def bytes_2_encoding(self, data, encoding):
if encoding == 'UTF8':
data = force_text(data)
elif encoding == 'Hex':
data = binascii.b2a_hex(data)
elif encoding == 'Base64':
data = b64encode(data)
else:
data = force_text(data)
if isinstance(data, bytes):
data = text_type(data)[2:-1]
return data
def long_2_encoding(cls, data, encoding):
data = long_to_bytes(data)
if encoding == 'UTF8':
data = force_text(data)
elif encoding == 'Hex':
data = binascii.b2a_hex(data)
elif encoding == 'Base64':
data = b64encode(data)
elif encoding == 'Decimal':
data = bytes_to_long(data)
else:
data = force_text(data)
if isinstance(data, bytes):
data = text_type(data)[2:-1]
return data
def png_check(self):
if self.file_type == 'png':
logger.info('\n--------------------')
logger.info('run pngcheck')
cmd = 'pngcheck -vv %s' % self.file_path
stdout = self.run_shell_cmd(cmd)
logger.info(stdout)
if 'CRC error' in stdout:
self.result_list.append('[*] PNG 文件 CRC 错误,请检查图片的大小是否有被修改')
out_list = stdout.split('\n')
last_length = None
for t in out_list:
t = t.strip()
t = force_text(t)
if t.startswith('chunk IDAT'):
try:
length = int(t.split(' ')[-1])
if last_length is not None and last_length < length:
self.result_list.append('[*] PNG 文件尾部可能附加了数据')
break
else:
last_length = length
except:
pass
def caidao_decode(data, *args, **kwargs):
p = PrintCollector()
data_dict = query_str_2_dict(data.strip())
d = {}
for k, v in data_dict.items():
v = unquote(v)
try:
x = force_bytes(v)
missing_padding = len(v) % 4
if missing_padding != 0:
x += b'=' * (4 - missing_padding)
d[k] = force_text(base64.decodebytes(x))
except Exception as e:
print(e)
d[k] = v
z0_raw = ''
if 'z0' in d:
z0_raw = d['z0']
d['z0'] = ';\n'.join(d['z0'].split(';'))
for k, v in d.items():
value = '{}:\n{}\n'.format(k, v)
p.print(value)
if k == 'z0':
if value != 'z0:\n{}\n'.format(z0_raw):
p.print('z0_raw:\n{}\n'.format(z0_raw))
return p.smart_output()
def smart_text(s):
try:
if isinstance(s, str) or isinstance(s, bytes):
s = force_text(s)
else:
s = text_type(s)
except:
s = text_type(s)
if isinstance(s, bytes):
s = text_type(s)
return s
def png_check(self):
if self.file_type == 'png':
logger.info('\n--------------------')
logger.info('run pngcheck')
cmd = 'pngcheck -vv %s' % self.file_path
stdout = self.run_shell_cmd(cmd)
logger.info(stdout)
if 'CRC error' in stdout:
self.result_list.append('[*] PNG 文件 CRC 错误,请检查图片的大小是否有被修改')
pattern = r'\(computed\s([0-9a-zA-Z]{8})\,\sexpected\s([0-9a-zA-Z]{8})\)'
keywords = ['flag', 'synt']
for line in stdout.splitlines():
r = re.search(pattern, line)
if not r:
continue
for t in r.groups():
try:
x = hex2str(t)
if x.lower() in keywords:
logger.warning('检测到 flag 特征数据,{} -> {}'.format(
t, x))
except:
pass
out_list = stdout.split('\n')
last_length = None
for t in out_list:
t = t.strip()
t = force_text(t)
if t.startswith('chunk IDAT'):
try:
length = int(t.split(' ')[-1])
if last_length is not None and last_length < length:
self.result_list.append('[*] PNG 文件尾部可能附加了数据')
break
else:
last_length = length
except:
pass