Chapter 14. Script Obfuscation
Bash scripts are easily human readable, which is a feature of the language by design. Readability is a desirable attribute for most applications, but not so for penetration testing. In most cases, you do not want your target to be able to easily read or reverse engineer your tools when performing offensive operations. To counter that, you can use obfuscation.
Obfuscation is a suite of techniques used to make something purposely difficult to read or understand. There are three main methods for obfuscating scripts:
-
Obfuscate the syntax
-
Obfuscate the logic
-
Encode or encrypt
We look at each of these methods in detail in the sections that follow.
Commands in Use
We introduce base64 for data conversions and the eval command to execute arbitrary command statements.
base64
The base64 command is used to encode data using the Base64 format.
Tip
For additional information on Base64 encoding, see RFC 4648.
Common command options
- -d
-
Decode Base64-encoded data
Command example
To encode a string into Base64:
$ echo 'Rapid Cybersecurity Ops' | base64 UmFwaWQgQ3liZXJzZWN1cml0eSBPcHMK
To decode from Base64:
$ echo 'UmFwaWQgQ3liZXJzZWN1cml0eSBPcHMK' | base64 -d Rapid Cybersecurity Ops
eval
The eval command executes the arguments given to it in the context of the current shell. For example, you can provide shell commands and arguments in the format of a string to eval, and it will execute it as if it were a shell command. This is particularly useful ...
Get Cybersecurity Ops with bash now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
