oOps.c grabs hardcoded strings from binary files. Shows rootkit passwords and other information that is encoded character at a time to avoid binary examination like the strings command. Tested on Linux.
6ec922e0fecc9ff438d329269c632e0bdae94a19c0a176bb42b7160fa0bb0f73/*
* by gunzip - grabs hardcoded strings from binary files
* thanks to objdump - greetz tsunami, jestah, kernel__ qwerty
* (I've tested it on Linux with lrk but should work anywhere)
*/
#include <stdio.h>
int
main(int argc, char *argv[])
{
int index;
char *num;
char *tmp;
FILE *fd;
const char objdump[] = "/usr/bin/objdump";
const char trans[] =
"................................ !\"#$%&'()*+,-./0123456789"
":;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklm"
"nopqrstuvwxyz{|}~..";
if (argc != 2) {
printf("Usage: ./oOps <path to binary>\n");
exit(-1);
}
if ( fopen(objdump,"r") == NULL ) {
fprintf(stderr,"%s not found.\n",objdump);
exit(-1);
}
if ( fopen(argv[1],"r") == NULL ) {
fprintf(stderr,"%s does not exist.\n",argv[1]);
exit(-1);
}
tmp=(char *)calloc(0x100+strlen(objdump)+strlen(argv[1]),sizeof(char));
snprintf(tmp,1024,"%s -D %s > .obj 2>/dev/null",objdump,argv[1]);
system(tmp); free(tmp);
system("grep movb .obj | cut -d$ -f2 | cut -d, -f1 > .str");
num=(char *)calloc(0x8,sizeof(char));
if ( (fd=fopen(".str","r")) == NULL ) {
perror("open()");
exit(-1);
}
while (!feof(fd)) {
fgets(num,7,fd);
index=(int)strtoul(num,0,16);
if(!index)
{ /* to avoid newlines */
while( (!index) && (!feof(fd)) ) {
fgets(num,7,fd);
index=(int)strtoul(num,0,16);
}
printf("\n");
}
if (index < 128) printf("%c",trans[index]);
}
printf("\n\n");
}
/* www.thechameleons.com, the best wave band on earth */
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed