Advanced Command Obfuscation

Find the output of the following command using one of the techniques you learned in this section: find /usr/share/ | grep root | grep mysql | tail -n 1.

For this question I have encoded this command with base64 and included the decoding line within my payload but it just wont work, I do not get an invalid input but the output is just the result of the ping.

image

Any idea why my output is not showing? I have tried using $@ to seperate bash and base64 but I believe I do not need to as I am not getting an ‘invalid input’ shown.

1 Like

I just found the answer, I was going wrong with what the question was asking. I did not understand that when it says “find /usr/share/ | grep root | grep mysql | tail -n 1” it meant that find was also within this set of commands and not just meaning find.

Remember to include find when encoding this otherwise you will end up like me looking stupid here haha, I hope this helps anyone in the future who has the same problem I have had.

2 Likes

thanks so much!!!

Hi there, just tried a few ways… once with reverse commands but without succeed now encoeded as per your post (with find) but without succeed:

ip=127.0.0.1%0abash<<<${base64%09-d<<<ZmluZCAvdXNyL3NoYXJlIHwgZ3JlcCByb290IHwgZ3JlcCBteXNxbCB8IHRhaWwgLW4gMQ==}

Decoded: find /usr/share | grep root | grep mysql | tail -n 1

What am I doing wrong? do you have a hint for me?

Tente simplifiicar/reduzir o input. Fiz isso e consegui. Acho que o comando completo esta gerando algum erro.

Anyone having problems with the next section Evasion Tools? When I install bashfuscator and supply command it does not work?

I have problem with the same module but not in the last question. I cannot figure out how to do the exercise:

$(a="WhOaMi";printf %s "${a,,}")
Exercise: Can you test the above command to see if it works on your Linux VM, and then try to avoid using filtered characters to get it working on the web application?

I cannot figure out how to solve it with a semicolon, I however did manage with a newline. I tried
ip=127.0.0.1%0a$(bash<<<"a='WhOami'{LS_COLORS:10:1}"'printf%09%25s%09"${a}"')
It works on my computer, but the server just returns the output of the ping command

I am having this issue as well. So far, I haven’t been able to get anything to run properly when created with bashfuscator.

Edit: the trick is to switch to bash before running bashfuscator.
It seems the tool assumes you’re already in bash (I spend most of my time in zsh)

After switching to bash before running it, I now have… probably 50% success with the generated payloads? Not too bad; definitely test them locally before trying them on a target!

One thing I see is that you are missing the $ character for your {LS_COLORS:10:1} parameter expansion.