Fucky new year!
Sorry for the mate in the title, this is a hint of entertainment, the beginning of which was given by the language "Brainfack" - to write in any language code that performs something reasonable, without using letters and numbers. We have already seen JSFuck , PHPFuck , now I want to introduce you to Bashfuck :
To run, you need the "Bash" of the fourth version. The script does not do anything malicious;boldly run from under the “root” , it will simply print “Happy new year”. The source must be copied to a file and run.
Now a little about the principle of work.
“Bash”, fortunately, is rich in various zakoryuki, but the names of variables, under the conditions of our limitations, can consist only of a different number of underscores, they are clearly visible in the code - in them I collect the necessary sequences of letters. Where do the letters themselves come from?
')
Oh, here I had to break my head!
In order to start receiving letters in industrial quantities, I first need to get the name of the base64 command in some variable — passing all nonsense to it as input, you can get the entire alphabet at the output.
I took the first three letters from the command interpreter name (“ bash ”, since the path to it is passed to the input in the $ _ variable), and the fourth from the name of a special file that is used if a program cannot receive data on the standard input . The file name always starts with “ / dev / fd ”, hence the missing “ e ”.
Numbers get easier.
First, “bash” (like many shells) allows you to measure the length of a variable through the “$ {# name}” construction (for example, getting a unit is simpler than simple — it's just the length of the return code variable value of the previous command, since I have always zero, its length is always one).
Secondly, the construction of $ ((...)) allows you to make calculations, combining the lengths of different variables with operations, I get the missing numbers. There are a lot of operations, which gives quite a lot of freedom. From the exotic I once had to use the operation of changing the calculus system - the grid.
After I received the base64 command, substituting the data I have for the input (sometimes through a call chain), I can extract the remaining letters from the returned trash. I bite them with the help of the operation of deleting characters or highlighting a substring - these operations in the "shellahs" are also done with the "zagoryukami."
Toward the end, new operations with variables in the fourth “bash” come in handy - there you can now change the case of the letter, without this it would have been much harder.
So at the end we get the command “ cat <<< 'Happy new year' ' , which I launch. Why not " echo " or " printf "? They are simply longer - each extra letter is a hassle with variables and operations.
Happy new year!
__=${_##*/};____=<(:);___=${__#???};_____=$((${#___}<<${#___})) __=${__::-${#___}}${____:$_____:${#___}} __=$__$((${#__}|$_____))$((${#__}));___=$___${__:${#___}:${#___}};____=$($__<<<$_____|$__) _____=${____:$((${#__}-${#___})):${#?}};___=$___$_____$_____;____=$($__<<<$____|$__|$__) ___=$___${____:$((${#?}+${#__})):${#?}};___=$___' '${____:$((${#___}+${#___})):${#?}} ___=$___${__:$((${#____}/${#___}-${#?})):${#?}};___=$___${____:$((${#____}#$_____-${#___})):${#?}} ___=$___\ ${____:$((${#__}+${#?})):${#?}}${__:$((${#__}>>${#?})):${#?}}${__:${#_____}:${#?}} ___=$___${____:$((${#___}-${#?}-${#?})):${#?}};___=${___,,} ____=${____:$((${#___}+${#__}-${#?})):$((${#?}+${#?}))} ____=${____::${#?}}${__:${#_____}:${#?}}${____:${#?}};${____,,}<<<${___^} To run, you need the "Bash" of the fourth version. The script does not do anything malicious;
Now a little about the principle of work.
“Bash”, fortunately, is rich in various zakoryuki, but the names of variables, under the conditions of our limitations, can consist only of a different number of underscores, they are clearly visible in the code - in them I collect the necessary sequences of letters. Where do the letters themselves come from?
')
Oh, here I had to break my head!
In order to start receiving letters in industrial quantities, I first need to get the name of the base64 command in some variable — passing all nonsense to it as input, you can get the entire alphabet at the output.
I took the first three letters from the command interpreter name (“ bash ”, since the path to it is passed to the input in the $ _ variable), and the fourth from the name of a special file that is used if a program cannot receive data on the standard input . The file name always starts with “ / dev / fd ”, hence the missing “ e ”.
Numbers get easier.
First, “bash” (like many shells) allows you to measure the length of a variable through the “$ {# name}” construction (for example, getting a unit is simpler than simple — it's just the length of the return code variable value of the previous command, since I have always zero, its length is always one).
Secondly, the construction of $ ((...)) allows you to make calculations, combining the lengths of different variables with operations, I get the missing numbers. There are a lot of operations, which gives quite a lot of freedom. From the exotic I once had to use the operation of changing the calculus system - the grid.
After I received the base64 command, substituting the data I have for the input (sometimes through a call chain), I can extract the remaining letters from the returned trash. I bite them with the help of the operation of deleting characters or highlighting a substring - these operations in the "shellahs" are also done with the "zagoryukami."
Toward the end, new operations with variables in the fourth “bash” come in handy - there you can now change the case of the letter, without this it would have been much harder.
So at the end we get the command “ cat <<< 'Happy new year' ' , which I launch. Why not " echo " or " printf "? They are simply longer - each extra letter is a hassle with variables and operations.
Happy new year!
Source: https://habr.com/ru/post/247161/
All Articles