Recently I had remote access to a Linux terminal with an extremely limited command set and I wanted to place a full featured web shell on the box. My usual methods of netcat and wget weren’t available but someone much smarter than I (Craig Swan at SensePost) suggested I use base64 to encode the shell (to avoid any issues with foreign characters) copy each line, and paste each line on the target box as part of an echo statement which builds a copy of the file on the target box.
I thought the idea was great and it worked like a champ. I figured that this likely wasn’t the last time I would use this technique so I wrote a bash script to automate the process as much as possible.
base64 $1 > based.tmp
[ -f based_output.txt ] && rm based_output.txt
postvar='” >> ‘
cat based.tmp | while read line; do
echo $prevar$line$postvar$file_name >> based_output.txt
The code takes an input file and prepares that file for transfer. The command “64converter.sh webshell.php” would take the contents of webshell.php, encode it with base64, copy the encoded data to a temp file, go through that file line by line and copy the contents of each line to an output file where it is turned into an echo >> webshell.php command. Below is a screenshot of the process.
The script speeds up the process a little bit and helps avoid typing errors. The contents of the based_output.txt file are ready to be pasted into the target’s terminal window. Once each of the echo commands has been run on the target machine the resulting file can be decoded with base64 and the webshell will have been successfully transferred.
It’s a very short and simple script but it was a good excuse for me to work on my bash.