How To Obsure / Obfusticate Bash Shell Scripts

I had a requirement to make a shell script obsured or obfusticated.

The first step is to get your bash script and wrap it in some python.

Let take the bash script as an example: (hello.sh)

#!/bin/bash
echo "Hello World"
echo "Hopefully nobody can see these strings of text"

Next modify hello.sh to look like: (hello.sh.py)

#!/usr/bin/python
import zlib, binascii
data = '''
#!/bin/bash
echo "Hello World"
echo "Hopefully nobody can see these strings of text"
'''

compData = zlib.compress(data)
hexData = binascii.hexlify(compData)
print (hexData)

Next execute: python hello.sh.py
You should get the following output:

789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb
790ba8414ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e9741
2b26bdd3bb0fc3a51d13

Copy that string and insert into another file, replacing the data section as per below: (temp.py)

#!/usr/bin/python
import os, sys, stat, zlib, subprocess, tempfile, binascii

data = '789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb790ba8414
ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e97412b26bdd3bb0fc3a51d13'

data = binascii.unhexlify(data)
tmpFile = tempfile.mkstemp()
tmpFile = tmpFile[1]
try:
        fd = os.open(tmpFile, os.O_CREAT|os.O_RDWR)
        f = os.fdopen(fd, 'w')
        f.write(zlib.decompress(data))
        f.write('n')
        f.close()

        os.chmod(tmpFile, 0700) 
        #os.chmod(tmpFile, stat.S_IEXEC) 
        subprocess.Popen(["/bin/bash", tmpFile]).wait()
finally:
        os.remove(tmpFile)

Save that file and load your python interpretor and type the following:

$ python
Python 2.7.3 (default, Jul 24 2012, 10:05:38) 
[GCC 4.7.0 20120507 (Red Hat 4.7.0-5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import py_compile
>>> py_compile.compile("temp.py")
>>> exit() 

Now cat the .pyc that got created through base64

cat temp.pyc | base64

A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA
ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA
ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA
AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB
ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA
ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk
ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi
NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh
OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK
acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli
dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu
aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA
T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF
AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA
ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB
HAESARYBDQEKAhACHQI=

Copy that block of data into the following production ready script: (final-product.sh)

#!/bin/bash

DECODED=`mktemp`

cat << EOF | base64 -d > $DECODED
A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA
ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA
ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA
AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB
ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA
ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk
ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi
NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh
OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK
acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli
dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu
aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA
T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF
AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA
ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB
HAESARYBDQEKAhACHQI=
EOF

python $DECODED
rm $DECODED

Now run ./final-product.sh

Hello World
Hopefully nobody can see these strings of text

Hopefully you can make this useful with your own script! –Cam

Or just use SHC http://www.thegeekst … t-bash-shell-script/

pam_usb on Fedora 17

Apart from this package being rather old, it still works.
You need to install libxml2-devel dbus-devel and pmount

 yum install libxml2-devel dbus-devel pmount 

After the make and make install
Run:

pamusb-conf --add-device MyDevice 

Where you might receive the error:

 Unable to read /etc/pamusb.conf: not well-formed (invalid token): line 43, column 52 

The easiest fix is to delete the whole following example section from /etc/pamusb.conf

                <!-- Example:
                        Authenticate user scox using "MyDevice", and configure pamusb-agent
                        to automatically start/stop gnome-screensaver on key insertion and
                        removal:
                        <user id="scox">
                                <device>MyDevice</device>
                                <option name="quiet">true</option>
                                <agent event="lock">gnome-screensaver-command --lock</agent>
                                <agent event="unlock">gnome-screensaver-command --deactivate</agent>
                        </user>

                        Configure user root to authenticate using MyDevice, but update one
                        time pads at every login (default is 1 hour):
                        <user id="root">
                                <device>MyDevice</device>
                                <option name="pad_expiration">0</option>
                        </user>
                -->

That’s a good boy / girl delete the whole section as above.
Excellent after the rest of your progress you may notice on 64bit builds that it doesn’t work that’s because the build doesn’t care for 64 bit installs so move the pam module into the correct directory:

 mv /lib/security/pam_usb.so /lib64/security/pam_usb.so 

Follow the rest of the instructions and you should be good to go!

How to move flatpress to SSL

Apart from all the Virtual Hosting and SSL certificates, you have probably found that it keeps redirecting you to the HTTP version.
What you need to change is the defaults.php file.

Change:

define('BLOG_BASEURL', 'http://'.$_SERVER['HTTP_HOST']. BLOG_ROOT);

to:

define('BLOG_BASEURL', 'https://'.$_SERVER['HTTP_HOST']. BLOG_ROOT);

and that should do it!

Crack SHA512crypt ($6$) with John the Ripper with Native OpenMPI multi-threading

JtR now natively supports multi-threading through the OpenMPI interface. All the code is right there in the jumbo version of JtR all you need to do is install OpenMPI and un comment the lines of code in the makefile. Now you can crack SHA512crypt passwords with all cores.

Alright lets get started:

yum install openmpi
wget http://www.openwall.com/john/g/john-1.7.9-jumbo-6.tar.gz
tar -zxvf john-1.7.9-jumbo-6.tar.gz
cd john-1.7.9-jumbo-6/src

Now we need to edit Makefile and uncomment the ‘OpenMP’ lines.

vi Makefile

and uncomment the following line as per below:

OMPFLAGS =
# gcc with OpenMP
#OMPFLAGS = -fopenmp
OMPFLAGS = -fopenmp -msse2
# Sun Studio with OpenMP (set the OMP_NUM_THREADS env var at runtime)
#OMPFLAGS = -xopenmp
# icc with OpenMP (for make target linux-x86-64-icc)
#ICCOMPFLAGS = -openmp

now compile and run as per normal noticing that you now have 100% cpu usage!

Delete certain messages from Postfix Queue

Ever had some alerting software spam your production mail queue with 1000’s of alerts?
And you dont want to delete every message individually…

Here is the solution to delete all messages destined for user@example.com:

mailq | tail -n +2 | grep -v '^ *(' | 
gawk 'BEGIN {RS = ""} /user@example.com/ {print $1}' | 
tr -d '*!' | postsuper -d - 

Thanks to http://www.keithscode.com for that one!