[RndTbl] Encrypt files/info/whatever easily.

Sean Cody sean at tinfoilhat.ca
Thu Jul 1 16:10:50 CDT 2010


And for more insanity...

Write a secret message, filter it through openssl and ship it via an HTTP proxy to a listener on host:1337.

echo << EOL | openssl aes-256-cbc -a -salt  > /tmp/ secretz.in && nc proxy:8080 -Xconnect host 1337 < /tmp/secretz.in && rm /tmp/secretz.in

Bonus points for anyone using the above to tunnel via DNS TXT records. :P
OpenSSL was being weird on my side with the client end so I'll leave that as an excursive to the reader (hint, use files or a fifo/named pipe).

If you really want to screw with your packet nazi security team...

while true; do
	openssl rand -base64 $RANDOM | awk '{s=s $0;}END{print s}'  | openssl aes-256-cbc -a -salt  > /tmp/ secretz.in && nc proxy:8080 -Xconnect host 1337 < /tmp/secretz.in && rm /tmp/secretz.in
	sleep $RANDOM
done;


On 2010-07-01, at 3:29 PM, Sean Cody wrote:

> So yeah this is normally something I would reserve for the newsletter but the inspiration hit me and I'll forget by September. :P
> 
> So say someone wants to tell you something secret or you need to write down a secret in a file but don't want it in plaintext.
> Well using the shell & openssl [installed by default on OS X and probably on Linux [I know it's default on *BSD]]...
> 
> Assuming your shell is SH derrivitive..
> 
> 
> #cat << EOL | openssl aes-256-cbc -a -salt -out secret.txt
> OMG I haz a secretz!
> EOL
> (password will be requested here)
> #
> 
> Notice I'm using what is referred to as a HEREDOC and piping it to openssl chosing the aes-256-cbc cipher.
> The -a parameter just says the input is in base64.  -salt is well salting the cipher.
> So how do you get that back?
> 
> #openssl aes-256-cbc -d -a -in secret.txt
> (password will be requested here)
> OMG I haz a secretz!
> #
> 
> In this case -d is well... decrypt.
> 
> You can replace the cat pipeline with -in somefile.txt if you want to do files themselves but this way no plaintext hits the disk (unless you shell swaps... which you have other issues then. :P).
> 
> This is awesome because you don't have to install something special (ie. truecrypt) for a quick encrypt and you can store the data set anywhere and pull it (say via wget with pipelining) from random places with openssl installed to decrypt.  Not really suggested for super secret stuff but it can be pretty handy... especially when passing around messages in a MacGyver sneaker net style situation.
> 
> -- 
> Sean
> 
> 
> 
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.mb.ca
> http://www.muug.mb.ca/mailman/listinfo/roundtable

-- 
Sean





More information about the Roundtable mailing list