How To Obsure / Obfusticate Bash Shell Scripts
I had a requirement to make a shell script obsured or obfusticated.
The first step is to get your bash script and wrap it in some python.
Let take the bash script as an example: (hello.sh)
#!/bin/bash echo "Hello World" echo "Hopefully nobody can see these strings of text"
Next modify hello.sh to look like: (hello.sh.py)
#!/usr/bin/python import zlib, binascii data = ''' #!/bin/bash echo "Hello World" echo "Hopefully nobody can see these strings of text" ''' compData = zlib.compress(data) hexData = binascii.hexlify(compData) print (hexData)
Next execute: python hello.sh.py
You should get the following output:
789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb 790ba8414ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e9741 2b26bdd3bb0fc3a51d13
Copy that string and insert into another file, replacing the data section as per below: (temp.py)
#!/usr/bin/python import os, sys, stat, zlib, subprocess, tempfile, binascii data = '789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb790ba8414 ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e97412b26bdd3bb0fc3a51d13' data = binascii.unhexlify(data) tmpFile = tempfile.mkstemp() tmpFile = tmpFile[1] try: fd = os.open(tmpFile, os.O_CREAT|os.O_RDWR) f = os.fdopen(fd, 'w') f.write(zlib.decompress(data)) f.write('n') f.close() os.chmod(tmpFile, 0700) #os.chmod(tmpFile, stat.S_IEXEC) subprocess.Popen(["/bin/bash", tmpFile]).wait() finally: os.remove(tmpFile)
Save that file and load your python interpretor and type the following:
$ python Python 2.7.3 (default, Jul 24 2012, 10:05:38) [GCC 4.7.0 20120507 (Red Hat 4.7.0-5)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import py_compile >>> py_compile.compile("temp.py") >>> exit()
Now cat the .pyc that got created through base64
cat temp.pyc | base64 A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB HAESARYBDQEKAhACHQI=
Copy that block of data into the following production ready script: (final-product.sh)
#!/bin/bash DECODED=`mktemp` cat << EOF | base64 -d > $DECODED A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB HAESARYBDQEKAhACHQI= EOF python $DECODED rm $DECODED
Now run ./final-product.sh
Hello World Hopefully nobody can see these strings of text
Hopefully you can make this useful with your own script! –Cam
Or just use SHC http://www.thegeekst … t-bash-shell-script/