGFILE "###---creating $final_path/$fname\n\n" unless $debug;

	open(OFILE, ">$final_path/$fname") or die "*** can't create output file: $fname\n$!";

	binmode(OFILE);

	

	# open the parameter file, if needed, and appending the parameters

	if (defined ($params)) {

		print LOGFILE "###----params: $params \n" unless $debug;

		open(PFILE, ">>$final_path/parameters.txt") or die "*** can't create output: $final_path/parameters.txt\n$!";

		print PFILE $fname . ": " . $params . "\n";

	};

	

	# find the start of the first "CRLF CRLF"

	my $token = "\x0d\x0a\x0d\x0a";

	my $index = index($file, $token) + length($token);

	# then jump overperl

	$file = substr($file, $index);

	print OFILE $file; # print to destination file

};
4

Hello,

Well, all I can really say is that the script, as you've been provided it, is not written correctly. The first line will always produce that Can't exec cd error, or some variant thereof, on any *NIX-style operating system, because it instructs the system to try to run the script via a shell or interpreter called cd.

Based on the other errors you get after fixing the shebang line, it also sounds like your system either doesn't have the Perl modules it needs installed, or the search path for the modules isn't set correctly. Overall, I think you have a lot of problems here, and based on the description you provide, it doesn't seem like any of them are down to anything you yourself have done.

At this point, I think all you can do is go back to your professor, point out the problems with the script and the missing Perl modules, and see what they want to do about that. I'd guess the VMs just haven't been set up correctly, most likely.

1 Like
6

I will do that, I appreciate your time thank you!

7

No problem, happy to help. Let us know how you get on !

9

Hey @drifting_tofu

If you check the reference where that online class originates, you will see:

Screen Shot 2022-03-23 at 1.00.37 PM

So, you might consider downloading the original file and follow the instructions. You may be working with an (unauthorized) copy from the referenced on-line course:

Reference:

1 Like
10

To me, this:

looks like a shell for loop, so inserting the perl shebang might not help either. We might be dealing with two scripts: the shell script, and the squid_extract_v01.pl perl script.