How To Obsure / Obfusticate Bash Shell Scripts
I had a requirement to make a shell script obsured or obfusticated.
The first step is to get your bash script and wrap it in some python.
Let take the bash script as an example: (hello.sh)
#!/bin/bash echo "Hello World" echo "Hopefully nobody can see these strings of text"
Next modify hello.sh to look like: (hello.sh.py)
#!/usr/bin/python import zlib, binascii data = ''' #!/bin/bash echo "Hello World" echo "Hopefully nobody can see these strings of text" ''' compData = zlib.compress(data) hexData = binascii.hexlify(compData) print (hexData)
Next execute: python hello.sh.py
You should get the following output:
789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb 790ba8414ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e9741 2b26bdd3bb0fc3a51d13
Copy that string and insert into another file, replacing the data section as per below: (temp.py)
#!/usr/bin/python
import os, sys, stat, zlib, subprocess, tempfile, binascii
data = '789c35c8cd0d80200c06d03b537ce200ace1069ef92942d2b4866222db7bf21d9fdbb790ba8414
ad39ca4de10f62569c3ab8f8bff4a6fa302f88262d0b390a8c08b391116c8e2e97412b26bdd3bb0fc3a51d13'
data = binascii.unhexlify(data)
tmpFile = tempfile.mkstemp()
tmpFile = tmpFile[1]
try:
fd = os.open(tmpFile, os.O_CREAT|os.O_RDWR)
f = os.fdopen(fd, 'w')
f.write(zlib.decompress(data))
f.write('n')
f.close()
os.chmod(tmpFile, 0700)
#os.chmod(tmpFile, stat.S_IEXEC)
subprocess.Popen(["/bin/bash", tmpFile]).wait()
finally:
os.remove(tmpFile)
Save that file and load your python interpretor and type the following:
$ python
Python 2.7.3 (default, Jul 24 2012, 10:05:38)
[GCC 4.7.0 20120507 (Red Hat 4.7.0-5)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import py_compile
>>> py_compile.compile("temp.py")
>>> exit()
Now cat the .pyc that got created through base64
cat temp.pyc | base64 A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB HAESARYBDQEKAhACHQI=
Copy that block of data into the following production ready script: (final-product.sh)
#!/bin/bash DECODED=`mktemp` cat << EOF | base64 -d > $DECODED A/MNCgDqv1BjAAAAAAAAAAAFAAAAQAAAAHMcAQAAZAAAZAEAbAAAWgAAZAAAZAEAbAEAWgEAZAAA ZAEAbAIAWgIAZAAAZAEAbAMAWgMAZAAAZAEAbAQAWgQAZAAAZAEAbAUAWgUAZAAAZAEAbAYAWgYA ZAIAWgcAZQYAaggAZQcAgwEAWgcAZQUAagkAgwAAWgoAZQoAZAMAGVoKAHqIAGUAAGoLAGUKAGUA AGoMAGUAAGoNAEKDAgBaDgBlAABqDwBlDgBkBACDAgBaEABlEABqEQBlAwBqEgBlBwCDAQCDAQAB ZRAAahEAZAUAgwEAAWUQAGoTAIMAAAFlAABqFABlCgBkBgCDAgABZQQAahUAZAcAZQoAZwIAgwEA ahYAgwAAAVdkAQBlAABqFwBlCgCDAQABWGQBAFMoCAAAAGn/////TnSmAAAANzg5YzM1YzhjZDBk ODAyMDBjMDZkMDNiNTM3Y2UyMDBhY2UxMDY5ZWY5Mjk0MmQyYjQ4NjYyMjJkYjdiZjIxZDlmZGJi NzkwYmE4NDE0YWQzOWNhNGRlMTBmNjI1NjljM2FiOGY4YmZmNGE2ZmEzMDJmODgyNjJkMGIzOTBh OGMwOGIzOTExMTZjOGUyZTk3NDEyYjI2YmRkM2JiMGZjM2E1MWQxM2kBAAAAdAEAAAB3cwEAAAAK acABAABzCQAAAC9iaW4vYmFzaCgYAAAAdAIAAABvc3QDAAAAc3lzdAQAAABzdGF0dAQAAAB6bGli dAoAAABzdWJwcm9jZXNzdAgAAAB0ZW1wZmlsZXQIAAAAYmluYXNjaWl0BAAAAGRhdGF0CQAAAHVu aGV4bGlmeXQHAAAAbWtzdGVtcHQHAAAAdG1wRmlsZXQEAAAAb3BlbnQHAAAAT19DUkVBVHQGAAAA T19SRFdSdAIAAABmZHQGAAAAZmRvcGVudAEAAABmdAUAAAB3cml0ZXQKAAAAZGVjb21wcmVzc3QF AAAAY2xvc2V0BQAAAGNobW9kdAUAAABQb3BlbnQEAAAAd2FpdHQGAAAAcmVtb3ZlKAAAAAAoAAAA ACgAAAAAcwwAAABiYXNoLXRlbXAucHl0CAAAADxtb2R1bGU+AgAAAHMaAAAAVAIGAg8BDAEKAQMB HAESARYBDQEKAhACHQI= EOF python $DECODED rm $DECODED
Now run ./final-product.sh
Hello World Hopefully nobody can see these strings of text
Hopefully you can make this useful with your own script! –Cam
Or just use SHC http://www.thegeekst … t-bash-shell-script/
pam_usb on Fedora 17
Apart from this package being rather old, it still works.
You need to install libxml2-devel dbus-devel and pmount
yum install libxml2-devel dbus-devel pmount
After the make and make install
Run:
pamusb-conf --add-device MyDevice
Where you might receive the error:
Unable to read /etc/pamusb.conf: not well-formed (invalid token): line 43, column 52
The easiest fix is to delete the whole following example section from /etc/pamusb.conf
<!-- Example: Authenticate user scox using "MyDevice", and configure pamusb-agent to automatically start/stop gnome-screensaver on key insertion and removal: <user id="scox"> <device>MyDevice</device> <option name="quiet">true</option> <agent event="lock">gnome-screensaver-command --lock</agent> <agent event="unlock">gnome-screensaver-command --deactivate</agent> </user> Configure user root to authenticate using MyDevice, but update one time pads at every login (default is 1 hour): <user id="root"> <device>MyDevice</device> <option name="pad_expiration">0</option> </user> -->
That’s a good boy / girl delete the whole section as above.
Excellent after the rest of your progress you may notice on 64bit builds that it doesn’t work that’s because the build doesn’t care for 64 bit installs so move the pam module into the correct directory:
mv /lib/security/pam_usb.so /lib64/security/pam_usb.so
Follow the rest of the instructions and you should be good to go!
Windows Server 2008 Restore fails with error 0×80042406
When trying to restore a Windows Server 2008 R2 backup from disk it failed immediately with error 0×80042406
The solution was to hit Shift-F10 and bring up the command prompt, from there type:
diskpart
list all the disks on the machine and find your target disk:
list disk
Select our destination in this scenario is disk 0 (Yours may be different)
select disk 0
Now we wipe all partition information and filesystem tables on the disk we selected above (destructive!)
clean all
Now try your restore again!
Grep with Powershell
where {$_ -match “SomeString”}
Or Inverse match (grep -v)
where {$_ -notmatch “SomeString”}
Powershell command to check Send-As Permissions
Find all users who have Full Access to the mailbox of others:
Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | ? {($_.AccessRights -match "FullAccess") -and
not ($_.User -like "NT AUTHORITYSELF")} | ft Identity, User
Finding all users who have Send-As :
Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and -not
($_.User -like "nt authorityself")} | ft Identity, User -auto
Finding all users who have Send-As (Restricted to an OU):
Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and
($_.Identity -like "*/SomeOU/Users/*") -and -not ($_.User -like "nt authorityself")} | ft Identity, User -auto
Find out who a particular user can Send-As:
Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and -not
($_.User -like "nt authorityself") -and ($_.User -like "DOMAINUsernameUwantToFind")} | ft Identity, User -auto