commit 764a8a39110c709469a3a055b810d4225e94543b Author: aixiao Date: Mon Feb 13 18:09:13 2023 +0800 初始提交 diff --git a/README.md b/README.md new file mode 100644 index 0000000..6dc4d17 --- /dev/null +++ b/README.md @@ -0,0 +1,39 @@ +# db_tunnel + 结合TELEPORT堡垒机使用的DB SSH数据库隧道工具 + 数据库配置文件、tp_decrypt bin请放到/etc或者与bin文件同一路径 + +# build + git clone https://git.aixiao.me/aixiao/db_tunnel.git + cd db_tunnel + bash bash build.sh(可能会提示安装包) + +# test + root@NIUYULING:/mnt/c/Users/niuyuling/Desktop/db_tunnel# ./db_tunnel -h + flag needs an argument: -h + Usage of ./db_tunnel: + -d run in daemon + -f run forever + -h string + DB服务器SSH IP地址 + -l string + 本地监听端口(或者堡垒机监听端口) + -p string + DB服务器SSH PORT + -r string + DB服务器端口(如: 3306、1521 ...) + -u string + DB服务器SSH USER用户 + root@NIUYULING:/mnt/c/Users/niuyuling/Desktop/db_tunnel# + + + root@NIUYULING:/mnt/c/Users/niuyuling/Desktop/db_tunnel/bin# ./db_tunnel -d -f -h 39.104.27.21 -l 3308 -r 3306 -p 22 -u app + [*] Daemon running in PID: 12918 PPID: 67 + root@NIUYULING:/mnt/c/Users/niuyuling/Desktop/db_tunnel/bin# [*] Forever running in PID: 12922 PPID: 1 + [*] Service running in PID: 12927 PPID: 12922 + 39.104.27.21 22 app 3306 3308 + 39.104.27.21 app 22 + 数据库连接成功 + 39.104.27.21 22 app 6+sNDSN4QL7VCLSr+Vt/fNSAX1XsTUwf6fYRTf3pGS8rYBn8Ik + I9EKbb + 设置SSH配置,服务器:39.104.27.21:22; 用户/密码: app/I9EKbbH; 远程:0.0.0.0:3306; 本地:0.0.0.0:3308 + root@NIUYULING:/mnt/c/Users/niuyuling/Desktop/db_tunnel/bin# \ No newline at end of file diff --git a/bin/db_tunnel b/bin/db_tunnel new file mode 100644 index 0000000..8126766 Binary files /dev/null and b/bin/db_tunnel differ diff --git a/bin/tp_decrypt b/bin/tp_decrypt new file mode 100644 index 0000000..ff9ac02 Binary files /dev/null and b/bin/tp_decrypt differ diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..736289d --- /dev/null +++ b/build.sh @@ -0,0 +1,2 @@ + +CGO_ENABLED=0 go build -ldflags '-w -s' -o bin/db_tunnel src/main.go && upx -9 bin/db_tunnel \ No newline at end of file diff --git a/etc/tunnel.ini b/etc/tunnel.ini new file mode 100644 index 0000000..912f9b1 --- /dev/null +++ b/etc/tunnel.ini @@ -0,0 +1,3 @@ +[global] +# "用户名:密码@[连接方式](主机名:端口号)/数据库名" +MYSQL_INFO="root:1234@(43.142.66.71:3306)/teleport"; diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..8d02b89 --- /dev/null +++ b/go.mod @@ -0,0 +1,14 @@ +module db_tunnel + +go 1.19 + +require github.com/docker/docker v23.0.0+incompatible + +require ( + gitee.com/dtapps/go-ssh-tunnel v1.0.4 // indirect + github.com/CodyGuo/godaemon v0.0.0-20200413142854-c36b39fdd071 // indirect + github.com/go-sql-driver/mysql v1.7.0 // indirect + golang.org/x/crypto v0.3.0 // indirect + golang.org/x/sys v0.2.0 // indirect + gopkg.in/ini.v1 v1.67.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..440f695 --- /dev/null +++ b/go.sum @@ -0,0 +1,23 @@ +gitee.com/dtapps/go-ssh-tunnel v1.0.4 h1:jQfS6WeoSWmMz+hSBxopUcgb0xi3fssMjHUYpF1BnYY= +gitee.com/dtapps/go-ssh-tunnel v1.0.4/go.mod h1:VzlCBrBerVEL1fgikHzApbRU5/Ru+KrzktRjnDfxu1M= +github.com/CodyGuo/godaemon v0.0.0-20200413142854-c36b39fdd071 h1:GFI7Rs86D4qip+tBvMcv0ux5kHbngC0rNWfgpTeVoAQ= +github.com/CodyGuo/godaemon v0.0.0-20200413142854-c36b39fdd071/go.mod h1:VBC/JvjvRkcgE7wMjDJs7Y94Ta6KSpCWDquUKW+WbJo= +github.com/docker/docker v23.0.0+incompatible h1:L6c28tNyqZ4/ub9AZC9d5QUuunoHHfEH4/Ue+h/E5nE= +github.com/docker/docker v23.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc= +github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= +gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/src/main.go b/src/main.go new file mode 100644 index 0000000..c7416b8 --- /dev/null +++ b/src/main.go @@ -0,0 +1,342 @@ +package main + +import ( + "database/sql" + "flag" + "fmt" + "io" + "io/ioutil" + "log" + "net" + "os" + "os/exec" + "path/filepath" + "strconv" + "strings" + "syscall" + "time" + + _ "github.com/go-sql-driver/mysql" + "golang.org/x/crypto/ssh" + "gopkg.in/ini.v1" +) + +// 转发 +func sForward(serverAddr string, remoteAddr string, localConn net.Conn, config *ssh.ClientConfig) { + // 设置sshClientConn + sshClientConn, err := ssh.Dial("tcp", serverAddr, config) + if err != nil { + fmt.Printf("ssh.Dial failed: %s", err) + os.Exit(1) + } + + // 设置Connection + sshConn, _ := sshClientConn.Dial("tcp", remoteAddr) + /* + // 将localConn.Reader复制到sshConn.Writer + go func() { + _, err = io.Copy(sshConn, localConn) + if err != nil { + fmt.Printf("io.Copy failed: %v", err) + os.Exit(1) + } + }() + + // 将sshConn.Reader复制到localConn.Writer + go func() { + _, err = io.Copy(localConn, sshConn) + if err != nil { + fmt.Printf("io.Copy failed: %v", err) + os.Exit(1) + } + }() + */ + + copyConn := func(writer, reader net.Conn) { + _, err := io.Copy(writer, reader) + if err != nil { + fmt.Printf(" io.Copy error: %s", err) + } + } + + go copyConn(localConn, sshConn) + go copyConn(sshConn, localConn) + +} + +func Tunnel(username string, password string, serverAddr string, remoteAddr string, localAddr string) { + // 设置SSH配置 + fmt.Printf("%s,服务器:%s; 用户/密码: %s; 远程:%s; 本地:%s\n", "设置SSH配置", serverAddr, username+"/"+password, remoteAddr, localAddr) + config := &ssh.ClientConfig{ + User: username, + Auth: []ssh.AuthMethod{ + ssh.Password(password), + }, + Timeout: 7 * time.Second, + HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error { + return nil + }, + } + + // 设置本地监听器 + localListener, err := net.Listen("tcp", localAddr) + if err != nil { + fmt.Printf("net.Listen failed: %v\n", err) + os.Exit(1) + } + + for { + // 设置本地 + localConn, err := localListener.Accept() + if err != nil { + fmt.Printf("localListener.Accept failed: %v\n", err) + os.Exit(1) + } + + go sForward(serverAddr, remoteAddr, localConn, config) + } +} + +type user struct { + id string + host_id string + host_ip string + router_ip string + router_port string + protocol_type string + protocol_port string + state string + acc_auth_id string + auth_type string + username string + username_prompt string + password_prompt string + password string + pri_key string + creator_id string + create_time string + last_secret string +} + +func ExecCommand(strCommand string) string { + cmd := exec.Command("/bin/bash", "-c", strCommand) + + stdout, _ := cmd.StdoutPipe() + if err := cmd.Start(); err != nil { + fmt.Println("Execute failed when Start: " + err.Error()) + return "" + } + + out_bytes, _ := ioutil.ReadAll(stdout) + stdout.Close() + + if err := cmd.Wait(); err != nil { + fmt.Println("Execute failed when Wait: " + err.Error()) + return "" + } + + return string(out_bytes) +} + +func ssh_tunnel(host_ip string, host_port string, host_name string, remote_ip string, local_ip string, mysql_info string) { + + fmt.Println(host_ip, host_name, host_port) + + //"用户名:密码@[连接方式](主机名:端口号)/数据库名" + var db *sql.DB + db, _ = sql.Open("mysql", mysql_info) // 设置连接数据库的参数 + defer db.Close() //关闭数据库 + err := db.Ping() //连接数据库 + if err != nil { + fmt.Println("数据库连接失败") + // 退出 + syscall.Kill(os.Getppid(), syscall.SIGKILL) + syscall.Kill(os.Getpid(), syscall.SIGKILL) + } else { + fmt.Println("数据库连接成功") + + } + + sqlStr := "select host_ip, username, protocol_port, password from tp_acc where host_ip = ? and username = ? and protocol_port = ?" + rows, err := db.Query(sqlStr, host_ip, host_name, host_port) + if err != nil { + fmt.Printf("query failed, err:%v\n", err) + return + } + // 非常重要关闭rows释放持有的数据库链接 + defer rows.Close() + var u user + // 循环读取结果集中的数据 + for rows.Next() { + err := rows.Scan(&u.host_ip, &u.username, &u.protocol_port, &u.password) + if err != nil { + fmt.Printf("scan failed, err:%v\n", err) + return + } + fmt.Printf("%s %s %s %s\n", u.host_ip, u.protocol_port, u.username, u.password) + } + + // 解密密钥 + command := "./tp_decrypt " + command = command + u.password + strData := ExecCommand(command) + strData = strings.Replace(strData, "\n", "", -1) + fmt.Println(strData) + if strData == "" { + // 判断密码是否解密成功,不成功退出 + syscall.Kill(os.Getppid(), syscall.SIGKILL) + syscall.Kill(os.Getpid(), syscall.SIGKILL) + } + + Tunnel(host_name, strData, u.host_ip+":"+u.protocol_port, "0.0.0.0:"+remote_ip, "0.0.0.0:"+local_ip) + +} + +func StripSlice(slice []string, element string) []string { + for i := 0; i < len(slice); { + if slice[i] == element && i != len(slice)-1 { + slice = append(slice[:i], slice[i+1:]...) + } else if slice[i] == element && i == len(slice)-1 { + slice = slice[:i] + } else { + i++ + } + } + return slice +} + +func SubProcess(args []string) *exec.Cmd { + cmd := exec.Command(args[0], args[1:]...) + cmd.Stdin = os.Stdin + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + err := cmd.Start() + if err != nil { + fmt.Fprintf(os.Stderr, "[-] Error: %s\n", err) + } + return cmd +} + +const ( + DAEMON = "d" + FOREVER = "f" + HOST_IP = "h" + HOST_PORT = "p" + HOST_USER = "u" + HOST_REMOTE = "r" + HOST_LOCAL = "l" +) + +// Check if a port is available +func Check(port int) (status bool, err error) { + + // Concatenate a colon and the port + host := ":" + strconv.Itoa(port) + + // Try to create a server with the port + server, err := net.Listen("tcp", host) + + // if it fails then the port is likely taken + if err != nil { + return false, err + } + + // close the server + server.Close() + + // we successfully used and closed the port + // so it's now available to be used again + return true, nil + +} + +func GetCurrentDirectory() string { + dir, err := filepath.Abs(filepath.Dir(os.Args[0])) //返回绝对路径 filepath.Dir(os.Args[0])去除最后一个元素的路径 + if err != nil { + log.Fatal(err) + } + return strings.Replace(dir, "\\", "/", -1) //将\替换成/ +} + +func PathExists(path string) (bool, error) { + _, err := os.Stat(path) + if err == nil { + return true, nil + } + + if os.IsNotExist(err) { + return false, nil + } + + return false, err +} + +func main() { + + // 判断配置文件是否存在 + INIFILE := GetCurrentDirectory() + "/" + "tunnel.ini" + b, _ := PathExists(INIFILE) + + if !b { + INIFILE = "/etc/tunnel.ini" + } + + // 读取配置文件 + cfg, inierr := ini.Load(INIFILE) + if inierr != nil { + fmt.Printf("Fail to read file: %v", inierr) + os.Exit(1) + } + // 读取数据库连接信息 + MYSQL_INFO := cfg.Section("global").Key("MYSQL_INFO").String() + + daemon := flag.Bool(DAEMON, false, "run in daemon") + forever := flag.Bool(FOREVER, false, "run forever") + host_ip := flag.String(HOST_IP, "", "DB服务器SSH IP地址") + host_port := flag.String(HOST_PORT, "", "DB服务器SSH PORT") + host_user := flag.String(HOST_USER, "", "DB服务器SSH USER用户") + remote_port := flag.String(HOST_REMOTE, "", "DB服务器端口(如: 3306、1521 ...)") + local_port := flag.String(HOST_LOCAL, "", "本地监听端口(或者堡垒机监听端口)") + flag.Parse() + + if *daemon { + SubProcess(StripSlice(os.Args, "-"+DAEMON)) + fmt.Printf("[*] Daemon running in PID: %d PPID: %d\n", os.Getpid(), os.Getppid()) + os.Exit(0) + } else if *forever { + for { + cmd := SubProcess(StripSlice(os.Args, "-"+FOREVER)) + fmt.Printf("[*] Forever running in PID: %d PPID: %d\n", os.Getpid(), os.Getppid()) + time.Sleep(time.Second * 5) + cmd.Wait() + } + os.Exit(0) + } else { + fmt.Printf("[*] Service running in PID: %d PPID: %d\n", os.Getpid(), os.Getppid()) + } + + if 0 == 0 { + fmt.Println(*host_ip, *host_port, *host_user, *remote_port, *local_port) + + // + local_port_, _ := strconv.Atoi(*local_port) + r, _ := Check(local_port_) + //fmt.Println(r) + if r { + ssh_tunnel(*host_ip, *host_port, *host_user, *remote_port, *local_port, MYSQL_INFO) + } else { + fmt.Println(local_port_, "端口不可用!", r, "退出!") + fp, _ := os.OpenFile("./pid.log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0644) + log.SetOutput(fp) + + log.Printf("DoSomething running in PPID: %d\n", os.Getppid()) + + syscall.Kill(os.Getppid(), syscall.SIGKILL) + time.Sleep(time.Second * 10) + os.Exit(0) + } + } + + time.Sleep(time.Second * 5) + os.Exit(0) +} diff --git a/tp_decrypt/tp_decrypt.py b/tp_decrypt/tp_decrypt.py new file mode 100644 index 0000000..58b9e6a --- /dev/null +++ b/tp_decrypt/tp_decrypt.py @@ -0,0 +1,55 @@ +#!/usr/bin/python3 +# cython: language_level=3 +import base64 +import sys + +from Crypto.Cipher import AES + + +def main(): + + enc_password = sys.argv[1] + + # base64 decode + enc_bin = base64.b64decode(enc_password.encode(), validate=True) + if len(enc_bin) <= 16: + print('Error: invalid encrypted password, bad length.') + return + + # prepare key and iv + key = [0xd6, 0xb6, 0x6e, 0x3b, 0x41, 0xc4, 0x33, 0x13, 0xaa, 0x61, 0xc9, 0x47, 0x82, 0xfc, 0x84, 0x50, + 0x85, 0x53, 0x3a, 0x01, 0x97, 0x2d, 0xca, 0xba, 0x87, 0xbc, 0x27, 0x20, 0x29, 0xde, 0x87, 0x67, + ] + iv = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00] + aes = AES.new(bytearray(key), AES.MODE_CBC, bytearray(iv)) + + # do decrypt + try: + dec_bin = aes.decrypt(enc_bin) + except Exception as e: + print('Error: got exception when decrypt.') + return + + # check #pkcs7 padding + length = len(dec_bin) + pad = int(dec_bin[length-1]) + if pad > 16: + print('Error: can not decrypt, invalid encrypted data.') + return + for i in range(pad): + if dec_bin[length-i - 1] != pad: + print('Error: can not decrypt, invalid encrypted data.') + return + + # remove padding + dec_bin = dec_bin[:length-pad] + + # remove random data + dec_password = dec_bin[16:].decode() + + # output decrypted result + print(dec_password) + + +if __name__ == '__main__': + main() diff --git a/tp_decrypt/tp_decrypt.py.c b/tp_decrypt/tp_decrypt.py.c new file mode 100644 index 0000000..fe0566c --- /dev/null +++ b/tp_decrypt/tp_decrypt.py.c @@ -0,0 +1,653 @@ +char Encrypted_data[]="A09282E69616D602020202A0A372F5F5E69616D6F5F57202D3D302F5F556D616E6F5F5026696A0A0A0924627F67737371607F53656468247E696270702020202A047C65737562702465647079727365646024757074757F6023202020202A0A092825646F6365646E2D5A36313B5E69626F536564602D3024627F67737371607F536564602020202A01647164602D6F646E61627025667F6D65627023202020202A0A0D5461607D2864776E656C6A3B5E69626F536564602D302E69626F536564602020202A076E69646461607025667F6D65627023202020202A0A0E62757475627020202020202020202020202A09272E2164716460246564707972736E656024696C61667E69602C2470797273656460247F6E602E6163602A327F6272754728247E6962707020202020202020202020202A0A346160702D31202D51302D20296D2864776E656C6B5E69626F53656460266960202020202020202A0A392461607825676E6162702E69602960227F66602020202A0E627574756270202020202020202A09272E2164716460246564707972736E656024696C61667E69602C2470797273656460247F6E602E6163602A327F6272754728247E69627070202020202020202A0A3631302E30246160702669602020202A092D513D2864776E656C6B5E69626F53656468247E69602D30246160702020202A092E69626F536564682E656C602D302864776E656C602020202A076E6964646160702733736B6073202B636568636023202020202A0A0E627574756270202020202020202A09272E24707972736564602E656867702E6F6964707563687560247F67602A327F6272754728247E69627070202020202020202A0A35602371602E6F6964707563687540247075636875602020202A092E69626F536E6568247079727365646E237561602D302E69626F53656460202020202020202A0A397274702020202A04707972736564602F646023202020202A0A0929267968297162727165647972602C2342434F55444F4D4E235541402C2929756B682971627271656479726827756E6E235541402D30237561602020202A0D50303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C20303870302C203038703B502D302679602020202A0D50202020202020202020202A0C27363870302C27383870302C25646870302C29323870302C20323870302C27323870302C23626870302C27383870302C21626870302C21636870302C24623870302C27393870302C21303870302C21633870302C23353870302C2538387030202020202020202020202A0C20353870302C24383870302C23666870302C22383870302C27343870302C29336870302C21363870302C21616870302C23313870302C23333870302C24336870302C21343870302C22633870302C25663870302C26326870302C263468703B502D3029756B602020202A067960246E616029756B60256271607562707023202020202A0A0E627574756270202020202020202A09272E2864776E656C60246162602C24627F677373716070246564707972736E656024696C61667E69602A327F6272754728247E69627070202020202020202A0A3631302D3C30292E69626F536E65682E656C602669602020202A09256572745D35647164696C6166702C292825646F636E656E24627F67737371607F536E656825646F6365646436326E243635637162602D302E69626F536E65602020202A05646F636564602436356371626023202020202A0A0D513B567762716E237973702D3024627F67737371607F536E65602020202A0A0A39282E69616D602665646A0A0A0355414024727F607D69602275686079634E2F6470797273402D6F62766A0A0379737024727F607D696A0436356371626024727F607D696A033D3C6566756C6F55676165776E616C602A3E6F6864797360232A033E68FC2B73B010CD805CF9D1CE1A8C64BC2"; +int encrypted_text_len=1483; + +const char key[16] = "aixiao.me"; +#include +#include +#include +#include +#include +#include +#include +#define CBC 1 +#define CTR 1 +#define ECB 1 +#ifndef _AES_H_ +#define _AES_H_ + +#include +#include + +#ifndef CBC +#define CBC 1 +#endif + +#ifndef ECB +#define ECB 1 +#endif + +#ifndef CTR +#define CTR 1 +#endif + +#define AES128 1 +//#define AES192 1 +//#define AES256 1 + +#define AES_BLOCKLEN 16 // Block length in bytes - AES is 128b block only + +#if defined(AES256) && (AES256 == 1) +#define AES_KEYLEN 32 +#define AES_keyExpSize 240 +#elif defined(AES192) && (AES192 == 1) +#define AES_KEYLEN 24 +#define AES_keyExpSize 208 +#else +#define AES_KEYLEN 16 // Key length in bytes +#define AES_keyExpSize 176 +#endif + +struct AES_ctx { + uint8_t RoundKey[AES_keyExpSize]; +#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1)) + uint8_t Iv[AES_BLOCKLEN]; +#endif +}; + +void AES_init_ctx(struct AES_ctx *ctx, const uint8_t * key); +#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1)) +void AES_init_ctx_iv(struct AES_ctx *ctx, const uint8_t * key, const uint8_t * iv); +void AES_ctx_set_iv(struct AES_ctx *ctx, const uint8_t * iv); +#endif + +#if defined(ECB) && (ECB == 1) +void AES_ECB_encrypt(const struct AES_ctx *ctx, uint8_t * buf); +void AES_ECB_decrypt(const struct AES_ctx *ctx, uint8_t * buf); + +#endif // #if defined(ECB) && (ECB == !) + +#if defined(CBC) && (CBC == 1) +void AES_CBC_encrypt_buffer(struct AES_ctx *ctx, uint8_t * buf, size_t length); +void AES_CBC_decrypt_buffer(struct AES_ctx *ctx, uint8_t * buf, size_t length); + +#endif // #if defined(CBC) && (CBC == 1) + +#if defined(CTR) && (CTR == 1) + +void AES_CTR_xcrypt_buffer(struct AES_ctx *ctx, uint8_t * buf, size_t length); + +#endif // #if defined(CTR) && (CTR == 1) + +#endif // _AES_H_ + + +#define Nb 4 + +#if defined(AES256) && (AES256 == 1) +#define Nk 8 +#define Nr 14 +#elif defined(AES192) && (AES192 == 1) +#define Nk 6 +#define Nr 12 +#else +#define Nk 4 // The number of 32 bit words in a key. +#define Nr 10 // The number of rounds in AES Cipher. +#endif + +#ifndef MULTIPLY_AS_A_FUNCTION +#define MULTIPLY_AS_A_FUNCTION 0 +#endif + +typedef uint8_t state_t[4][4]; + +static const uint8_t sbox[256] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +}; + +#if (defined(CBC) && CBC == 1) || (defined(ECB) && ECB == 1) +static const uint8_t rsbox[256] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +}; +#endif + +static const uint8_t Rcon[11] = { + 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 +}; + +#define getSBoxValue(num) (sbox[(num)]) + +static void KeyExpansion(uint8_t * RoundKey, const uint8_t * Key) +{ + unsigned i, j, k; + uint8_t tempa[4]; // Used for the column/row operations + + for (i = 0; i < Nk; ++i) { + RoundKey[(i * 4) + 0] = Key[(i * 4) + 0]; + RoundKey[(i * 4) + 1] = Key[(i * 4) + 1]; + RoundKey[(i * 4) + 2] = Key[(i * 4) + 2]; + RoundKey[(i * 4) + 3] = Key[(i * 4) + 3]; + } + + for (i = Nk; i < Nb * (Nr + 1); ++i) { + { + k = (i - 1) * 4; + tempa[0] = RoundKey[k + 0]; + tempa[1] = RoundKey[k + 1]; + tempa[2] = RoundKey[k + 2]; + tempa[3] = RoundKey[k + 3]; + + } + + if (i % Nk == 0) { + { + const uint8_t u8tmp = tempa[0]; + tempa[0] = tempa[1]; + tempa[1] = tempa[2]; + tempa[2] = tempa[3]; + tempa[3] = u8tmp; + } + + { + tempa[0] = getSBoxValue(tempa[0]); + tempa[1] = getSBoxValue(tempa[1]); + tempa[2] = getSBoxValue(tempa[2]); + tempa[3] = getSBoxValue(tempa[3]); + } + + tempa[0] = tempa[0] ^ Rcon[i / Nk]; + } +#if defined(AES256) && (AES256 == 1) + if (i % Nk == 4) { + { + tempa[0] = getSBoxValue(tempa[0]); + tempa[1] = getSBoxValue(tempa[1]); + tempa[2] = getSBoxValue(tempa[2]); + tempa[3] = getSBoxValue(tempa[3]); + } + } +#endif + j = i * 4; + k = (i - Nk) * 4; + RoundKey[j + 0] = RoundKey[k + 0] ^ tempa[0]; + RoundKey[j + 1] = RoundKey[k + 1] ^ tempa[1]; + RoundKey[j + 2] = RoundKey[k + 2] ^ tempa[2]; + RoundKey[j + 3] = RoundKey[k + 3] ^ tempa[3]; + } +} + +void AES_init_ctx(struct AES_ctx *ctx, const uint8_t * key) +{ + KeyExpansion(ctx->RoundKey, key); +} + +#if (defined(CBC) && (CBC == 1)) || (defined(CTR) && (CTR == 1)) +void AES_init_ctx_iv(struct AES_ctx *ctx, const uint8_t * key, const uint8_t * iv) +{ + KeyExpansion(ctx->RoundKey, key); + memcpy(ctx->Iv, iv, AES_BLOCKLEN); +} + +void AES_ctx_set_iv(struct AES_ctx *ctx, const uint8_t * iv) +{ + memcpy(ctx->Iv, iv, AES_BLOCKLEN); +} +#endif + +static void AddRoundKey(uint8_t round, state_t * state, const uint8_t * RoundKey) +{ + uint8_t i, j; + for (i = 0; i < 4; ++i) { + for (j = 0; j < 4; ++j) { + (*state)[i][j] ^= RoundKey[(round * Nb * 4) + (i * Nb) + j]; + } + } +} + +static void SubBytes(state_t * state) +{ + uint8_t i, j; + for (i = 0; i < 4; ++i) { + for (j = 0; j < 4; ++j) { + (*state)[j][i] = getSBoxValue((*state)[j][i]); + } + } +} + +static void ShiftRows(state_t * state) +{ + uint8_t temp; + + temp = (*state)[0][1]; + (*state)[0][1] = (*state)[1][1]; + (*state)[1][1] = (*state)[2][1]; + (*state)[2][1] = (*state)[3][1]; + (*state)[3][1] = temp; + + temp = (*state)[0][2]; + (*state)[0][2] = (*state)[2][2]; + (*state)[2][2] = temp; + + temp = (*state)[1][2]; + (*state)[1][2] = (*state)[3][2]; + (*state)[3][2] = temp; + + temp = (*state)[0][3]; + (*state)[0][3] = (*state)[3][3]; + (*state)[3][3] = (*state)[2][3]; + (*state)[2][3] = (*state)[1][3]; + (*state)[1][3] = temp; +} + +static uint8_t xtime(uint8_t x) +{ + return ((x << 1) ^ (((x >> 7) & 1) * 0x1b)); +} + +static void MixColumns(state_t * state) +{ + uint8_t i; + uint8_t Tmp, Tm, t; + for (i = 0; i < 4; ++i) { + t = (*state)[i][0]; + Tmp = (*state)[i][0] ^ (*state)[i][1] ^ (*state)[i][2] ^ (*state)[i][3]; + Tm = (*state)[i][0] ^ (*state)[i][1]; + Tm = xtime(Tm); + (*state)[i][0] ^= Tm ^ Tmp; + Tm = (*state)[i][1] ^ (*state)[i][2]; + Tm = xtime(Tm); + (*state)[i][1] ^= Tm ^ Tmp; + Tm = (*state)[i][2] ^ (*state)[i][3]; + Tm = xtime(Tm); + (*state)[i][2] ^= Tm ^ Tmp; + Tm = (*state)[i][3] ^ t; + Tm = xtime(Tm); + (*state)[i][3] ^= Tm ^ Tmp; + } +} + +#if MULTIPLY_AS_A_FUNCTION +static uint8_t Multiply(uint8_t x, uint8_t y) +{ + return (((y & 1) * x) ^ ((y >> 1 & 1) * xtime(x)) ^ ((y >> 2 & 1) * xtime(xtime(x))) ^ ((y >> 3 & 1) * xtime(xtime(xtime(x)))) ^ ((y >> 4 & 1) * xtime(xtime(xtime(xtime(x)))))); /* this last call to xtime() can be omitted */ +} +#else +#define Multiply(x, y) \ + ( ((y & 1) * x) ^ \ + ((y>>1 & 1) * xtime(x)) ^ \ + ((y>>2 & 1) * xtime(xtime(x))) ^ \ + ((y>>3 & 1) * xtime(xtime(xtime(x)))) ^ \ + ((y>>4 & 1) * xtime(xtime(xtime(xtime(x)))))) \ + +#endif + +#if (defined(CBC) && CBC == 1) || (defined(ECB) && ECB == 1) + +#define getSBoxInvert(num) (rsbox[(num)]) + +static void InvMixColumns(state_t * state) +{ + int i; + uint8_t a, b, c, d; + for (i = 0; i < 4; ++i) { + a = (*state)[i][0]; + b = (*state)[i][1]; + c = (*state)[i][2]; + d = (*state)[i][3]; + + (*state)[i][0] = Multiply(a, 0x0e) ^ Multiply(b, 0x0b) ^ Multiply(c, 0x0d) ^ Multiply(d, 0x09); + (*state)[i][1] = Multiply(a, 0x09) ^ Multiply(b, 0x0e) ^ Multiply(c, 0x0b) ^ Multiply(d, 0x0d); + (*state)[i][2] = Multiply(a, 0x0d) ^ Multiply(b, 0x09) ^ Multiply(c, 0x0e) ^ Multiply(d, 0x0b); + (*state)[i][3] = Multiply(a, 0x0b) ^ Multiply(b, 0x0d) ^ Multiply(c, 0x09) ^ Multiply(d, 0x0e); + } +} + +static void InvSubBytes(state_t * state) +{ + uint8_t i, j; + for (i = 0; i < 4; ++i) { + for (j = 0; j < 4; ++j) { + (*state)[j][i] = getSBoxInvert((*state)[j][i]); + } + } +} + +static void InvShiftRows(state_t * state) +{ + uint8_t temp; + + temp = (*state)[3][1]; + (*state)[3][1] = (*state)[2][1]; + (*state)[2][1] = (*state)[1][1]; + (*state)[1][1] = (*state)[0][1]; + (*state)[0][1] = temp; + + temp = (*state)[0][2]; + (*state)[0][2] = (*state)[2][2]; + (*state)[2][2] = temp; + + temp = (*state)[1][2]; + (*state)[1][2] = (*state)[3][2]; + (*state)[3][2] = temp; + + temp = (*state)[0][3]; + (*state)[0][3] = (*state)[1][3]; + (*state)[1][3] = (*state)[2][3]; + (*state)[2][3] = (*state)[3][3]; + (*state)[3][3] = temp; +} +#endif // #if (defined(CBC) && CBC == 1) || (defined(ECB) && ECB == 1) + +static void Cipher(state_t * state, const uint8_t * RoundKey) +{ + uint8_t round = 0; + + AddRoundKey(0, state, RoundKey); + + for (round = 1;; ++round) { + SubBytes(state); + ShiftRows(state); + if (round == Nr) { + break; + } + MixColumns(state); + AddRoundKey(round, state, RoundKey); + } + AddRoundKey(Nr, state, RoundKey); +} + +#if (defined(CBC) && CBC == 1) || (defined(ECB) && ECB == 1) +static void InvCipher(state_t * state, const uint8_t * RoundKey) +{ + uint8_t round = 0; + + AddRoundKey(Nr, state, RoundKey); + + for (round = (Nr - 1);; --round) { + InvShiftRows(state); + InvSubBytes(state); + AddRoundKey(round, state, RoundKey); + if (round == 0) { + break; + } + InvMixColumns(state); + } + +} +#endif // #if (defined(CBC) && CBC == 1) || (defined(ECB) && ECB == 1) + +#if defined(ECB) && (ECB == 1) + +void AES_ECB_encrypt(const struct AES_ctx *ctx, uint8_t * buf) +{ + Cipher((state_t *) buf, ctx->RoundKey); +} + +void AES_ECB_decrypt(const struct AES_ctx *ctx, uint8_t * buf) +{ + // The next function call decrypts the PlainText with the Key using AES algorithm. + InvCipher((state_t *) buf, ctx->RoundKey); +} + +#endif // #if defined(ECB) && (ECB == 1) + +#if defined(CBC) && (CBC == 1) + +static void XorWithIv(uint8_t * buf, const uint8_t * Iv) +{ + uint8_t i; + for (i = 0; i < AES_BLOCKLEN; ++i) // The block in AES is always 128bit no matter the key size + { + buf[i] ^= Iv[i]; + } +} + +void AES_CBC_encrypt_buffer(struct AES_ctx *ctx, uint8_t * buf, size_t length) +{ + size_t i; + uint8_t *Iv = ctx->Iv; + for (i = 0; i < length; i += AES_BLOCKLEN) { + XorWithIv(buf, Iv); + Cipher((state_t *) buf, ctx->RoundKey); + Iv = buf; + buf += AES_BLOCKLEN; + } + /* store Iv in ctx for next call */ + memcpy(ctx->Iv, Iv, AES_BLOCKLEN); +} + +void AES_CBC_decrypt_buffer(struct AES_ctx *ctx, uint8_t * buf, size_t length) +{ + size_t i; + uint8_t storeNextIv[AES_BLOCKLEN]; + for (i = 0; i < length; i += AES_BLOCKLEN) { + memcpy(storeNextIv, buf, AES_BLOCKLEN); + InvCipher((state_t *) buf, ctx->RoundKey); + XorWithIv(buf, ctx->Iv); + memcpy(ctx->Iv, storeNextIv, AES_BLOCKLEN); + buf += AES_BLOCKLEN; + } + +} + +#endif // #if defined(CBC) && (CBC == 1) + +#if defined(CTR) && (CTR == 1) + +void AES_CTR_xcrypt_buffer(struct AES_ctx *ctx, uint8_t * buf, size_t length) +{ + uint8_t buffer[AES_BLOCKLEN]; + + size_t i; + int bi; + for (i = 0, bi = AES_BLOCKLEN; i < length; ++i, ++bi) { + if (bi == AES_BLOCKLEN) { /* we need to regen xor compliment in buffer */ + memcpy(buffer, ctx->Iv, AES_BLOCKLEN); + Cipher((state_t *) buffer, ctx->RoundKey); + + /* Increment Iv and handle overflow */ + for (bi = (AES_BLOCKLEN - 1); bi >= 0; --bi) { + /* inc will overflow */ + if (ctx->Iv[bi] == 255) { + ctx->Iv[bi] = 0; + continue; + } + ctx->Iv[bi] += 1; + break; + } + bi = 0; + } + + buf[i] = (buf[i] ^ buffer[bi]); + } +} + +#endif // #if defined(CTR) && (CTR == 1) + +static int oneHexChar2Hex(char hex) +{ + int outHex = 0; + if (isdigit(hex)) { + outHex = hex - '0'; + } else if (isupper(hex)) { + outHex = hex - 'A' + 10; + } else { + outHex = hex - 'a' + 10; + } + return outHex; +} + +static int HexString2Hex(char *inHexString, char *outHex, int count) +{ + int ret = -1; + int len = 0; + int i; + char ch1, ch2; + if (NULL == inHexString) + return -1; + len = count; + if (len < 1) + return -1; + len &= ~1; + for (i = 0; i < len; i += 2) { + ch1 = inHexString[i]; + ch2 = inHexString[i + 1]; + outHex[i / 2 + 1] = 0; + if (isxdigit(ch1) && isxdigit(ch2)) { + ch1 = oneHexChar2Hex(ch1); + ch2 = oneHexChar2Hex(ch2); + outHex[i / 2] = (ch1 << 4) | ch2; + } else { + goto EXIT; + } + } + return 0; +EXIT: + return ret; +} + +static int is_Resolver(char *shll_text, char *shbin) +{ + char *p, *p1; + char temp[270]; + + p = strstr(shll_text, "\n"); + memcpy(shbin, shll_text, p - shll_text); + + + if (0 == strncmp(shbin, "#!", 2)) + { + p1 = strchr(shbin, '/'); + strcpy(shbin, p1); + } + else if (0 == strncmp(shbin, ":", 1)) + { + strcpy(shbin, getenv("SHELL")); + } + else + { + printf("unknown shell!\n"); + return -1; + } + + memset(temp, 0, 270); + strcpy(temp, "which "); + strcat(temp, shbin); + strcat(temp, " 1> /dev/null"); + if (0 != system(temp)) // 不存在解析器 + { + printf("not found shell!\n"); + return -1; + } + return 0; +} + + +void reverse_string(char *str, int len) +{ + char *p1; + char *p2; + + p1 = str; + p2 = str + len - 1; //p2指向字符串尾地址 + if (str == NULL) { + printf("Null pointer error!"); + return; + } + while (p1 < p2) //当p1地址小于p2地址时执行循环 + { + char c = *p1; + *p1 = *p2; //完成指针指向地址的值的交换 + *p2 = c; + p1++; //交换完毕后p1指针指向下一个字符地址 + p2--; //交换完毕后p2指针指向上一个字符地址 + } + +} + +#define BUFFER_SIZE 270 + +int main(int argc, char *argv[]) +{ + char *argvs[BUFFER_SIZE]; + int l=1; + int i=4; + //static uint8_t key[16] = "aixiao.me"; + struct AES_ctx ctx; + uint8_t *Hex_string = (uint8_t *) malloc(encrypted_text_len*2); + char *shbin = NULL; + + reverse_string((char *)Encrypted_data, encrypted_text_len*2); + memset(Hex_string, 0, encrypted_text_len*2); + + + AES_init_ctx(&ctx, key); + HexString2Hex((char *)Encrypted_data, (char *)Hex_string, sizeof(Encrypted_data)); + AES_ECB_decrypt(&ctx, Hex_string); + //printf("%s\n", Hex_string); + + + shbin = (char *) malloc(BUFFER_SIZE); + memset(shbin, 0, BUFFER_SIZE); + if (-1 == is_Resolver((char *)Hex_string, shbin)) + { + goto EXIT; + } + //printf("%s\n", shbin); + + argvs[0] = argv[0]; + argvs[1] = "-c"; + argvs[2] = (char *)Hex_string; + //argvs[3] = argv[0]; + + for(i=3; i<=argc-1+3; i++) + { + argvs[i] = argv[l]; + l++; + } + /* + for (int i=0; i<=argc-1+3; i++) + { + printf("%s", argvs[i]); + } + + */ + + execvp(shbin, argvs); + + +EXIT: + free(Hex_string); + free(shbin); + + return 0; +}