Obfuscating a command within a shell script
There are a lot of tips (and warnings) on here for obfuscating various
items within scripts. I'm not trying to hide a password, I'm just
wondering if I can obfuscate an actuall command within the script to
defeat the casual user/grepper. Background: We have a piece of software
that helps manage machines within the environment. These machines are
owned by the enterprise. The users sometimes get it in their heads that
this computer is theirs and they don't want "The Man" looking over their
shoulders.
I've developed a little something that will check to see if a certain
process is running, and if not, clone it up and replace. Again, the
purpose of this is not to defeat anyone other than the casual user.
It was suggested that one could echo an octal value (the 'obfuscated'
command) and use it as a variable within the script. e.g.:
strongBad=`/bin/echo "\0150\0157\0163\0164\0156\0141\0155\0145\0015\0012"`
I could then use $strongBad within the shell script to slyly call the
commands that I wanted to call with arguments?
/bin/$strongBad -doThatThingYouDo -DoEEET
Is there any truth to this? So far it's worked via command line directly
into shell (using the -e flag with echo) but not so much within the
script. I'm getting unexpected output, perhaps the way I'm using it?
Thanks for any info.
No comments:
Post a Comment