You could do something like this
Use the add payload function to insert a payload into the script, when run the script will extract it into a variable and push it over the ssh commandline, then starting a shell. All in 1 connect ;-)
There is a size limit though, seems to be around 130KB
Don't feed it compressed files, the add_payload function will tar, lzma and encode it in base64
I use it to push a bash_profile, inputrc, vim folder and rc file, bunch of scripts etc.. to the remote system like this
CONFIG=" your bash profile, don't forget to escape quotes etc."
ssh $@ "perl -MMIME::Base64=decode_base64 -e 'print decode_base64 q#$PAYLOAD#' | lzma -d | tar x -f - -C /root;echo '$CONFIG' > /tmp/ssh_profile; exec bash --rcfile /tmp/ssh_profile"
start by:
./script.sh
root@10.0.0.1Will connect, extract the payload to root/, echo the bashrc in the CONFIG variable to a file on the remote box and start a bash session with you newly upload file as rcfile.
Hope this helps
Code:
#!/bin/bash
# max size is about 130K, if you get an error about argument list to long
# it means that the payload is to large
# you can specify a folder for the local extaction, if none provided the
# folder from where the script was run will be used
Get_payload() {
tar="tar xv"
if [ $1 ]; then
tar="$tar -C $1"
fi;
if grep -q "^PAYLOAD:$" $0; then
line=$(($(grep --text --line-number '^PAYLOAD:$' $0 | cut -d ':' -f 1) + 1))
tail -n +$line $0 | openssl base64 -d | lzma -d | $tar
exit 0
else
echo 'PAYLOAD:' >> $0
echo "No payload attached"
exit 0
fi;
}
# Globs don't work, point it to a folder or just give it multiple files (think tar commandline)
# .script.sh apl file1 folder1 file2 ...
Add_payload() {
if grep -q "^PAYLOAD:$" $0; then
line=$(($(grep --text --line-number '^PAYLOAD:$' $0 | cut -d ':' -f 1) + 1))
sed -i "$line,$ d" $0
tar cv $@ | lzma -9 -e | openssl base64 >> $0
exit 0
else
echo 'PAYLOAD:' >> $0
tar cv $@ | lzma -9 -e | openssl base64 >> $0
exit 0
fi;
}
if [ "$1" = 'gpl' ]; then
Get_payload $2
elif [ "$1" = 'apl' ]; then
if [ "$2" = '' ]; then
echo "Provide a payload";
exit 1;
fi
shift
Add_payload $@
fi;
# Extract our payload into a variable
match=$(grep --text --line-number '^PAYLOAD:$' $0 | cut -d ':' -f 1)
payload_start=$((match + 1))
# By stripping the whitespace of the payload we can make it a little bit smaller (more data fits on the ssh commandline)
PAYLOAD=$(tail -n +$payload_start $0 | perl -pe 'tr/\x0A\x0D//d;' )
# Since our payload has been stripped of newlines and spaces wa cannot use openssl base64 to decode so we use perl.
exec ssh -A -o CheckHostIP=no -o StrictHostKeyChecking=no -t -l root "$@" \
"perl -MMIME::Base64=decode_base64 -e 'print decode_base64 q#$PAYLOAD#' | \
lzma -d | tar x -f - -C /root; exec bash"
