More and more customers are using fancy security tools like CyberArk or other solutions based on Windows RDP with turned off or limited possibility of copy/paste functionalities. And I get it. Security is really important topic and we should take it seriously.
But from time to time you have to solve quickly some extremely important issue and there is no time to wait until morning for someone to download and copy useful tools for you.
In this short article I will show you how to copy 0x.Tools by Tanel Poder to such secure environment when there’s no time to loose.
First you have to clone the repo to your computer:
inter@applerick linux % git clone https://github.com/tanelpoder/0xtools
Cloning into '0xtools'...
remote: Enumerating objects: 1154, done.
remote: Counting objects: 100% (358/358), done.
remote: Compressing objects: 100% (109/109), done.
remote: Total 1154 (delta 295), reused 275 (delta 246), pack-reused 796
Receiving objects: 100% (1154/1154), 5.91 MiB | 16.10 MiB/s, done.
Resolving deltas: 100% (740/740), done.
Now remove unnecessary directories to make the binary package as small as possible and compress it:
inter@applerick linux % tar -cjf 0xtools.tar.bz2 0xtools
inter@applerick linux % du -sh 0xtools.tar.bz2
72K 0xtools.tar.bz2After that you can use my tool, written in Python which uses keyboard module to type in hex data into terminal. The tool uses a simple trick – it divides a binary package into chunks and simulates a keyboard to type hex representations in opened terminal. It waits a desired number of seconds before it starts typing so you have some time to switch to appropriate window 🙂
https://github.com/ora600pl/cbfuk
The whole process might look like this:
inter@applerick linux % mkdir /tmp/cbfuk/
inter@applerick linux % mv 0xtools.tar.bz2 /tmp/cbfuk
inter@applerick linux % cd /tmp/cbfuk
inter@applerick cbfuk % git clone https://github.com/ora600pl/cbfuk
Cloning into 'cbfuk'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 8 (delta 1), reused 5 (delta 1), pack-reused 0
Receiving objects: 100% (8/8), 4.93 KiB | 4.93 MiB/s, done.
Resolving deltas: 100% (1/1), done.
inter@applerick cbfuk % python3 -m venv cbfuk
inter@applerick cbfuk % . ./cbfuk/bin/activate
(cbfuk) inter@applerick cbfuk % pip3 install keyboard Using the script is extremely simple:
(cbfuk) inter@applerick cbfuk % python3 cbfuk/cbfuk.py -h
cbfuk.py -f <inputfile> -i <interval in seconds> -c <chunk size in bytes> -w <wait X seconds before starting to type (default is 5)>
(cbfuk) inter@applerick cbfuk % python3 cbfuk/cbfuk.py -f 0xtools.tar.bz2 -c 1024 -w 5 -i 0.1
Input file is 0xtools.tar.bz2
Chunk size is 1024
Interval is 0.1After switching to the new window you will have to wait and watch the magic that looks like this:
inter@applerick test % echo "d71fc4d3474831d97ce6d569209ffe8a2c1a5db556071300e05477a15100a020a0780211da1ccc08703c2fb8da18c77960f321d2e4c9a7f7a5c0d0
c07361e5ccdc230a924dc954612d12a375616441b108310830420f34e5bca2a2864f963847cf321fddbd5a1c99a64a6f4867abb100fdc19a5691991d6c3103410940be21317a50ecebc
9e3c2abd0941f1940684220ae4081a7567dc12b7549bedd369819aaf961c7fc57f277946242dfc3de7cb7f8f1ecc667693710d0321162e739091ddf84d3799ceb97191981a944026703
206199c8432ece1883a98c309f9f578947ae2cf0d79b66711f8c2618e443866264ae212c9500bb2a0e59de864cb87ce0dc8b8a7766fd7cbe48c19b3653ff4a1c3b27780ee0ccab49a01
a6622a345c8b4cf30cc662f59b92c6ea21ac215283a12d2ab053724488fb0768b24892bea6bd6674dc6f9a85d38dac786b8fe9320d30b307b05b3a43c1098cefd762e176d5e711a6a35
4a5b78b55134e1667551ead599869bb869e279fd539baac935b4f81869e075dcc5c3476b1b185ea5169f0b539ae5ccb99da68ac370ea3e19a9e0550d8891b0bf1e6cfe550dbb585c487
6e71aa1b625bd5c6281b0f2106d70788cea451e16e8bbcaf980606fae737a66dd9bb0765862048ac621b3f11903f34212658e71a1b6174053a6660e56dbd7b48e5cd287f60a78a59a94
16651d576343016f00621272498ce0989b20c76c6d30ecf10e39220a0e1d5f428f447c83f70f70a0442fd04f701ee9c2ebd7252c300996a417094f7121ef1804a7837ebe8731f779229
ec86817f14ab84bf77a3c03ee8198682a85a1a00a1908468fb87e9f1103c8f3a0f2031c65044d92799272817ec855af920fa7ccbb4fe888489a06a61a2899a49489f7fabcf9f143eef0
4f1fe6bda667b3fe07517085fe5bb09172836c11c6f0a6ca0e0effafeed8fbfe83544f94b450a14a9fb617e8c31140682e3fc66a50a90a0fc446961c2528775cfcff5997687ba37351d
c3132b6a4a232f45129600f0201f8bfb7fb7e8b5ebfbf7f9cb73c143fe7483d2465292fedae99ff6aff8e1d5a23716b0359817127f869cc3fc3938d86ddd50fd07f3f5f8643a7d3175f
d9d6b1ec343f5121fe3af4e15f5e881681689ff0fc17d26b0851518194353fd10d1fc62cfac7ddfbfcd54cbf5daa07f38b907f6fbfa05d9eb20628375041ea3fa3dbeeb27f41087f937
afcee6c88e4612b7d9f1aa22ba14afdf1d3037f980440024997f268774c46e27fc103a0398843fcf738f9ba380512a1d3bb79f9e8ebff91f27fc864908521ff22941de74a14a9fffc5d
c914e14240c7c32658" >69_0xtools.tar.bz2.txtAfter your beer break you will see the following list of files:
inter@applerick test % ls
0_0xtools.tar.bz2.txt 20_0xtools.tar.bz2.txt 31_0xtools.tar.bz2.txt 42_0xtools.tar.bz2.txt 53_0xtools.tar.bz2.txt 64_0xtools.tar.bz2.txt
10_0xtools.tar.bz2.txt 21_0xtools.tar.bz2.txt 32_0xtools.tar.bz2.txt 43_0xtools.tar.bz2.txt 54_0xtools.tar.bz2.txt 65_0xtools.tar.bz2.txt
11_0xtools.tar.bz2.txt 22_0xtools.tar.bz2.txt 33_0xtools.tar.bz2.txt 44_0xtools.tar.bz2.txt 55_0xtools.tar.bz2.txt 66_0xtools.tar.bz2.txt
12_0xtools.tar.bz2.txt 23_0xtools.tar.bz2.txt 34_0xtools.tar.bz2.txt 45_0xtools.tar.bz2.txt 56_0xtools.tar.bz2.txt 67_0xtools.tar.bz2.txt
13_0xtools.tar.bz2.txt 24_0xtools.tar.bz2.txt 35_0xtools.tar.bz2.txt 46_0xtools.tar.bz2.txt 57_0xtools.tar.bz2.txt 68_0xtools.tar.bz2.txt
14_0xtools.tar.bz2.txt 25_0xtools.tar.bz2.txt 36_0xtools.tar.bz2.txt 47_0xtools.tar.bz2.txt 58_0xtools.tar.bz2.txt 69_0xtools.tar.bz2.txt
15_0xtools.tar.bz2.txt 26_0xtools.tar.bz2.txt 37_0xtools.tar.bz2.txt 48_0xtools.tar.bz2.txt 59_0xtools.tar.bz2.txt 6_0xtools.tar.bz2.txt
16_0xtools.tar.bz2.txt 27_0xtools.tar.bz2.txt 38_0xtools.tar.bz2.txt 49_0xtools.tar.bz2.txt 5_0xtools.tar.bz2.txt 7_0xtools.tar.bz2.txt
17_0xtools.tar.bz2.txt 28_0xtools.tar.bz2.txt 39_0xtools.tar.bz2.txt 4_0xtools.tar.bz2.txt 60_0xtools.tar.bz2.txt 8_0xtools.tar.bz2.txt
18_0xtools.tar.bz2.txt 29_0xtools.tar.bz2.txt 3_0xtools.tar.bz2.txt 50_0xtools.tar.bz2.txt 61_0xtools.tar.bz2.txt 9_0xtools.tar.bz2.txt
19_0xtools.tar.bz2.txt 2_0xtools.tar.bz2.txt 40_0xtools.tar.bz2.txt 51_0xtools.tar.bz2.txt 62_0xtools.tar.bz2.txt
1_0xtools.tar.bz2.txt 30_0xtools.tar.bz2.txt 41_0xtools.tar.bz2.txt 52_0xtools.tar.bz2.txt 63_0xtools.tar.bz2.txtYou can convert those text files into binaries with the following one-liner:
inter@applerick test % ls | sort -n | xargs -I {} cat {} | xxd -r -p - >> 0xtools.tar.bz2
inter@applerick test % file 0xtools.tar.bz2
0xtools.tar.bz2: bzip2 compressed data, block size = 900k
inter@applerick test % tar -xjf 0xtools.tar.bz2
And here it is! You won’t copy something big like this, but I hope it will help someone in extreme situations 🙂
And remember – don’t use it for nasty things 😉