Taking Your Work Home After Work
by GerbilByte
So there I was.
I was drafted in to work for a small company (who shall remain nameless, but for this article we will call the company Bumble Bee Internet Security Services) for several months. At the end, as well as a juicy pay-check, I realized that I had written a load of little scripts that I wanted to keep.
I zipped up my folder of goodies to email to myself and encrypted it for obvious reasons then attached it to an internal email to send it.
DENIED!
Bumble Bee Internet Security Services (BBISS from now on) was a company whose email systems were in "lock-down" and they had mega security implemented all over the place, you couldn't even send an email with a swear word without a "digital complaint!"
Instead I tried to open my Yahoo! Mail email account to add it as an attachment, as I knew Yahoo! Mail wouldn't complain.
DENIED!
I changed the file extension and tried again.
DENIED!
Yahoo! Mail didn't complain, but the bloody monitoring system of BBISS bloody well did!!! How frustrating!!!
With a bit of a social engineering chat with the systems admin, I realized that the monitoring systems blocked all encrypted content as it couldn't be scanned, and all .ZIP, .GZ, .EXE, .SH, .PL, etc. files are also blocked due to... obvious reasons!
"Hmmmm!" I thought, as I often do in these circumstances. "How do I get around this?"
I went back to my internal email account, as I knew my email's signature included the BBISS' logo which was a .JPG (JPEG).
"Aha!" I thought. For obvious reasons. But due to lock-down I didn't want to use the email systems due to 'tracing' and prevention of any future employment with BBISS. "Are the same monitoring systems used for outbound files?" I wondered.
Going back to my Yahoo! Mail account, I attached a JPEG to an email and it got uploaded.
BINGO!!!!! :) :) :)
"So what did you do next Gerb?" I hear you ask.
Part One - Saving The DataWell, what I did was a very simple task and very easy to do. Let me talk you though it in steps, boys and girls, as it will make more sense that way. By the way, despite being an Internet security company, BBISS used Windows. For unobvious reasons.
1.) Grab a normal JPEG file from somewhere. I used the JPEG from the internal email signature. Place this in a folder to keep things easy and separate. We will call this file: piccy.jpg
2.) To the same folder, copy the encrypted .ZIP file. We will call this file: scripts.zip
3.) Open up a Command Prompt (or command, depending on Windows flavor) prompt and CD to the required folder. Then run the following command: COPY piccy.jpg /B + scripts.zip /B combined.jpg
What have I done here?
Well, Microsoft have been really nice and allowed the stringing together of files into a single file using the COPY command. I have used this to create a single file that consists of a .JPG file and an encrypted .ZIP file.
Back to Yahoo! Mail.
My next step was to try and attach this file to an empty email.
Excellent!!!
The file was now in my draft email and now saved.
Logging out of Yahoo! Mail then back in allowed me to confirm that my "loaded" JPEG file was there in my Drafts email. Excellent news! I didn't even get a single electronic complaint!
So what was my next step?
Part 2 - Recovering the DataWhen I got home I opened my Yahoo! Mail account, opened the draft email, and saved the combined.jpg to a folder on my Ubuntu machine. Back to using real computing power!
My task now was to split the file into two: piccy.jpg and scripts.zip
I wasn't actually interested in extracting the JPEG file so I needed a way of extracting the scripts.zip file which was the second part of the file. Which makes it harder, as I didn't know where the start of the second file began!
So how did I go about this? Well...
Perl is a fantastic scripting language that allows you to do anything. If you don't know Perl, learn it. Seriously, learn it. Your life will be much enhanced once you've learned it! Trust me on this.
Using Perl, I quickly wrote the following script:
#!/usr/bin/perl use strict; my $bytesToIgnore = $ARGV[0]; my $bytesRead = 0; my $fileName = $ARGV[1]; my $fileOut = $ARGV[2]; if ($#ARGV != 2){ print "\nUsage:\n extract.pl <bytes to ignore> <source> <dest>\n\n"; } print "Extracting $fileOut\nIgnoring $bytesToIgnore bytes from $fileName...\n"; open FILE, "<:raw", $fileName or die "Couldn't open $fileName!"; open FILE2, ">:raw", $fileOut or die "Couldn't open $fileOut!"; binmode FILE; binmode FILE2; my ($buf, $data, $n); while (($n = read FILE, $data, 1) != 0) { $bytesRead++; if($bytesRead > $bytesToIgnore) { print FILE2 $data or die "Error writing $fileOut!"; } } close FILE; close FILE2; print "$fileOut has been created.\n\n *** 2014 GerbilByte ***\n\n";To run the script you have to run it as follows with the following parameters:
What the script does is runs down the source file and ignores the first X amount of bytes (X being the file-size parameter, the size of the "real" JPEG image). Once it has skipped these bytes, the rest of the file is then read and copied to the destination file (destination_file.zip).
This is the one we want! And it works!
If the example command above was run to run, then you will end up with a file called destination_file.zip.
Have a look at it. Open it. Read one of the files in there. Unzip it. Do whatever you want with it! Whatever you do, you will be asked for your password to unencrypt your file!
That means one thing, you've successfully extracted your encrypted .ZIP file! Well done you. Give yourself a round of applause.
And there you have it. How to take your work home after work. Obviously don't try this with sensitive data or anything as, depending on your employer's rules and work ethics, you will still be liable for disciplinary action or even prosecution, so be wise.
Now go to celebrate by having a beer. Unless you are a kid, in which case have a glass of milk! :)
Enjoy yourself and be safe.
Code: extract.pl