简单的看过代码后,可以发现一个PYAS这款自制杀软有个漏洞
那就是只会扫描固定的后缀的文件,表格贴上
来自PYAS_Extension.py
slist = [".exe",".dll",".com",".msi",".scr",
".bat",".cmd",".ps1",".vbs",".js",
".jar",".htm",".html",".ppt",".pptx",
".pdf",".xls",".xlsx",".doc",".docx"]
alist = [".exe",".dll",".ppt",".pptx",".wps",
".pdf",".xls",".xlsx",".doc",".docx",
".jpg",".jpeg",".png",".webp",".gif",
".mp3",".wav",".aac",".ogg",".flac",
".mp4",".avi",".mov",".wmv",".mkv"]
这时候我们就会发现有点不对劲的地方了
他只会扫描这些后缀的文件 意味着什么
我们只需要绕过这些后缀名就行了
那么 我们可以输入 Win+R 用命令行打开CMD命令行
然后输入
assoc .exec=exefile
嗯,PYAS不扫描.exec的后缀 但是我们又把.exec改成了.exe的运行方式
摸鱼中
原作者:ShaShen