Discover and read the best of Twitter Threads about #obfuscation

Most recents (6)

Yes, we see a very similar story unfolding here and #EU . RIGHT @AC360 @maddow? Tell your viewers @guardian @latimes @washingtonpost @lauferlaw @peterdaou @CREWcrew tinyurl.com/yymqz2ko Najib’s downfall is as staggering as scale of #ICC #corruption he was accused of.
@AC360 @maddow @guardian @latimes @washingtonpost @lauferlaw @peterdaou @CREWcrew #EUROPOL and #Mueller are producing CASES everyday based on Full Legal Files of #MossackFonseca LAW FIRM of Global #InternationalCrimeCartel
SEE #OCCRP Website for daily postings TELL YOUR VIEWERS @maddow @MSNBC @AC360 TELL your Readers @latimes @guardian @BBCNews @BuzzFeedNews
Read 4 tweets
#linux #bash #obfuscation #technique #bashfuscation
padding commands with history expansion characters (#exclamation mark (!))
! ! ! ! echo this is test
(removed the previous tweet as I revealed too much info !)
#linux #bash #obfuscation #bashfuscation

using history expansion character -> !! (i.e. last command)

ca
!!t really

is equivalent to
cat really

(only 4 interactive shell)
#linux #bash #obfuscation #bashfuscation

padding commands with empty commands (: ;)

: -> true (do nothing)
; -> command separator

: : ; : ; cat really
! ! ! : : ; : ; cat really
Read 8 tweets
#linux #bash #path #obfuscation
goal: obfuscate /etc/passwd
1) #directorytraversal: /mnt/././../etc/././passwd
2) escape characher: /etc/.\/\/\/\/\/passwd /etc/.\/.\/.\/.\/passwd /\e\t\c/passwd
3) null character /et$'c/pa\u0000/notexist/path'sswd
....
#path #obfuscation using #symbolic #link
ln -s / anything
head -n 2 anything////../etc/passwd

ln -s ../../ wow
head -n 2 ././wow/../etc/passwd

* ../ after a sym link applies to the sym link not the current path
filename expansion #globbing

cat /et*/pa**wd

command expansion
$(echo /e)tc$(echo /pa*)wd

+ other string obfuscation techniques
Read 5 tweets
#linux #bash #obfuscation using shell parameter expansion:

alphabet=abcdefghijklmnopqrstuvwxyz
${alphabet:2:1}at really
${alphabet: -24:-23}at really
${alphabet: -24:1}at really
${alphabet:2:-23}at really

gnu.org/software/bash/…
similar #bat #windows (ss64.com/nt/syntax-subs…)
The goal is to obfuscate the following command:
cat really
in which, really is a file.
Using arithmetic (add, sub, mul, div, mod, and pow) for calculating index or lenght
${alphabet: 2:(-20-3)}at really
Read 6 tweets
#linux #bash #obfuscation using octal vals
$'\143\141\164' really

gnu.org/software/bash/…
"Words of the form $'string' are treated specially. The word expands to string, with backslash-escaped characters replaced as specified by the ANSI C standard."

Variations
$'\143'$'\141'$'\164' really
$'\143'''$'\141'''''''''''''$'\164' really
$'\143'''$'\141'''""''''""''$'\164' really

Explanation:
'' -> empty string
""-> empty string
'a''b' -> 'ab' (concatenation)

(deleted the previous one, as the picture had a problem)
To give you a headache

t=
$'\143'''$'\141'$t''"$t"''`$t`''$'\164' really
Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!