This is a standalone addendum to an earlier four-part series. Reading the previous parts is not required. Links to previous parts, if you are interested: Part 0: curl > /dev/sda Part 1: Swap out the root before boot Part 2: How to pass secrets between reboots The 3rd and final part: The little chicken shed that could Part 5: you are here In a previous article, I left you with this mysterious command. curl https://astrid.tech/rkx.gz | gunzip | sudo sh What does it do? This can’t possibly be safe to run, can it? Am I distributing malware to you? Fine, fine, I’ll open it up and show you what’s inside. Reverse engineering rkx.gz First, we download it. astrid@chungus /tmp ❯ curl https://astrid.tech/rkx.gz | gunzip > rkx % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 14.31M 100 14.31M 0 0 28.16M 0 0 What kind of a file is it? astrid@chungus /tmp ❯ file rkx rkx: POSIX shell script, ASCII text executable Well, I guess I tell you to pipe…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.