抓住个黑客_攻防世界_难度五_misc_wp

题目:抓住个黑客

没做出来,看了一些资料,还是不会,以下是官方wp。

Meterpreter的默认通信协议

Values: [XOR KEY][session guid][encryption flags][packet length][packet type][ .... TLV packets go here .... ]
Size:   [   4   ][    16      ][      4       ][       4     ][     4     ][ ....          N          .... ]

用开始的4字节异或密钥对后续报文进行异或解密,得到32字节的报文头。
然后如果无加密,则是TLV报文;不然就是16自己的IV,然后是TLV报文。

def DECPAK(PKT, AES_key = None):
    PKT = PKT.decode("hex")
    PKT_dec = ""
    XOR_KEY = PKT[:4]
    #PKT_dec += p32(XOR_KEY)
    for i in range(0, len(PKT)):
        deced = chr(ord(PKT[i]) ^ ord(XOR_KEY[i % 4]))
        PKT_dec += deced

    PKT_ret={}
    PKT_ret["XOR_KEY"] = XOR_KEY
    PKT_ret["GUID"] = PKT_dec[4:4+16]
    PKT_ret["ENC_FLAGS"] = u32(PKT_dec[20:24][::-1])
    PKT_ret["PKT_LENGTH"] = u32(PKT_dec[24:28][::-1])
    PKT_ret["PKT_TYPE"] = u32(PKT_dec[28:32][::-1])
    PKT_ret["TLVS"] = []

    pos = 32
    if PKT_ret["ENC_FLAGS"] == 0:
        while pos < len(PKT_dec):
            #print PKT_dec[pos:].encode("hex")
            tlv_len = u32(PKT_dec[pos: pos + 4][::-1])
            tlv_type = u32(PKT_dec[pos + 4: pos + 8][::-1])
            tlv_content = PKT_dec[pos + 8: pos + tlv_len]
            pos += tlv_len
            PKT_ret["TLVS"].append([tlv_len, tlv_type, tlv_content])
    elif PKT_ret["ENC_FLAGS"] == 1 and AES_key != None:
        PKT_ret["IV"] = PKT_dec[pos: pos + 16]
        aes_cipher = AESCipher(AES_key, PKT_ret["IV"])
        PKT_dec = PKT_dec[ :32 + 16] + aes_cipher.decrypt(PKT_dec[32 + 16: ])
        pos += 16
        while pos < len(PKT_dec):
            #print PKT_dec[pos:].encode("hex")
            tlv_len = u32(PKT_dec[pos: pos + 4][::-1])
            tlv_type = u32(PKT_dec[pos + 4: pos + 8][::-1])
            tlv_content = PKT_dec[pos + 8: pos + tlv_len]
            pos += tlv_len
            PKT_ret["TLVS"].append([tlv_len, tlv_type, tlv_content])

    return PKT_ret

首先Meterpreter主机会向被控端发送公钥,这部分默认是不加密的,本题给了私钥,所以公钥就没有必要用了。

然后被控端根据公钥,对AES256的密钥进行加密,发送给服务端。

服务端和被控端接下来就根据IV对密文进行打乱,互相使用AES256密钥解密。

依照这个思路,我们对报文进行追踪,解密出AES256的密钥。从后往前解包查找攻击者的命令。

AES_PAK = DECPAK("2926993adf8c06b90319d8059f51ec99b401f9b42926993a292698b52926993b2926991c2927993b4a49eb5f7648fc5d4652f05b5d43c64e4550c65f4745eb435952f0554726993a290f993b2924ac0e181fac0f1110a90d1f10ab031e13ac081b16aa0f1a16a0031813af0a1f15993a2926953a2b24be3a2926983a2927913a2d24b039ec75e27c93f3e0167fb28dd2c98ea0fd2ff42887d961f4e205a619311cf4b8dd93f189d24b8eb45af277bc76cc0ea8d5a0b3332812e6c8f73cced9f1d32189311dc13c30b80ebf944228979fd974a6ce23aacf386ebb5dbc1ac414a49678e6425944edf4a56f263a9c9e2a80e4d1884b35fc8da6e68bff64d33265350bf3e2b72dc5b0f0580cc12925074fc5505c9cd250b279150b9701cf5b2666ae9d0a0722f8b72aed8ffaa51f43594ebebe13b5bcb75e8a33c8cd396445c0c9da3d5a5b862bde38f62d13afd5387a62abce70e3d4192e3e96996ceaa0d1b0c7796028bdeabfbd8eddd13576f23135e1e7b06a0057a4b07bc786394ba1cd691547fad5db3a2926953a2b269d3a2926993a2926813a2d27542832d93a2fb12d08349729256baeb187")
print AES_PAK

AES_key_enc = AES_PAK["TLVS"][3][2]

AES_key = rsa_decode(AES_key_enc, privkey_pem)

print AES_key.encode("hex"), len(AES_key)

print DECPAK("7e30af14889a3097540fee2bc847dab7e317cf9a7e30af157e30af7c7e30af144a1999b733e68b894ee6b64581a31e4f800f1e2413c6ffabc4690df0ffdf5ad592f3d3de710b43f85611c113dff2d03a4a91fc6cf046cafc37d823f986dee137e05368e717be6acbd31e87435f8bc7601dae969be7b5888050246f2f01b9cab8")

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4effd2ab4ef54b835d361e2e784b4e2e9168aa4cd074c5b434009388fb2550a98ee6d49ea108c50b1f1b6c4c17a6fa0b01cd5e04f5fe5ba536da008841f20cef4324fe752f92923ea05e1d683bf991306b6878e301a68c933579c58c47482afc576545cc3cc2610d3f2ee70a3a36404996ff877b3a7756efe57bd043ad32f04ca9a137846cfeb6f53c817f32986117c0f26fc30b60b70a1f072987c80eda747fcc5ae85da2ed3", AES_key)

print DECPAK("2926993adf8c06b90319d8059f51ec99b401f9b42926993b292699b22926993b0438eb2dc77a917a03839c6bb9f6afb8192bbf8baf251e45d7f08cb799975ab8c4661cee35f7d4c9c63b7d1607fabdd602313a66d04c4fe8570ddd650eb2e9595358f04c0e781a347ddb62027dea0a0e899709fa3eeaa238600e4abb48d28fce74817d9ce4a627d36b5ee9e9d59719e4ae246ef1d39f8468dbe5ca236dbee597", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4eddd2ab4ef54a64307198e637c0fd0dfc74aad3b1fbcd26e62d8113e05e6af14d5cf78b82c11a0761ba6e95a984da59db055e44b9d5830cf6ec34a0e7ff0686fef9472546c93cd169eebf86e933f424f8a6f116bfa447a286bed01168019eb59eb83f5d455be5bf7fe55c49db5e7752b9b3135d1a4ccb6da5ca2c37af0c9311e6e335bc57642debf54952abd91b589527436429128a062f587edf20a215bf4161253898cc89a146c92c77cc6b34dd782f97007444f674dba89901758b8a7e55f1c82c7f0f0af78b41bae90d0d008518668d7fadf570da991365e09048b70d162b0e0b281cc28df2b64e759e480fa3dab1bb8635f85237205c66d6926fd85c829921956403b454598d57a7185ec80ea7ca1a8494d3c6ed7b7580dfbaaa585f018ca8c8efd5dd15b38e9281c3fc0385312544d7f24cb0fd3e8392fce9f07501028be0b6fa656dccb9247ab9b99fd3ff8cc04199d26398ea7fb4fac7be96769c8fa5f7e0d63cc524f0699104e89c91411d5a2168bbd7b59237b65143f81107667fddc2ba0e5c5382cf4dd672950da2ee088ba8e74039e872d89e69aeca904dac87463bb691075cd888a93d07c9ca792ffc53bd25a8487389a1776ffdfc4232028ea08d5f555d7738574ddd942d95d7cc5d0b086798c991ed140c72257b039a7aa8b61727976c6cd939b3815a4e04e94bafe8d5cb69f9dc11930431207ddc03517ccfd5e4499609b87914c40be1481a5ef174a45ce0fa70e8f6a683a2975a1b6b1905613444dac3ba12e8902d41f6ba2e7c940e347a6fdade78c6560e79f2f2313a90b74af7c1137e0bb3cd9f721af2a13deade2551a4be241b095992a608fb0e5aa063a10207414c2f2c18f7272bcffe0ecac0cfa8b4c2bf2bb3232044cccecaf91ed310d07ca1c", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4ef9d2ab4ef5415d984862f64b0e891b131ecc5d2a06c8ec29332954025fa1b2807cb007edcb73bba65e5c12cb31a40db6b26a4fa05a8d3e5a67d3871228a8cd6b6f6ce75a263823fecc17be818e1bd27a4cc9d512372e5f2f58f0aea4a11bfb631ceee791e0f5682f4dd94fc8b1aa59514037a8d76ff8b8d72ca32c2a299049f9089f430e403b9c64419d1eb8b6577c440bec9a16a5c51081ad4040fa32759ef37740c20a1a3893f511b08d37926ae67abedfa4084d1c3cb97f47a130dea915cd000fb51873c", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4effd2ab4ef549568c9bca4f5201e93dbdb4852d51967a2e9b23cc1a88ce4b2a37950450a8586cde6043906b7803994a8ce6db44ede0258b2b5d29318145c26075ddb963991ad85007119e0ad4de637818aa78e8fbe14631c113894ff87aefc336a427eb6c90cfc4e8b2efb088d63c1a301381cf90270e2b7c96371530800724ed4762f963d17b9ce23ab12cc4d656fbfc999d144f5f7cedee8eb9cc56200d51bede00a242bea", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4eddd2ab4ef54e1a628a81569018cd0f5bf315d7b320e5b77b0f8b8345c79e0fc4594a74a390315f368d3c474883c2aa91a6e0573ff936f5bb5aba31790051bb71dc50bba249affef1b06d4fa9d297abbc5142c40a90d031af7e4cf885d6ad3e09bc0338a8d0e8675b7f332797ec9d87c48b37e8a2e3a75c8f80d78c3de96029eb298203090029a32a858b55714fb5a805dcd52c02734d04d04285f729285ba731207c73ee0c7c2ef52ecb3e973e787cce4fd720c83a3a221f8a98de6180c939785c52fec692acb34f3cf2a36de23a850928dd405afd0abd376c4dac3582153ea8de6e3cdf19fd4706688782e9a48b8b05c591abcc892555e2a061601f73a3498bdcbd1f1baf142a6471065d42312b48ded576689a1bb5bcdb877e8160995be495603a4405e2a2892f2b650760640286b1ad93461909518fd8392929e251157b0c5461825badfa065a42bb12b60bb7bc0fdbd62bc376b188f705e76820e832c0226f536b0c2620ab917dbebb346c9bf01c2a0c81832fed64e6f64407d3d7f051c6c8460900c50d2d8c361f57afb5958888c1bf983bd314ea54697d87ce70b9230837a98398b4d1cba073b86615712078079362f6fb1b0c80e2b25af230ce8016a0b0115607f730195f0811d21db64cc422e5b0f73d6fbcc88a0843fbdbed51db87851c940c99e4a0d72d3fa7604caf585b40b962f93cbd252373b78bbecf891975d8e152358534d999fe0008453b9f6952acccdce89d2f31021f67b5d4ae2099ff7b38d92a9f2f7541e9fcf9a89d9b8146dfbee579bfbd933ca07bb7ba04efda4c24cf5e9ca43afdd5bdaea05677fd293bcd74c31b37b24196f8e0d0be9e79831f7794ea91a52db03e8f35230ed75adbb5a0974380905b510883af3be066a03b984af5effc060", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4ef9d2ab4ef54a74abf08695adaad8be818da14b4dadc981f6157553f5d955e82e35ff422847f969300e94f38c7ec84dcc4fef465f3e62b0fbc142e3761c036cdfe4c5e7a880445ad31a51ee1112a89fec6e8693852d739fbd91d05327c0d6cda8cb26a17c3ae9b43f28774f991afb2545a69210f47d82339c219d7f7bfbd5d76c2a4a82e376ef1d2ff1142a0713b1e055bd6c6c78866e4da63c65cb6d161da9d55222c90984a6295e5b68bf4dce2ce684b9d067c02352b8f3fa457783c911a340f2b9c552fa6", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4effd2ab4ef545042629ac50792c2d9f387304e12245dcb7bc137fcf865d9548f52c1f4b4d7662a2e5b4a04ce32d51bdb99b725807534a9b288fdcce5512a4801b71d7a97de1624de6175b884a4ef080e2b8b39683a98d86cb9ff8ce0e1c1c7300fc582f2ed5d8f8a2b23b77ddb01e65e059738478f9aab61ec7e93f8f17eb1903786ae1c654edaf7ca60cd5c4d7012bffea32c54f5091952d4ddf7573efe77bda7d974bc4bb3", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4eddd2ab4ef54a0c32aa9adca2454808fa09531321b03dade8023acab14d49f4bd36589277683be8ad1f5483cff7411c3db741baca849b7647a94650614d5ca05acadffd7ead06a172d74f279bbcf94a7c1365a1f6c624ae42f39644511bcecdddd516ba7e64280b6ee9300837628b207057b3c1d67abace40bb66ea250c438daac90110725da12c7b4fdca846a84ff3c842355eb5ae9c5814a83f0266e8e304b7c18c99ee2e6dddba999ef6c16bd459f7e5e0133a89f93c139887816477b133e70e333fd2c8187c39b504d983dded4b8d2ed57124dd564ecf36212a8208864dbaa756317d084d85a54066fb1179efb7e1d2ae41d49e5f79691f83676cd6d9d9f7e69ef5be859398c00bbed2dae001f80f7e784ed3ecd37e860a1a0b7eada9cae6cd34a78fd383ffb006597de7a427cf3fe2109edbbc9bbd8a4e58b7e9137c836b0ee899e8228c536e78664cf6f1626a298b635250d1e3c8b67dc33ce96ad33d8562e7bbc2eac3b0268aaec137377fa29542af2ffb940ad168fa6bc28a24d671c71432ac557026f7bd6cb5c4a3d6295ba03f9732138b74c6c0190c6d03cc65ec7ff90dbbd6a033d3d8f464af5523ddc1eec87f4a8920204bea066b62463f7055fc3a3443eb6831e068ff7c7884534c8c961b59ab638cc2c68f996c1e04938e6b36982940470775a8d67842d62db2a8fa297057816e3c1a8494ab8d8605cd363e7b02398f9462b29d4c6ae6d054e34df2de2960da4d2ecdc03da04a8b8c0f0429f5b6d69f654f895d39d538d772a54aa99e6ff4c9f2553a8d562e67de80bb6ce6f7b64f4a15006a97f3e356201b0ec1f35cb01d8e3121658f2f07db46174c1332dcda43e11ea9aab1d6da405ddeea61ebaca8db07aab89dbc971a107144f77d1e34fa5d162da5a", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4ef9d2ab4ef547eeb277e493e9d2dad9be2f9bb47f0b6355a47223f26e74ea01c55dbd02f3a256bebb806798caae2813f140c39b000a2b8d366c28b88bf92e71ba5760993884f3661f258cac484858353a5e430f20ab1ea10e2b9d58a92d395804ac305c8620cc25a0e41c33543723871e32dd2551b740e083d9524d8ab912d7d33ebc574ac103aa3b6d960d6812a40eb371be855151846d027dac6694e01d3ce26bcb648309c721316d0baf1c167a1ff4f21181a4f45fd1bb8b4219047d7cdcbbc0befff021c", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4effd2ab4ef5416d7e52b7aafb3d98d01695ad4dad9c844c16f1f5ab9c6524bd888fa10316d0f8cc027e58ca6abac24105f2b006c5c1687ee80da56344e9915c81c88195897056dbe672a7d5ed6060ca3b079edb8bd7c7137ba8f78160c16fec5ce685439cebd31761f47527f04cf840da0cdb430e5f71f13c6bd45ee04e8aa6670c2f3265b8663c1c9b600f68afd7b943ae566f9e9bf8eab2ea9714bf1fdce89e89e522af060", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4eddd2ab4ef549ed176f02b7f872de8b1a1c09035e4c445e4eefd55f8b21766398cebdbbbac51638200564e211698faade01639890646b5a7df93dbfe2ab6fed342d53fe139f6d698075298003c873a3b394d52d5fa2db04ca3ced01e26f505a9dae196e528cf229390e572fd3c4f49712d4552f182e903e4cab21880065813920d8eb27d40a57b691a8cef7e83abaaec5b6d27b653942481771236a9e1fa96de9fa7013539f4f51a632c7d5377087c1e5ff04ece37e31be0201d8acb15f3ffea099ba7161a8b099fe436babe9ec972f5acd7b1b13c8fc63531a0e48613fe0828f70263c21af801c1cdbae91dc7f05dfd348e9120230dbbe52dfbc7d6f4ff4281a26e04d64ac17be5ffdd46c38bfd4d5f23e536bb976210e764922a9fa1a4a0d32676c2a3ae77376b0fdee2e484877cca94e36d38b7fe4370ab2cd24dd1c1daf37a3025b82c4cdd43808997fbab7ae1bbfb38039f225f238a05c7a43d75d325964cc8709d06e4a0201760bd978ae7719af4f44bde5e55bcfd4cb5e20f71fb9c2ac3bf71eb7b4552f1ea466e11218b291d2311344e72232c71286fc1b41464aff44975bda745c78ae7309c1c6cafdc22833de0585e879d8fa1257421c6372cf5d6159eb927a64b32b4a26f93e119983e1b75dcb51588d666ce3f66078a9f9ed1b843bd82a0d8ba2020869fd49ef9434610961c7d95ce2e43cdf3b4d8cf1a1eaeadcfc0deb5651a6af86cecce1ab15172160eb25c17421e65d34e4efbdd6917860610360b662aa4d7e3fa62157ab07d1e2a2af88f1387fd82df72155f0602ece0ce617215c5bef59a393e0d7cd2572d848510c5c09c78916d6240778f2d2efead1dd1795096554a8100d61bcf1a7d51e5fd22e9633d0673268745990827da0027c7812fbdefb0d1", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4ef9d2ab4ef54f6cf111c29995e8ddf9cfc68568b392a827cbd823b57a5b72e8a5befc5581afc9a3d62dc240ec020910740d3d782ec0d25232da13f1f1634569d749562e8e9c65de0016af28faa98409554e21b7932eb5587670935ddc66138139828832adb339b6e390090432eb4ea1f292ad9918345903aae300c1ece3e8e04b19d3a95856d908975f370b4e4dbb054f7d2b62325e95578df134e23e15478855f5015318f78d6e5cf9ea0808207153432f12f6c916dba4d73a5b603abd5944ff81873278e0c", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4effd2ab4ef548a457a00a50fdd743b833ace6e884f5e1ee7d93e1d5465013006b47661b78a31cb121fddc9cad7539a91d2f876775063efb3517bcadb658160ec961b4482cd1ef4ac797936a9061a48318c67ff7e5d2055f8d2b0e7e5fbca0fef43935e23afe3daaee2c0400d950f96c2a41e3a36dc82b6f02f8ce2031d95fee1c4129e3b11e352afa470bc219fd9ebc0f70cec328071cd9ee9c423559debc72a4b82997bcf72", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4eddd2ab4ef5417935c499443c593861b309077d9bde14d10e835529bf1ae2d48cf5eb8732fe500780aef921e1e4c9d42400ef3aa0d8642e9a53a17cc4115093bdfe64b15af6ddb9ba8a928e8aee3c693712a25cc9776956dd2bd88e2eb1b340e49c7c06004025d4018b5cb963edb72d36335c0e46599684bbacba9be975919d374cf36f8036bc85dc7b6eb28f2db271d89f2a6884850fba6a4223a607cfc6ea27ad5967fbf111193c80dc5651e5875bdde2590d3759c6229012c82f571bac7e9c34278a2c6510c5440a563282078f75437a6b83a2795628747c8a42cd1962d5892a301f240fa0ab2ff2ffdc37fd9c31681c7be58bb211fa2a65656612936aee9610785fba11a8fb5eeffecffd28da7257a06147b8b3f7b4840b9e14ff58a62de5d895a72192db8da9bc8eab0018dba287c2259a2424ef2c07320ecf8333bad402ed073fdfec3a9074e4ac483adffaae6827363292969b0a8b667ce87608c280eea0d588636862e7c685a1098c4cfe5be6ced796dcb68a13dc8d627c0a1507f29118c873538eca45775ff552df3caeeffd83dda2b690c577a4ac2a6b2ee1fb6292f30b92f653817b1347a2511f4ce6b16b8b326561788207153b8e34abe2c01f18084c39d8d112f30abba79c18fd41364dc6569700ba8e50bfd3698c364c980185e41983b5b8a2123e05c8d2d20e8ff344d45eba3a696c168a41828e89dfd52b933ae2fda939115e33388f8d001f222968cdff85014df2a13012e8ed2de7b7e344016a31fe040c4f499b11405331825d792889f6ff88de901bb22c63b3b2ed03230f466dcfd266b9de98a9555e55612be2488cd4725d8dbc082821d5de0579c71755d2f1546e88eb20a0f4bfd15d6ee97a560e73fd9a428af958e2d8f4359ddb89de5d02e387a", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4ef9d2ab4ef54673f20ea63ed7dcee5ad41191624f11654116ea6e529188198f3d8c99fb8c7a4cd02d95c775fcd228293c4e07f457fff20f4dd86beecd707729f7e320557c541568e499880bd3d60edd8d517ef847314fa92add61d1ebad74bb38fe874defc674d5c0a185089963ec494879a56af9fd814a476e41e057c4c1a00a9d1f69e1b7c45bbb769791636ae9a42514c366eee52f9f5346c92c6fa9138845f0c3eaf3a30f3f71c048ee4f9fd3e5dec452cde0bf13794ad43c7c7334c1b841294ed61d3bc", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4effd2ab4ef54bf7b08dd116835468ca87c273505a310dab1059bfd1ba816574d1e3f35f8429788dccf3848b0872bfc5b5d149ca192532ee30b2291bb57fca70ed1fb4f7653445f1c373a74f0e324ea23efdf3c3be17aa51821c4fac4a2b26f73f7ac306ad49b7cbaf5edbdd2e9962a1ee0d3127ae049a5823e8f2ab88879dbb679f37323e1497fdea2d807af51c94a7f8a9a27dbffcc65ee8778848a5315a994b9a7c71c914d", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4efcd2ab4ef543db8b8d5acda5a1235b3ad7d07db722102cd9e53750cef7e31131b2d59afa2206d5adc9c877d8ea88bef37dfdff1ffe46e42443d29429793ab306042ee0b2173de2b24e750a0ec61eae0fb8dc5ba0c9961330cfc253aa550022cbf03120d8561e96d54ff94e08ca352d1c069065caceb101e16845fe69db34893f8cb9f3c1e7749b573c1e3f4f2caf2486620cab399fd", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4efdd2ab4ef54e28b751ce10cff077f8445dfe8ddc32363ccef83833a6e9c72f75026116d0253b77e884b483db4b28ab58a9397911ed8afd892a938b4eaee9806d96c070f1f1e587bca16e8e8e16e2b2af5a530e84cc95221f13ce3c66b391318c11f6740bb16d7216dbf70004cbdf4e451b13cb70223235f7e63a33d32c631f512bd5ca7511b", AES_key)

print DECPAK("2ab4ef55dc1e70d6008bae6a9cc39af6b7938fdb2ab4ef542ab4ef8d2ab4ef549df15c8d63e084ea41796e1080c422c10c4af26c0b5563cb3058bd6e4aa3f2cc22de1c6edf7e6468ad7e1ff8fa11bd0d2955218906c89bc9c1aca68485ba41d6c1363d26e1ca77e379eede5843a78cf2890a4a4d48d532564d081638df298d10b5b8e57b4714d29993407e26b857a054f18cbba0769a9d7a3ab9b2fc503b9b4e0f13e3e0e4086d9def861eb75b54df80426839c540b6836702d3585c1d11b1fcc1f56d6a2a58bee99fa22ea3792bd764075cdd0bfe11d2a7953c9174210b35afc3a38ab0ff13abebf06b74046bc902df", AES_key)

发现攻击者对目录进行了罗列,出现关键词flag.txt

{'PKT_TYPE': 1, 'TLVS': [[24, 65537, 'stdapi_fs_getwd\x00'], [41, 65538, '35193328683991905719198692993325\x00'], [28, 66736, 'C:\\Users\\PC\\Desktop\x00'], [12, 131076, '\x00\x00\x00\x00'], [24, 262605, '\x12\x1b\xff\xa3\x15\x98\x0b\x91\x0e\xbe\x0f\xbcQ\x87\x97\x1e']], 'PKT_LENGTH': 168, 'IV': '\xa0\xf1\x95U\x8f\xbb2!\x117\xd5\x9bD<\xa0\x0b', 'XOR_KEY': '*\xb4\xefU', 'ENC_FLAGS': 1, 'GUID': "\xf6\xaa\x9f\x83*?A?\xb6wu\xa3\x9d'`\x8e"}
{'PKT_TYPE': 1, 'TLVS': [[21, 65537, 'stdapi_fs_ls\x00'], [41, 65538, '92992205236495284461596905472999\x00'], [10, 66737, '.\x00'], [30, 66738, 'C:\\Users\\PC\\Desktop\\.\x00'], [9, 66741, '\x00'], [72, 2147484869, '\x00\x00\x00\x00mA\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00C\x999_\x00\x00\x00\x00C\x999_\x00\x00\x00\x00\x0f\x18._\x00\x00\x00\x00'], [11, 66737, '..\x00'], [31, 66738, 'C:\\Users\\PC\\Desktop\\..\x00'], [9, 66741, '\x00'], [72, 2147484869, '\x00\x00\x00\x00\xffA\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x19\x18._\x00\x00\x00\x00\x19\x18._\x00\x00\x00\x00\x0f\x18._\x00\x00\x00\x00'], [20, 66737, 'desktop.ini\x00'], [40, 66738, 'C:\\Users\\PC\\Desktop\\desktop.ini\x00'], [9, 66741, '\x00'], [72, 2147484869, '\x00\x00\x00\x00\xb6\x81\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x01\x00\x00\x00\x00\x00\x00\x18\x18._\x00\x00\x00\x00\x1a\x18._\x00\x00\x00\x00\x18\x18._\x00\x00\x00\x00'], [17, 66737, 'flag.txt\x00'], [37, 66738, 'C:\\Users\\PC\\Desktop\\flag.txt\x00'], [9, 66741, '\x00'], [72, 2147484869, '\x00\x00\x00\x00\xb6\x81\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x005\x00\x00\x00\x00\x00\x00\x00?\x999_\x00\x00\x00\x00\x80\x999_\x00\x00\x00\x00?\x999_\x00\x00\x00\x00'], [12, 131076, '\x00\x00\x00\x00'], [24, 262605, '\x12\x1b\xff\xa3\x15\x98\x0b\x91\x0e\xbe\x0f\xbcQ\x87\x97\x1e']], 'PKT_LENGTH': 648, 'IV': "='\xb3\x1c\xbe\xf7*\xc6\xac\xaf\xdf\xc5]mR\xb4", 'XOR_KEY': '*\xb4\xefU', 'ENC_FLAGS': 1, 'GUID': "\xf6\xaa\x9f\x83*?A?\xb6wu\xa3\x9d'`\x8e"}
{'PKT_TYPE': 1, 'TLVS': [[23, 65537, 'stdapi_fs_stat\x00'], [41, 65538, '81395400468542538926467524183079\x00'], [72, 2147484869, '\x00\x00\x00\x00mA\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00C\x999_\x00\x00\x00\x00C\x999_\x00\x00\x00\x00\x0f\x18._\x00\x00\x00\x00'], [12, 131076, '\x00\x00\x00\x00'], [24, 262605, '\x12\x1b\xff\xa3\x15\x98\x0b\x91\x0e\xbe\x0f\xbcQ\x87\x97\x1e']], 'PKT_LENGTH': 200, 'IV': 'M\x8b\xcf\xbfIY\x92\x9b\xcf\x19\xaeL<\x90\x1eC', 'XOR_KEY': '*\xb4\xefU', 'ENC_FLAGS': 1, 'GUID': "\xf6\xaa\x9f\x83*?A?\xb6wu\xa3\x9d'`\x8e"}
{'PKT_TYPE': 1, 'TLVS': [[24, 65537, 'stdapi_fs_getwd\x00'], [41, 65538, '65703151916968344032521729631525\x00'], [28, 66736, 'C:\\Users\\PC\\Desktop\x00'], [12, 131076, '\x00\x00\x00\x00'], [24, 262605, '\x12\x1b\xff\xa3\x15\x98\x0b\x91\x0e\xbe\x0f\xbcQ\x87\x97\x1e']], 'PKT_LENGTH': 168, 'IV': '\x95\xcf\xe7\x88;\xdc\xda\x13\xa6\x1c\x93r\x1f\xb1LE', 'XOR_KEY': '*\xb4\xefU', 'ENC_FLAGS': 1, 'GUID': "\xf6\xaa\x9f\x83*?A?\xb6wu\xa3\x9d'`\x8e"}
{'PKT_TYPE': 1, 'TLVS': [[27, 65537, 'core_channel_close\x00'], [41, 65538, '58287235164616228196360033701482\x00'], [12, 131122, '\x00\x00\x00\x01'], [12, 131076, '\x00\x00\x00\x00'], [24, 262605, '\x12\x1b\xff\xa3\x15\x98\x0b\x91\x0e\xbe\x0f\xbcQ\x87\x97\x1e']], 'PKT_LENGTH': 152, 'IV': '\x17\x0cW\x80\x86n\xb5G\x1f\x07B(-o\x9dt', 'XOR_KEY': '*\xb4\xefU', 'ENC_FLAGS': 1, 'GUID': "\xf6\xaa\x9f\x83*?A?\xb6wu\xa3\x9d'`\x8e"}
{'PKT_TYPE': 1, 'TLVS': [[25, 65537, 'core_channel_eof\x00'], [41, 65538, '68965028063958896069137527866199\x00'], [9, 524300, '\x01'], [12, 131076, '\x00\x00\x00\x00'], [24, 262605, '\x12\x1b\xff\xa3\x15\x98\x0b\x91\x0e\xbe\x0f\xbcQ\x87\x97\x1e']], 'PKT_LENGTH': 136, 'IV': '\xc8?\x9aI\xcb\xb8\x10RU0\xaa\x8a\xc2i,v', 'XOR_KEY': '*\xb4\xefU', 'ENC_FLAGS': 1, 'GUID': "\xf6\xaa\x9f\x83*?A?\xb6wu\xa3\x9d'`\x8e"}
{'PKT_TYPE': 1, 'TLVS': [[26, 65537, 'core_channel_read\x00'], [41, 65538, '51236609532627967781124094944166\x00'], [61, 262196, 'flag{Meterpreter_Has_A_Greater_Enc_Method_Than_Shell}'], [12, 131097, '\x00\x00\x005'], [12, 131122, '\x00\x00\x00\x01'], [12, 131076, '\x00\x00\x00\x00'], [24, 262605, '\x12\x1b\xff\xa3\x15\x98\x0b\x91\x0e\xbe\x0f\xbcQ\x87\x97\x1e']], 'PKT_LENGTH': 216, 'IV': '\xb7E\xb3\xd8ITk\xbfk\xcd\x81E\xaap\xcd\x94', 'XOR_KEY': '*\xb4\xefU', 'ENC_FLAGS': 1, 'GUID': "\xf6\xaa\x9f\x83*?A?\xb6wu\xa3\x9d'`\x8e"}

继续查找就可以发现flag.txt内容。

flag{Meterpreter_Has_A_Greater_Enc_Method_Than_Shell}

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 3
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值