[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Using Source within Binary Shell Scripts

From: Jason Hall
Subject: Using Source within Binary Shell Scripts
Date: Wed, 27 Mar 2019 10:40:01 -0400

I was provided a shell script that is self decrypting, self unzipping,
and checks if the file has been tampered with using an encrypted MD5
sum.  The file uses the filename, command line parameters and some
trial data to create the encryption key in a shell variable which it
uses to decrypt an embedded encrypted zip file and execute the actual
code (which immediately deletes the unencrypted file after it

I managed to decrypt the file because the code write a hidden file to
/tmp before it deletes the unencrypted file and running chattr +a /tmp
keeps the file from being deleted after it executes.

The problem I'm having is that I can't run the command source
filename.sh because the file is "binary".  I cloned the source code
from git and modified three .c source files to let me execute source
filename.sh.  This allowed me to actually view the password (because
they don't clear the variables after execution) by typing in echo

The point is, their is a legitimate use for sourcing Binary Shell
Scripts and BASH as is, won't let you do this.  Maybe not allow it by
default but have a parameter to ignore the file check to see if it is

Jason Hall

reply via email to

[Prev in Thread] Current Thread [Next in Thread]