程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

Python reverse Eval function analysis. You can read an article and take charge of the case

編輯:Python

List of articles

    • ️ Actual combat scene
    • ️ Encryption parameter finding process

️ Actual combat scene

The target site of this blog is 【 Take charge and buy a good house 】 Login page encryption logic , Visit in advance http://eip.chanfine.com/login.jsp Do some interface analysis .


Write an account and password randomly , Test encryption interface .

  • account number :15012341234
  • password :123456

The interface parameters viewed through the developer tool are as follows .

  • Request URL : http://eip.chanfine.com/j_acegi_security_check
  • Request method : POST

The encrypted location is shown as follows .

  • j_username: 15012341234
  • j_password: 䐵 Artisan 䴵 N3IRFNdustKHXjJ5PDrZIQ==
  • j_redirectto:

One of the more important things is j_password, The position we want to parse is also here .

️ Encryption parameter finding process

Direct global search for keywords j_password You can query the corresponding value .

Directly locate in the search results desEncrypt Function position , Get the following .

Move the mouse to the encryption function position , Find out VM Related content , Here, we can preliminarily guess that it uses eval Function encryption .


Jump directly to the corresponding code section , In fact, the relevant logic has been obtained , Refer to the following code Python The code can complete the task , But this is the same as when we started learning eval Contrarian contradiction .

function desEncrypt(value, xForm, type) {

if (_0(xForm)) {

return value;
} else {

var keyObj = {
};
if (type == null || "aes" == type.toLowerCase()) {

keyObj = SECURITYKEY.get();
value = CryptoJS.AES.encrypt(value, CryptoJS.enc.Utf8.parse(keyObj.key), {

iv: CryptoJS.enc.Utf8.parse(keyObj.iv),
}).toString();
} else {

keyObj = SECURITYKEY.get("des");
value = CryptoJS.DES.encrypt(value, CryptoJS.enc.Hex.parse(keyObj.key), {

iv: CryptoJS.enc.Hex.parse(keyObj.iv),
});
}
return keyObj.security + value;
}
}

Extract keywords from the above code SECURITYKEY, Retrieve again in the global code .


The real location of the encryption function is found in the results , And obviously eval trace .

Now that the source of the code has been found , Then you can find an online decryption tool , Just implement the resolution .


You are reading 【 Dream eraser 】 The blog of
Finished reading , You can praise it with a little hand
Find the error , Correct it in the direct comment area
The second part of the eraser 685 Original blog

From the date of order , Case study 5 Guaranteed renewal during the year

  • ️ Python Reptiles 120, Click to order ️
  • ️ Reptiles 100 Example tutorial , Click to order ️

  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved