Linuxshell加密解密⽅法(gzexe、shc)
⼀、系统⾃带gzexe
gzexe⽆需安装任何软件,是linux⾃带的功能,只需要执⾏命令即可,我们可以利⽤wget将⽂件放在root⽬录下,也可以通过sftp放在root⽬录,也可以直接利⽤cd命令选择任意⽬录
加密⽅法
假如说我们当前⽬录下有个脚本名字叫test.sh
那我们就执⾏下⾯的⽅法进⾏加密
gzexe test.sh
此时在⽬录下就会产⽣⼀个test.sh~⽂件,改⽂件是源⽂件,test.sh是加密后的⽂件
(注意:执⾏加密的⽂件跟执⾏源⽂件没有区别)
解密⽅法
假如说我们这个脚本名字叫test.sh
那我们就执⾏如下命令进⾏解密
gzexe -d test.sh
同上,在⽬录下就会产⽣⼀个test.sh~⽂件,改⽂件是源⽂件,test.sh是加密后的⽂件
⼆、shc加密软件
shc是linux的⼀款加密脚本的插件,东西⽐较安全,shc官⽹:www.datsi.fi.upm.es/%7Efrosal/
安装⽅法
执⾏如下脚本安装shc
wget www.datsi.fi.upm.es/%7Efrosal/sources/shc-3.
tar vxf shc-3.
cd shc-3.8.9
mkdir -p /usr/local/man/man1
make install
如果不执⾏mkdir -p /usr/local/man/man1将会报如下错误
*** Installing shc and shc.1 on /usr/local *** ?Do you want to continue? y install -c -s shc /usr/local/bin/ install -c -m 644 shc.1 /usr/local/man/man1/ install: target `/usr/local/man/man1/’ is not a directory: No such file or directory make: *** [install] Error 1
shc常⽤参数:
-e date (指定过期⽇期)
-m message (指定过期提⽰的信息)
-f script_name(指定要编译的shell的路径及⽂件名)
-r Relax security. (可以相同操作系统的不同系统中执⾏)
-v Verbose compilation(编译的详细情况)
加密⽅法
假如说我们这个脚本名字叫test.sh
那我们就执⾏如下命令进⾏加密
shc -v -f test.sh
-v 是现实加密过程
-f 后⾯跟需要加密的⽂件
abc.sh.x为加密后的⼆进制⽂件,赋予执⾏权限后,可直接执⾏。更改名字mv vpsps.sh.x vpspscom.sh
是c源⽂件。基本没⽤,可以删除
过期加密法
另shc还提供了⼀种设定有效执⾏期限的⽅法,过期时间,如:
# shc -e 14/09/2016 -m -f test.sh
选项“-e”指定过期时间,格式为“⽇/⽉/年”;选项“-m”指定过期后执⾏此Shell程序的提⽰信息。
如果在过期后执⾏,则会有如下提⽰:
# ./abc.sh.x
./abc.sh.x: has expired!(⽂件已经过期)
使⽤以上⽅法要注意,需防⽌⽤户更改系统时间,可以通过在程序中加⼊⾃动更新系统时间的命令来解决此问题。测试都已通过!解密⽅法
利⽤unshc来解密
⽹址:github/yanncam/UnSHc/
unshc使⽤⽅法
将unshc wget或者上传到任意⽬录
然后可执⾏如下命令查看帮助
./unshc.sh -h
执⾏下⾯的命令进⾏解密(此过程可能耗时有点长,需耐⼼等待)
./unshc.sh script.sh.x -o script_decrypted.sh
script.sh.x⽂件为经过加密的⼆进制⽂件 script_decrypted.sh⽂件为解密后shell脚本
可以将下⾯的代码保存成unshc.sh⽂件即可,给可执⾏权限后(chmod 777 unshc.sh),直接使⽤
#!/bin/bash
>>>####
# Author: Luiz Otavio Duarte a.k.a. (LOD)
#  11/03/08 - v0.1
# Updated: Yann CAM v0.2 - yann.cam@gmail | www.asafety.fr
#  06/27/13 - v0.2
#  -- Adding new objdump format (2.22) to retrieve data (especially on Ubuntu distribution)
#  -- Patch few regex with sorted address list
# Updated: Yann CAM v0.3 - yann.cam@gmail | www.asafety.fr
#  18/11/15 - v0.3
#  -- Adapt script for new architecture
#  -- Clean and optimize functions
#  -- Add an (unsigned long) cast in shc C source code
# Updated: Yann CAM v0.4 - yann.cam@gmail | www.asafety.fr
#  14/12/15 - v0.4
#  -- Comment specific return statement in C source
# Updated: Yann CAM v0.5 - yann.cam@gmail | www.asafety.fr
#  15/12/15 - v0.5
#  -- Patch extract arc4 function to keep the latest offset only
# Updated: Yann CAM v0.6 - yann.cam@gmail | www.asafety.fr
#  16/12/15 - v0.6
#  -- Add bash script options (getopts)
# Updated: Yann CAM v0.7 - yann.cam@gmail | www.asafety.fr
#  07/28/16 - v0.7
#  -- Add support of multiple ARC4 offsets auto-retrieved by script (iterate over each one), specialy for huge bash file encrypted
#  -- Force .sh extension to decrypted file, for initial file without extension (prevent rewrite of original file)
# Updated: Yann CAM v0.8 - yann.cam@gmail | www.asafety.fr
#  01/23/17 - v0.8
#  -- Adjust grep for retrieve PWD_SIZE in OBJDUMP to ignore movb instruction (github/
yanncam/UnSHc/issues/12)
>>>####
# Tested on :
#  Ubuntu 14.04.3 LTS x86_64
#    Linux server 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
#    Linux version 3.13.0-61-generic (buildd@lgw01-50) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC 2015
#
#  CentOS release 6.6 (Final) x86_64
#    Linux server 2.6.32-504.23.4.el6.x86_64 #1 SMP Tue Jun 9 20:57:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
#    Linux version 2.6.32-504.23.4.el6.x86_64 (mockbuild@c6b9.s.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC) ) #1 SMP Tue Jun #
#  Debian 7.8 i686
#    Linux server 3.2.0-4-686-pae #1 SMP Debian 3.2.68-1+deb7u2 i686 GNU/Linux
#    Linux version 3.2.0-4-686-pae (debian-kernel@) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.68-1+deb7u2
>>>####
VERSION="0.8"
OBJDUMP=`which objdump`
GREP=`which grep`
CUT=`which cut`
SHRED=`which shred`
UNIQ=`which uniq`
SORT=`which sort`
GCC=`which gcc`
WC=`which wc`
AWK=`which awk`
SED=`which sed`
TR=`which tr`
HEAD=`which head`
TAIL=`which tail`
BINARY=""
TMPBINARY=$(mktemp /tmp/XXXXXX)
DUMPFILE=""
STRINGFILE=""
CALLFILE=$(mktemp /tmp/XXXXXX)
CALLADDRFILE=$(mktemp /tmp/XXXXXX)
CALLSIZEFILE=$(mktemp /tmp/XXXXXX)
declare -A LISTOFCALL
# Variable to know the index of variables.
# This var is to loop on each 14 arc4() call with ordered args.
j=0
# Simple usage help / man
function usage(){
printf "[*] Usage : $0 [OPTIONS] <file.sh.x>\n"
printf "\t -h | --help                          : print this help message\n"
printf "\t -a OFFSET | --arc4 OFFSET            : specify the arc4() offset arbitrarily (without 0x prefix)\n"
printf "\t -d DUMPFILE | --dumpfile DUMPFILE    : provide an object dump file (objdump -D script.sh.x > DUMPFILE)\n"
printf "\t -s STRFILE | --stringfile STRFILE    : provide a string dump file (objdump -s script.sh.x > STRFILE)\n"
printf "\t -o OUTFILE | --outputfile OUTFILE    : indicate the output file name\n\n"
printf "[*] e.g : \n"
printf "\t$0 script.sh.x\n"
printf "\t$0 script.sh.x -o script_decrypted.sh\n"
printf "\t$0 script.sh.x -a 400f9b\n"
printf "\t$0 script.sh.x -d /tmp/dumpfile -s /tmp/strfile\n"
printf "\t$0 script.sh.x -a 400f9b -d /tmp/dumpfile -s /tmp/strfile -o script_decrypted.sh\n"
}
# Clean all temp file created for this script
function clean(){
$SHRED -zu -n 1 $DUMPFILE $CALLFILE $CALLADDRFILE $CALLSIZEFILE $STRINGFILE $TMPBINARY ${TMPBINARY}.c >/dev/null 2>&1 }
# Clean error exit function after cleaning temp file
function exit_error(){
clean
exit 1;
}
# Check the availability of basic commands usefull for this script
function check_binaries() {
if [ ! -x ${OBJDUMP} ]; then
echo "[-] Error, cannot execute or find objdump binary"
exit_error
fi
if [ ! -x ${GREP} ]; then
echo "[-] Error, cannot execute or find grep binary"
exit_error
fi
if [ ! -x ${CUT} ]; then
echo "[-] Error, cannot execute or find cut binary"
exit_error
fi
if [ ! -x ${SHRED} ]; then
echo "[-] Error, cannot execute or find shred binary"
exit_error
fi
if [ ! -x ${UNIQ} ]; then
echo "[-] Error, cannot execute or find uniq binary"
exit_error
fi
if [ ! -x ${SORT} ]; then
echo "[-] Error, cannot execute or find sort binary"
exit_error
fi
if [ ! -x ${GCC} ]; then
echo "[-] Error, cannot execute or find gcc binary"
exit_error
fi
if [ ! -x ${WC} ]; then
echo "[-] Error, cannot execute or find wc binary"
exit_error
fi
}
shell代码}
# Create dump files of encrypted script
function generate_dump() {
# DUMPFILE dump to retrive arc4 address, address and size of each arc4 arguments and pwd
$OBJDUMP -D $BINARY > "$DUMPFILE"
# STRINGFILE dump to retrieve pwd and arc4 argument
$OBJDUMP -s $BINARY > "$STRINGFILE"
}
# Find out the most called function. This function is arc4() and there are 14 calls.
# Update 27/06/2013 : Regexps updated to match new objdump format and retrieve the $CALLADDR from his number of call (bug initial with "sort")
# Update 16/11/2015 : Adding new architecture support
# Update 28/07/2016 : Adding multiple ARC4 offsets support (loop on each candidate)
function extract_arc4_call_addr(){
TAILNUMBER=$1
CALLADDRS=$($GREP -Eo "call.*[0-9a-f]{6,}" $DUMPFILE | $GREP -Eo "[0-9a-f]{6,}" | $SORT | $UNIQ -c | $SORT | $GREP -Eo "(14).*[0-9a-f]{6,}" | $GREP -Eo  TAILMAX=`wc -l <<< "$CALLADDRS"`
CALLADDR=$(echo $CALLADDRS | $SED "s/ /\n/g" | $TAIL -n $TAILNUMBER | $HEAD -n 1)
if [[ -z "$CALLADDR" || $TAILNUMBER -gt $TAILMAX ]]; then
echo "[-] Unable to define arc4() "
exit_error
fi
echo "[+] ARC4 address call candidate : [0x$CALLADDR]"
}
# Extract each args values of arc4 calls
function extract_variables_from_binary(){
echo "[*] Extracting each args address and size for the 14 arc4() calls with address [0x$CALLADDR]..."
# Initialize the number of line before CALLADDR to looking for addresses of args
i=2
# Retrieve ordered list of address var and put it to $CALLADDRFILE
while [[ $($WC -l < $CALLADDRFILE) -ne 14 ]]; do
$GREP -B $i "call.*$CALLADDR" $DUMPFILE | $GREP -v "$CALLADDR" | $GREP -Eo "(0x[0-9a-f]{6,})" > $CALLADDRFILE
i=$(($i + 1))
if [ $i -eq 10 ]; then
echo "[-] Unable to extract addresses of 14 arc4 args with ARC4 address call [0x$CALLADDR]..."
return;
fi
done
# Initialize the number of line before CALLADDR to looking for sizes of args
i=3
# Retrieve ordered list of size var and append it to $CALLSIZEFILE
while [[ $($WC -l < $CALLSIZEFILE) -ne 14 ]]; do
$GREP -B $i "call.*$CALLADDR" $DUMPFILE | $GREP -v "$CALLADDR" | $GREP -Eo "(0x[0-9a-f]+,)" | $GREP -Eo "(0x[0-9a-f]+)" | $GREP -Ev "0x[0-9                i=$(($i + 1))
if [ $i -eq 10 ]; then
echo "[-] Unable to extract sizes of 14 arc4 args with ARC4 address call [0x$CALLADDR]..."
return;
fi
done
# For each full address in $CALLADDRFILE and corresponding size in $CALLSIZEFILE
IFS=$'\n' read -d '' -r -a LISTOFADDR < $CALLADDRFILE
IFS=$'\n' read -d '' -r -a LISTOFSIZE < $CALLSIZEFILE
for (( x = 0; x < ${#LISTOFADDR[*]}; x = x+1 ))
do
i=${LISTOFADDR[$x]}
NBYTES=${LISTOFSIZE[$x]}
echo -e "\t[$x] Working with var address at offset [$i] ($NBYTES bytes)"
# Some diferences in assembly.
# We can have:
#  mov <adr>,%eax
#  push 0x<hex>
#  push %eax

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。

python蟒蛇编程代码
« 上一篇
redis 获取shell的方法
下一篇 »

发表评论