Step 1: 准备bash脚本
$ cat test.sh
#!/bin/bash
set -euo pipefail
# prepare workdir
#WORK_DIR=/tmp
WORKDIR=$(mktemp -d)
# define the tasks that need to be done with the extracted content
do_work() {
cd "$WORKDIR"
# do anything with the extracted content
echo "DO WORK YOURSELF"
ls -l
}
# line number where payload starts
PAYLOAD_BEGIN_LINE=$(awk '/^__PAYLOAD_START_HERE__/ { print NR + 1; exit 0; }' "$0")
# extract the embedded tar file
tail -n +${PAYLOAD_BEGIN_LINE} "$0" | base64 -d | tar -zxpv -C "${WORKDIR}"
# perform actions with the extracted content
do_work
# cleanup workdir
rm -r "${WORKDIR}"
exit 0
# Here's the end of the script followed by the embedded file
# Using following command to append payload:
# $ tar -zcpvf payload.tgz ...
# $ base64 payload.tgz >> test.sh
# or
# $ tar -zcpv ... | base64 >> test.sh
__PAYLOAD_START_HERE__
Step 2: 修改脚本函数do_work内容
就是要做具体什么操作。
例如执行其中的命令:
do_work() {
cd "$WORKDIR"
# do anything with the extracted content
echo "DO WORK YOURSELF"
ls -l
./a.out
}
Step 3: 把二进制内容追加到bash脚本的末尾
$ tar -zcpvf payload.tgz ...
$ base64 payload.tgz >> test.sh
就OK了,然后你就可以运行./test.sh啦。
继续前面的例子:
$ cat test.c
#include <stdio.h>
int main(int argc, char * argv[]) {
printf("Hello World\n");
return 0;
}
$ tar -zcpvf payload.tgz a.out
a.out
$ base64 payload.tgz >> test.sh
也可把tar和base64合并成一行:
$ tar -zcpv a.out | base64 >> test.sh
网友评论