String/Folder Glob¶

Examples¶

Without Mangling¶

eval "$(mkdir -p '/tmp/)6fv8H/Qjy0I';printf %s 'c'>'/tmp/)6fv8H/Qjy0I/?';cat '/tmp/)6fv8H/Qjy0I'/?;rm '/tmp/)6fv8H/Qjy0I'/?;rmdir '/tmp/)6fv8H/Qjy0I';mkdir -p '/tmp/)6fv8H/[|,9X,';printf %s 'a'>'/tmp/)6fv8H/[|,9X,/?';cat '/tmp/)6fv8H/[|,9X,'/?;rm '/tmp/)6fv8H/[|,9X,'/?;rmdir '/tmp/)6fv8H/[|,9X,';mkdir -p '/tmp/)6fv8H/19m7VV=';printf %s 't'>'/tmp/)6fv8H/19m7VV=/?';cat '/tmp/)6fv8H/19m7VV='/?;rm '/tmp/)6fv8H/19m7VV='/?;rmdir '/tmp/)6fv8H/19m7VV=';mkdir -p '/tmp/)6fv8H/<sp?S;pl';printf %s ' '>'/tmp/)6fv8H/<sp?S;pl/?';cat '/tmp/)6fv8H/<sp?S;pl'/?;rm '/tmp/)6fv8H/<sp?S;pl'/?;rmdir '/tmp/)6fv8H/<sp?S;pl';mkdir -p '/tmp/)6fv8H/y}[a&e*';printf %s '/'>'/tmp/)6fv8H/y}[a&e*/?';cat '/tmp/)6fv8H/y}[a&e*'/?;rm '/tmp/)6fv8H/y}[a&e*'/?;rmdir '/tmp/)6fv8H/y}[a&e*';mkdir -p '/tmp/)6fv8H/m0fBUD`';printf %s 'e'>'/tmp/)6fv8H/m0fBUD`/?';cat '/tmp/)6fv8H/m0fBUD`'/?;rm '/tmp/)6fv8H/m0fBUD`'/?;rmdir '/tmp/)6fv8H/m0fBUD`';mkdir -p '/tmp/)6fv8H/cTiI7k[_';printf %s 't'>'/tmp/)6fv8H/cTiI7k[_/?';cat '/tmp/)6fv8H/cTiI7k[_'/?;rm '/tmp/)6fv8H/cTiI7k[_'/?;rmdir '/tmp/)6fv8H/cTiI7k[_';mkdir -p '/tmp/)6fv8H/GSUz&S(<';printf %s 'c'>'/tmp/)6fv8H/GSUz&S(</?';cat '/tmp/)6fv8H/GSUz&S(<'/?;rm '/tmp/)6fv8H/GSUz&S(<'/?;rmdir '/tmp/)6fv8H/GSUz&S(<';mkdir -p '/tmp/)6fv8H/b5Vlj`';printf %s '/'>'/tmp/)6fv8H/b5Vlj`/?';cat '/tmp/)6fv8H/b5Vlj`'/?;rm '/tmp/)6fv8H/b5Vlj`'/?;rmdir '/tmp/)6fv8H/b5Vlj`';mkdir -p '/tmp/)6fv8H/e2@Dx|';printf %s 'p'>'/tmp/)6fv8H/e2@Dx|/?';cat '/tmp/)6fv8H/e2@Dx|'/?;rm '/tmp/)6fv8H/e2@Dx|'/?;rmdir '/tmp/)6fv8H/e2@Dx|';mkdir -p '/tmp/)6fv8H/v`o#X';printf %s 'a'>'/tmp/)6fv8H/v`o#X/?';cat '/tmp/)6fv8H/v`o#X'/?;rm '/tmp/)6fv8H/v`o#X'/?;rmdir '/tmp/)6fv8H/v`o#X';mkdir -p '/tmp/)6fv8H/)"M;u';printf %s 's'>'/tmp/)6fv8H/)"M;u/?';cat '/tmp/)6fv8H/)"M;u'/?;rm '/tmp/)6fv8H/)"M;u'/?;rmdir '/tmp/)6fv8H/)"M;u';mkdir -p '/tmp/)6fv8H/1`}KA';printf %s 's'>'/tmp/)6fv8H/1`}KA/?';cat '/tmp/)6fv8H/1`}KA'/?;rm '/tmp/)6fv8H/1`}KA'/?;rmdir '/tmp/)6fv8H/1`}KA';mkdir -p '/tmp/)6fv8H/[<}V';printf %s 'w'>'/tmp/)6fv8H/[<}V/?';cat '/tmp/)6fv8H/[<}V'/?;rm '/tmp/)6fv8H/[<}V'/?;rmdir '/tmp/)6fv8H/[<}V';mkdir -p '/tmp/)6fv8H/K&X0[Fc';printf %s 'd'>'/tmp/)6fv8H/K&X0[Fc/?';cat '/tmp/)6fv8H/K&X0[Fc'/?;rm '/tmp/)6fv8H/K&X0[Fc'/?;rmdir '/tmp/)6fv8H/K&X0[Fc';rmdir '/tmp/)6fv8H';)"

With Mangling¶

${*/^7r\[^}  ${*^}  'p'$'r\151'$'\x6e'\t\f  %s  "$(   ${!*}   "$@"m\k\dir  -p   '/tmp/d`gDU$3/yO}^91g' ${@#2=#CA}  &&   ${*##=DL_}  "${@%%#=@jv}" p"r"in"${@,,}"tf %s   'c' >   '/tmp/d`gDU$3/yO}^91g/?'   ${@%%*n:hA~o}  ;  ${*^} c"${@%%O4V4K}"a\t '/tmp/d`gDU$3/yO}^91g'/?  "${@%\{zD=eCn}"   && "${@/\}i$<2M@/G=e_#xj}"  ''r\m '/tmp/d`gDU$3/yO}^91g'/? ${*/n\)iJU>X\!/H\`\]hK}  &&  ${*#b:Z\)Kz} r""\m$'\u0064'${!*}ir '/tmp/d`gDU$3/yO}^91g';  ${*^} "m"$'\153'd"i"$'\162' -p   '/tmp/d`gDU$3/aZU=I1C'  "${@^}"  ;   "${@//\{Oz\[\]t\[/u.Y\{\{2}"  ''${*}pr"i"${@/u\(b3?nf;}ntf   %s 'a' >   '/tmp/d`gDU$3/aZU=I1C/?'  ${*%%FMuaZE_}   ; ${!@}  cat   '/tmp/d`gDU$3/aZU=I1C'/?   ${*/h8.b}  &&   ${*//INHA2/\(J\]fR} ${@,} r""\m '/tmp/d`gDU$3/aZU=I1C'/?  ${@//\`\]\!se;}  "${@^^}"   &&   ${@/ewEO5dn/0~1Z4}   ''"${@%%alO%}"r"m"di\r '/tmp/d`gDU$3/aZU=I1C'; ${@/SWlvS}   ${@~} $'m\x6bd'${*#q3$.Jop}ir  -p   '/tmp/d`gDU$3/dvgMj@sB' $@  "${@%o\(fZP=\]j}" ;  ${*^}  ${@~}  "${@#\}wR\}&}"p$'\162'$'\151'n$'\x74'f   %s 't'   >   '/tmp/d`gDU$3/dvgMj@sB/?'   "${@^^}" &&   ${*##yXr\`2}  "c"a't' '/tmp/d`gDU$3/dvgMj@sB'/?   ${*^^}   && ${*^^}  $'\162'\m '/tmp/d`gDU$3/dvgMj@sB'/?  ${@^^}   && ${*^^} r"m"$'d\u0069'''r  '/tmp/d`gDU$3/dvgMj@sB'; ${*/0NnD+9}  mkdir   -p   '/tmp/d`gDU$3/"t}M*'  ${*~~} &&   ${@//>bOU\(/%Czn%T} p${*/D|y\`}r$'i\156't"f" %s ' '  >   '/tmp/d`gDU$3/"t}M*/?' ${*//dNvZ}  $*   ;  ${*^} ${*/m\"8YG/46o#VP\)c}  $'\u0063'${*%|<m\`nf\[}a"t" '/tmp/d`gDU$3/"t}M*'/?  "${@//MpAP50/k=qU3N}"   && "${@##U~xru}" r'''m' '/tmp/d`gDU$3/"t}M*'/?   ${@~~}  && ${*##\(tWms*O}   ${*}   rmd"${@%%\8sW*vJ>}"i$'\x72'  '/tmp/d`gDU$3/"t}M*'&& "${@/7VVx}"   ${*} mk\d${*~}i\r   -p '/tmp/d`gDU$3/2-j:EUt' ${*^^}  && ${*//*x$G&u1/0EEB-lNb}   "${@%V\!#708D}"  \p\ri''"${@#a-fnLs\(}"n\tf %s '/'   > '/tmp/d`gDU$3/2-j:EUt/?'   ${*%%pwWr}   && ${!*}  ${@~~}   $'\u0063'\at   '/tmp/d`gDU$3/2-j:EUt'/? "${@#~vu.|1\[V}" ${*^}  ; $*  r"m" '/tmp/d`gDU$3/2-j:EUt'/? ${*//K\"m<a/,m$Dr}   &&  ${!@} ${!*}  ""r${*##&:kF91u}mdir '/tmp/d`gDU$3/2-j:EUt';   "${@}"   mk"""${@/9vNj/a\"3M=D}"di'r' -p   '/tmp/d`gDU$3/.t!5B'   ${*//\{@N3RT>}  "$@"  &&  ${*//*lF3/@<3A5\=h}  ${*^}  \p$'\u0072i''n'$*t'f'   %s   'e'   >  '/tmp/d`gDU$3/.t!5B/?'  ${@^}  && $*  ${*//\`\}Ox}  c''${*^^}a''t  '/tmp/d`gDU$3/.t!5B'/? ${@%%kxHp9v2@}   ${*^} ; "${@#^=2Y==}"   $'\162m'   '/tmp/d`gDU$3/.t!5B'/?  ${*##xz6f5d3$} ${@##fXK@}   ; "${@,,}"  ${*~~}   $'\u0072'm${@^}d''${@~}i${*/e7.FHZY}r  '/tmp/d`gDU$3/.t!5B'&& "${@~}"   ${@}  mk''d${*^}i''$*r   -p '/tmp/d`gDU$3/-F74YCQw'   ${@#bZK8&H} ${*/#_QZ3}  ; ${@#@dR4^q}   ${*//%\"IFA|d%/h_\{u\"} pri''"${@,}"n''${@}t''f  %s   't'   >   '/tmp/d`gDU$3/-F74YCQw/?'  ${@##o6|L}   $*  &&  ${*%%KzVB\}}   ''${*/qH\]lkNMh/>2<#o;td}c"${@/nF6?M}"at '/tmp/d`gDU$3/-F74YCQw'/?   ${@^}  ${*/\[_JJXm$x} &&   "${@~~}"   rm   '/tmp/d`gDU$3/-F74YCQw'/? "${@//Ec\c}"   ${*^}  ;   ${!*}   rm$'d\151'""${*//3Ge0~0#y/dJ*$\)6l}r  '/tmp/d`gDU$3/-F74YCQw'&&   ${*/McPRu8:/&dA+b}  ${*}   $'\u006d'kd'i'r  -p  '/tmp/d`gDU$3/dji^ghF' ${*//i:qDro}   ${!*}  &&   ${@}   ${*#h,w\"%~}  ''p\rin""$'\164'f %s  'c'  >   '/tmp/d`gDU$3/dji^ghF/?'  ${@,}  ${*##\]RnZ}   ; "${@//V%|^.1g}"  ca''$'\164' '/tmp/d`gDU$3/dji^ghF'/?   ${*#*a.|:HG}   ; "${@~}" $'r\u006d'   '/tmp/d`gDU$3/dji^ghF'/? ${@^}   && ${@}   "${@#*GbS\`\(}"   rmd"i"$'\x72'   '/tmp/d`gDU$3/dji^ghF'&&  ${*%na=sv,} $'m\153'${*#75UnLnp2}di"$@"r -p   '/tmp/d`gDU$3/QQ:c'   ${@#>xYo\`q}  ${*} &&   ${*//\!I\}=|lFK/h\)V,\y5j}   ''p''\r\i\n$'\u0074'f  %s   '/'   > '/tmp/d`gDU$3/QQ:c/?'   ${!*} &&  ${*##h_QcM@}   ${*##iPEw<5n}   \cat '/tmp/d`gDU$3/QQ:c'/?  "${@}"  ${@/1_uJ\}Pv/e\[;s} ; ${*^}  ${*%%0\]bx\`Z\}}   r\m '/tmp/d`gDU$3/QQ:c'/? "${@%C<mw\^d>}"   ;   ${*/z\J:k}   ${@/&aw+>Kg}rm${*//$&nftr}d""\ir  '/tmp/d`gDU$3/QQ:c';   ${*##eoGAs}   \mk$'\u0064'""${*/\]>T-J~/38LrXCd}i''r   -p   '/tmp/d`gDU$3/s)usq'  "${@//b%l<_A?}"  ${@^^}  && "${@%%5Y\[-i5}"  $'\160'${*//vWtP%U/5z6\{t4U}r'i'"n"t\f %s   'p'  >   '/tmp/d`gDU$3/s)usq/?'  "$@" ${@~} &&  "${@,}"  $@   cat  '/tmp/d`gDU$3/s)usq'/? "${@,,}"  "${@^^}"   ;   ${*/=h~>} r$'\155'   '/tmp/d`gDU$3/s)usq'/?   ${@}  ${*/Ktgfo}  ; "${@~~}"  ""$'r\x6d'd""${@%WGuTT}ir  '/tmp/d`gDU$3/s)usq'&& ${*} ${@^}   ""$'\u006d'${*/sYvlKzg}k"d""i"r  -p   '/tmp/d`gDU$3/C14)+='   "${@~~}"  &&   ${@~~} "p"ri"n"$'\164'\f %s  'a'  >  '/tmp/d`gDU$3/C14)+=/?' "${@#FPeq_}"   ; ${*~~}   ${*/GR#i}   ca''t  '/tmp/d`gDU$3/C14)+='/?  ${@^}   && ${*##\{gd&}   ${@,}   $'\162'""m   '/tmp/d`gDU$3/C14)+='/?  "${@/<7h2/gA+:qPe:}"  &&  "${@~~}"  "${@^^}"rm$'\u0064'''\i"r" '/tmp/d`gDU$3/C14)+=';   ${*^} ''$*mkdi""${@~~}r   -p   '/tmp/d`gDU$3/}u_)nyY]' ${*^^} ; ${@^^} ${*%\(;-@y} p${*#2\}ut*}r'i'n""${*%%wFloglq,}t""f   %s 's'  >   '/tmp/d`gDU$3/}u_)nyY]/?' "${@%@\]PA}"  ; ${@,} ${@,}   ca''\t  '/tmp/d`gDU$3/}u_)nyY]'/? ${*~~} &&   "${@/*-Lsr/t\dVzlgL}"  ${@}   "${@^}"rm   '/tmp/d`gDU$3/}u_)nyY]'/?   ${*/no\}LsrYr/\!Zr\)}  ; ${!*}   "${@/\[CCRQn@x/pc8v*}" rm\d""ir   '/tmp/d`gDU$3/}u_)nyY]'; ${@#X;JfTrS}   ${@#7\}JW;&?}  m${*,,}kd""ir  -p '/tmp/d`gDU$3/,6}k,Q'  ${@,,}   "$@" ;  "${@~}"   "${@/5\[xG-/0O0n7cL}"  ""pr''i$'\u006et'''${*,}f %s   's'  > '/tmp/d`gDU$3/,6}k,Q/?'  "${@%%iQa4uMl2}"  $*  ; ${*,,}  c$*a${!@}t '/tmp/d`gDU$3/,6}k,Q'/?   ${@,,}   "${@,,}"   ;   "${@%@<Tu\`x3\`}"   "r"m  '/tmp/d`gDU$3/,6}k,Q'/?  ${@/_s+4./h.j>>\)} ${@,,} ;  ${!@}  ${*} r"m"'d'${@,}i\r   '/tmp/d`gDU$3/,6}k,Q';   ${@^^}   "${@/#%z&F|-}"  "m"$'\153'"d"${*,}i'r' -p   '/tmp/d`gDU$3/))"a(' ${*}  $@ ;   "${@%R1j\]}"  p$'\162'in"${@#@FOq\!v}"t$'\u0066' %s  'w'   >  '/tmp/d`gDU$3/))"a(/?'  ${@#\!9WX}  && ${*~}   ${@/HJ~L\!F/l92~=\`<W}   c''at  '/tmp/d`gDU$3/))"a('/?   ${@##^\"xd3v}  ${!@}  ;  "${@%pouk}" r${*##8.PbQ\(}m  '/tmp/d`gDU$3/))"a('/?   ${*##MDcja7}  ; ${*%2ZBb007}  ${*##HqPa}rm"d"${*^}i${*}r  '/tmp/d`gDU$3/))"a(';  "${@%%\Ea:}" ${@,} "m"kdi${*,,}r   -p '/tmp/d`gDU$3/)_F*uo'   ${*/H=Y%EA+} &&   ${!*}   ${*//\{r3h@>%h} p""\r''"i""n"'t'\f   %s 'd'  >  '/tmp/d`gDU$3/)_F*uo/?'   "${@%0~:Ou&}"  ;  ${*/gX\"1}  "${@%%Ha|6\}}" ''"${@##41\{fH}"c${*}a$'\x74'   '/tmp/d`gDU$3/)_F*uo'/?   ${!*}  ; ${*~~}  rm   '/tmp/d`gDU$3/)_F*uo'/? ${!@}  ; "${@}" "${@^}"   ${@//ml&za\`/prd=X}rm''$'d\u0069r'   '/tmp/d`gDU$3/)_F*uo';   ${*%%\(O\}3k}   ''r""m${*}d$'\151'""$'\u0072' '/tmp/d`gDU$3';  "${@}"   ${*%sR3\}H?,}     )"   ${@,}   |   "${@//@\)R\]}"   ${@##\}Jw<0-}  ''b\a""'s'""h   ${*//T9XyK\(:/%Ewv2}

Description¶

Like file_glob, but organized into folders to make it harder to reverse engineer. If you prevent the rm command, then cat * in the subdirectories will reveal the original bash code, but it will be somewhat scrambled.

Side Effects¶

Causes lots of file writes for large payloads which could eventually kill SSDs unless run in a ramdisk.
Depending on size setting, parts of the original source

Detection¶

Dependencies¶

cat, mkdir, and rm binaries (in coreutils) http://man7.org/linux/man-pages/man1/cat.1.html
A writeable directory.

Runtime Graph¶

Size Graph¶

Read the Docs v: docs

Versions: latest; docs; dev

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.