Advanced Command Obfuscation

TheSinister418 · March 26, 2023, 12:47pm

Find the output of the following command using one of the techniques you learned in this section: find /usr/share/ | grep root | grep mysql | tail -n 1.

For this question I have encoded this command with base64 and included the decoding line within my payload but it just wont work, I do not get an invalid input but the output is just the result of the ping.

Any idea why my output is not showing? I have tried using $@ to seperate bash and base64 but I believe I do not need to as I am not getting an ‘invalid input’ shown.

TheSinister418 · March 26, 2023, 1:11pm

I just found the answer, I was going wrong with what the question was asking. I did not understand that when it says “find /usr/share/ | grep root | grep mysql | tail -n 1” it meant that find was also within this set of commands and not just meaning find.

Remember to include find when encoding this otherwise you will end up like me looking stupid here haha, I hope this helps anyone in the future who has the same problem I have had.

henryhillmx · March 30, 2023, 5:34am

thanks so much!!!

R-b3n · June 13, 2023, 11:08am

Hi there, just tried a few ways… once with reverse commands but without succeed now encoeded as per your post (with find) but without succeed:

ip=127.0.0.1%0abash<<<${base64%09-d<<<ZmluZCAvdXNyL3NoYXJlIHwgZ3JlcCByb290IHwgZ3JlcCBteXNxbCB8IHRhaWwgLW4gMQ==}

Decoded: find /usr/share | grep root | grep mysql | tail -n 1

What am I doing wrong? do you have a hint for me?

Risb · August 15, 2023, 12:57pm

Tente simplifiicar/reduzir o input. Fiz isso e consegui. Acho que o comando completo esta gerando algum erro.

Baudejas · November 7, 2023, 5:52am

Anyone having problems with the next section Evasion Tools? When I install bashfuscator and supply command it does not work?