解密
现在很多的php代码都进行了各种各样的加密造成我审计的时候很尴尬,花钱去解密?貌似有点不值得(关键尼玛穷呀)。于是琢磨了一下,发现了一个还不错的解密站点,写一个批量解密感觉棒棒哒
#!/usr/bin/env python
#-*- coding:utf-8 –*-
import urllib2
import urllib
from sys import *
import os.path
import hashlib
import time
import json
Const_Image_Format = [".php"]
class FileFilt:
fileList = [""]
counter = 0
def __init__(self):
pass
def FindFile(self,dirr,filtrate = 1):
global Const_Image_Format
for s in os.listdir(dirr):
newDir = os.path.join(dirr,s)
if os.path.isfile(newDir):
if filtrate:
if newDir and(os.path.splitext(newDir)[1] in Const_Image_Format):
self.fileList.append(newDir)
self.counter+=1
else:
self.fileList.append(newDir)
self.counter+=1
def upload(spath):
dirr,filename=os.path.split(spath)
m = hashlib.md5()
m.update(filename)
token = m.hexdigest()
boundary = 'gL6GI3GI3GI3KM7Ij5GI3ae0Ij5KM7'
data = []
data.append('------------%s' % boundary)
data.append('Content-Disposition: form-data; name="%s"\r\n' % 'Filename')
data.append('%s'%(filename))
data.append('------------%s' % boundary)
data.append('Content-Disposition: form-data; name="%s"\r\n' % 'token')
data.append('%s'%(token))
data.append('------------%s' % boundary)
data.append('Content-Disposition: form-data; name="%s"\r\n'% 'timestamp')
data.append('%d'%(time.time()));
data.append('------------%s' % boundary)
fr=open(spath,'rb')
data.append('Content-Disposition: form-data; name="Filedata"; filename="%s"' %(filename) )
data.append('Content-Type: %s\r\n' % 'application/octet-stream')
data.append(fr.read())
fr.close()
data.append('------------%s\r\n' % boundary)
data.append('Content-Disposition: form-data; name="%s"\r\n'% 'Upload')
data.append('Submit Query');
data.append('------------%s--\r\n' % boundary)
http_url='http://dezend.qiling.org/decode/upload.html?ajax=1'
http_body='\r\n'.join(data)
#buld http request
req=urllib2.Request(http_url, data=http_body)
#header
req.add_header('Content-Type', 'multipart/form-data; boundary=----------%s' % boundary)
req.add_header('User-Agent','Mozilla/5.0')
#req.add_header('Referer','http://junxinsheng.com/upfileform.asp')
#post data to server
resp = urllib2.urlopen(req, timeout=5)
#get response
qrcont=resp.read()
download(json.loads(qrcont)['result']['file'],dirr,filename)
def download(Files,Dir,filename):
url = 'http://dezend.qiling.org/decode/download.html?file=%s' % (Files)
request= urllib2.Request(url)
request.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6')
opener = urllib2.build_opener()
f=opener.open(request)
data=f.read()
with open(Dir+'/de.'+filename, "w+") as code:
code.write(data)
def main():
dirr=argv[1]
File = FileFilt()
File.FindFile(dirr = dirr)
for filename in File.fileList:
if filename:
upload(filename)
pass
if __name__ == '__main__':
main()