Friday, May 2, 2008

Perl Script To Do Lame Encryption With Octal Dump On Linux Or Unix

Hey There,

A post ago, we took a look at using od on Linux or Unix. Hopefully, it made the use of that cryptic command somewhat more accessible.

Today, I thought we'd take a look at using the "od" command for a less practical purpose. Much like crypt (and a much older post we did on using simple encryption and decryption using Perl's pack and unpack functions), the quick-and-dirty Perl script we're putting out today is a pretty good way to keep people who don't know what they're reading from rifling through your stuff ;)

The script is simple enough, and only takes two arguments. You can either instruct it to convert a file from ASCII to octal, like so:

host # ./octala.pl -o shell.pl

or the opposite ( octal to ASCII conversion ):

host # ./octala.pl -a shell.pl.od <--- Assuming you're just running this script and accepting the default extension we popped on the end (BTW, by default, this line of code will add an ".as" extension to your file. The original is never destroyed. But that can be easily fixed by adding a line of code if you like. ...just don't forget to back up any file you might need!)

Below is a simple demonstration of the script in action, followed by the real deal. Note that we only substitute four characters that aren't "representable" (SPC = a space, HT = a tab, LF = a line feed, CR = a carriage return -- actually the CR and LF are both replaced with a new-line).

Here's to people not knowing what you're up to ;)

Cheers,

Ex:

host # cat shell.pl
<--- This script is one of our old ones with some lines chopped off, so it probably won't run :)

#!/usr/bin/perl

if ( $port =~ /\D/) {
$port = getservbyname($port, $protocol) || die "getservbyname ${port}/$protocol\n";;
}
$inet_address = inet_aton($host) || die "inet_aton: ${host}\n";
$port_address = sockaddr_in($port, $inet_address);
$protocol_num = getprotobyname('$protocol');

while (1) {
$shell_shock=accept(NEWSOCKET, SOCKET)|| die "accept $!\n";
dup2(STDERR,2);
system("/bin/sh -i");
close($shell_shock);
}
exit;


host # ./octala -o shell.pl <--- Here we convert the file to octal, and strip out the offset field.

host # cat shell.pl.od
043 041 057 165 163 162 057 142 151 156 057 160 145 162 154 012
012 151 146 040 050 040 044 160 157 162 164 040 075 176 040 057
134 104 057 051 011 173 012 011 044 160 157 162 164 040 075 040
147 145 164 163 145 162 166 142 171 156 141 155 145 050 044 160
157 162 164 054 040 044 160 162 157 164 157 143 157 154 051 040
174 174 040 144 151 145 040 042 147 145 164 163 145 162 166 142
171 156 141 155 145 040 044 173 160 157 162 164 175 057 044 160
162 157 164 157 143 157 154 134 156 042 073 073 012 175 012 044
151 156 145 164 137 141 144 144 162 145 163 163 040 075 040 151
156 145 164 137 141 164 157 156 050 044 150 157 163 164 051 040
174 174 040 144 151 145 040 042 151 156 145 164 137 141 164 157
156 072 040 044 173 150 157 163 164 175 134 156 042 073 012 044
160 157 162 164 137 141 144 144 162 145 163 163 040 075 040 163
157 143 153 141 144 144 162 137 151 156 050 044 160 157 162 164
054 040 044 151 156 145 164 137 141 144 144 162 145 163 163 051
073 012 044 160 162 157 164 157 143 157 154 137 156 165 155 040
075 040 147 145 164 160 162 157 164 157 142 171 156 141 155 145
050 047 044 160 162 157 164 157 143 157 154 047 051 073 012 012
167 150 151 154 145 040 050 061 051 011 173 012 011 044 163 150
145 154 154 137 163 150 157 143 153 075 141 143 143 145 160 164
050 116 105 127 123 117 103 113 105 124 054 040 123 117 103 113
105 124 051 174 174 040 144 151 145 040 042 141 143 143 145 160
164 040 044 041 134 156 042 073 012 011 144 165 160 062 050 123
124 104 105 122 122 054 062 051 073 012 011 163 171 163 164 145
155 050 042 057 142 151 156 057 163 150 040 055 151 042 051 073
012 011 143 154 157 163 145 050 044 163 150 145 154 154 137 163
150 157 143 153 051 073 012 175 012 145 170 151 164 073 012

host # ./octala -a shell.pl.od
<--- and here we take that octal file and translate it back to ASCII

host # cat shell.pl.od.as
#!/usr/bin/perl

if ( $port =~ /\D/) {
$port = getservbyname($port, $protocol) || die "getservbyname ${port}/$protocol\n";;
}
$inet_address = inet_aton($host) || die "inet_aton: ${host}\n";
$port_address = sockaddr_in($port, $inet_address);
$protocol_num = getprotobyname('$protocol');

while (1) {
$shell_shock=accept(NEWSOCKET, SOCKET)|| die "accept $!\n";
dup2(STDERR,2);
system("/bin/sh -i");
close($shell_shock);
}
exit;


host # diff shell.pl shell.pl.od.as <--- Cool - They're exactly the same :)


Creative Commons License


This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

#!/usr/bin/perl

#
# octala.pl - convert files from octal to ASCII or reverse
# Usage: octala [-o|-a] input_file
#
# 2008 - Mike Golvach - eggi@comcast.net
#
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#

if ( $#ARGV != 1 ) {
print "Usage: $0 [-o|-a] input_file\n";
exit(1);
}

$oct_or_asc = $ARGV[0];
$input_file = $ARGV[1];

if ( ! -f $ARGV[1] ) {
print "File $input_file can't be found! Over\n";
exit(2);
}

$tmp=$$;

%otoa = qw(000 NUL 001 SOH 002 STX 003 ETX 004 EOT 005 ENQ 006 ACK 007 BEL 010 BS 011 HT 012 LF 013 VT 014 FF 015 CR 016 SO 017 SI 020 DLE 021 DC1 022 DC2 023 DC3 024 DC4 025 NAK 026 SYN 027 ETB 030 CAN 031 EM 032 SUB 033 ESC 034 FS 035 GS 036 RS 037 US 040 SPC 041 ! 042 " 043 # 044 $ 045 % 046 & 047 ' 050 ( 051 ) 052 * 053 + 054 , 055 - 056 . 057 / 060 0 061 1 062 2 063 3 064 4 065 5 066 6 067 7 070 8 071 9 072 : 073 ; 074 < 075 = 076 > 077 ? 100 @ 101 A 102 B 103 C 104 D 105 E 106 F 107 G 110 H 111 I 112 J 113 K 114 L 115 M 116 N 117 O 120 P 121 Q 122 R 123 S 124 T 125 U 126 V 127 W 130 X 131 Y 132 Z 133 [ 134 \ 135 ] 136 ^ 137 _ 140 ` 141 a 142 b 143 c 144 d 145 e 146 f 147 g 150 h 151 i 152 j 153 k 154 l 155 m 156 n 157 o 160 p 161 q 162 r 163 s 164 t 165 u 166 v 167 w 170 x 171 y 172 z 173 { 174 | 175 } 176 ~ 177 DEL);

if ( $oct_or_asc eq "-o" ) {
system("od -b $input_file >odfile.$tmp");
open(TMPODFILE, "<odfile.$tmp");
@TMPODFILE = <TMPODFILE>;
close(TMPODFILE);

open(NEWODFILE, ">$input_file.od");
foreach $odline (@TMPODFILE) {
if ( $odline =~ /^\w+$/ ) {
next;
}
$odline =~ s/^\w+ //;
print NEWODFILE $odline;
}
close(NEWODFILE);
unlink("odfile.$tmp");
} elsif ( $oct_or_asc eq "-a" ) {
open(TMPASFILE, "<$input_file");
@TMPASFILE = <TMPASFILE>;
close(TMPASFILE);
open(NEWASFILE, ">$input_file.as");
foreach $asline (@TMPASFILE) {
@asline = split(" ", $asline);
foreach $aschunk (@asline) {
$fixedaschunk = $otoa{$aschunk};
$fixedaschunk =~ s/SPC/ /;
$fixedaschunk =~ s/HT/\t/;
$fixedaschunk =~ s/LF/\n/;
$fixedaschunk =~ s/CR/\n/;
print NEWASFILE $fixedaschunk;
}
}
close(NEWASFILE);
unlink("odfile.$tmp");
} else {
print "Unrecognized option: $oct_or_asc\n";
exit(3);
}


, Mike