Last active
August 24, 2023 03:57
-
-
Save BrandonE/dfcc750b2be10135c5119698b6faac2d to your computer and use it in GitHub Desktop.
Archive the contents of a directory to JSON using core shell commands. Use to extract files while "Living-off-the-Land". Works on serverless runtimes. Created for SANS SEC510: Public Cloud Security: AWS, Azure, and GCP - http://sec510.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SOURCE_DIRECTORY=/tmp | |
| ARCHIVE_TO=/tmp/documents.json | |
| # Clear the archive. | |
| : > "$ARCHIVE_TO" | |
| # Begin JSON array. | |
| echo -n '[' >> "$ARCHIVE_TO" | |
| for FILE in $(grep -lr --exclude="$(basename $ARCHIVE_TO)" . "$SOURCE_DIRECTORY") | |
| do | |
| # Add JSON object containing the filepath and contents of the file, Base64 encoded without whitespace added. | |
| echo -n '{"filepath":"'$(echo -n "$FILE" | base64 -w 0)'","contents":"'$(cat "$FILE" | base64 -w 0)'"},' >> "$ARCHIVE_TO" | |
| done | |
| if [ "$(wc -c $ARCHIVE_TO)" != "1 $ARCHIVE_TO" ] | |
| then | |
| # Remove the comma for the last item. | |
| truncate -s-1 "$ARCHIVE_TO" | |
| fi | |
| # End JSON array. | |
| echo -n ']' >> "$ARCHIVE_TO" | |
| cat "$ARCHIVE_TO" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create test files on the target system for demonstration purposes. | |
| echo "one" > /tmp/1.txt | |
| echo "two" > /tmp/2.txt | |
| mkdir -p /tmp/test | |
| echo "three" > /tmp/test/3.txt | |
| # After running archive.sh, the following is written to /tmp/documents.json and standard output: | |
| # [{"filepath":"L3RtcC8xLnR4dA==","contents":"b25lCg=="},{"filepath":"L3RtcC8yLnR4dA==","contents":"dHdvCg=="},{"filepath":"L3RtcC90ZXN0LzMudHh0","contents":"dGhyZWUK"}] | |
| # On the user's system: | |
| echo '[{"filepath":"L3RtcC8xLnR4dA==","contents":"b25lCg=="},{"filepath":"L3RtcC8yLnR4dA==","contents":"dHdvCg=="},{"filepath":"L3RtcC90ZXN0LzMudHh0","contents":"dGhyZWUK"}]' > /tmp/documents.json | |
| # After running extract.sh: | |
| ls -R /tmp/documents | |
| # Output: | |
| # /tmp/documents: | |
| # tmp | |
| # /tmp/documents/tmp: | |
| # 1.txt 2.txt test | |
| # /tmp/documents/tmp/test: | |
| # 3.txt | |
| cat /tmp/documents/tmp/test/3.txt # three |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Must have jq (https://stedolan.github.io/jq/) installed. | |
| SOURCE_ARCHIVE=/tmp/documents.json | |
| EXTRACT_TO=/tmp/documents | |
| mkdir -p "$EXTRACT_TO" | |
| # For each item in the JSON array: | |
| for DOCUMENT in $(cat "$SOURCE_ARCHIVE" | jq -c '.[]'); do | |
| # Base64 decode the filepath and contents of the file and store it relative to the destination. | |
| DESTINATION="$EXTRACT_TO$(echo $DOCUMENT | jq -r '.filepath' | base64 -d )" | |
| mkdir -p "$(dirname $DESTINATION)" | |
| echo $DOCUMENT | jq -r '.contents' | base64 -d > "$DESTINATION" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment