Stuck, what's the problem?
YMXZ opened this issue ยท 2 comments
[root@VM_169_52_centos ~]# ./unsh.sh vpn7.sh.x -o sbw
which: no gcc in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
| | | | / | | | |
| | | | __ \ --.| |_| | ___ | | | | '_ \--. \ _ |/ |
| |_| | | | /**/ / | | | (
_/|| |**/| |/___|
--- UnSHc - The shc decrypter.
--- Version: 0.5
UnSHc is used to decrypt script encrypted with SHc
Original idea from Luiz Octavio Duarte (LOD)
Updated and modernized by Yann CAM
- SHc : [http://www.datsi.fi.upm.es/~frosal/]
- UnSHc : [https://www.asafety.fr/unshc-the-shc-decrypter/]
[] Input file name to decrypt [vpn7.sh.x]
[+] Output file name specified [sbw]
[+] ARC4 address call defined : [0x400c10]
[] Extracting each args address and size for the 14 arc4() calls...
[0] Working with var address at offset [0x611687](0x2a bytes)
[1] Working with var address at offset [0x6019e1](0x1 bytes)
[2] Working with var address at offset [0x6116b3](0xa bytes)
[3] Working with var address at offset [0x61151b](0x3 bytes)
[4] Working with var address at offset [0x611672](0xf bytes)
[5] Working with var address at offset [0x611682](0x1 bytes)
[6] Working with var address at offset [0x611701](0x16 bytes)
[7] Working with var address at offset [0x611717](0x16 bytes)
[8] Working with var address at offset [0x6116be](0x13 bytes)
[9] Working with var address at offset [0x61166e](0x1 bytes)
[10] Working with var address at offset [0x6019e0](0x1 bytes)
[11] Working with var address at offset [0x60465c](0xc14e bytes)
Hello,
As I can see from your UnSHc output provided, your distribution (CentOS 6? 7?) doesn't have GCC installed.
UnSHc requires GCC to compile a C source code, then execute the binary to finally obtain the unencrypted *.sh.x source code.
So you need to install GCC on your server :
Sincerely,
Thank you very much! Problem has been solved!