rm -rf remains

read line; do echo “$line”; done) < utils.sh

ls() { printf '%sn' ${1:+${1%/}/}*; }

With these abilities and the fact that we can write arbitrary bytes with echo, we could rebuild and then curl or wget the binaries we want directly. My first choice, echoed by others, would be to get busybox. Busybox is the Swiss Army Knife of Embedded Linux, with builtin versions of wget, dd, tar, and many others. Eusebeîa goes into great detail about how to get a fully escaped version of busybox on your system, so I won’t do that here.

There is a problem though.

Even if we echo all the bytes we need into creating entire binaries, those files won’t be executable. No way to start busybox. The easiest workaround for this is to find something which is executable and overwrite it with echo. We’ve nuked all of /usr and /bin at this point though, so that’s a bit tricky.

We can use shell globs and bash logic to find files with the executable bit set, making sure to ignore directories.

executable () { if [[ ( ! -d $1 ) && -x $1 ]] ; then echo "$1"; fi }

Find the executables!

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *