免费的网站模板哪里有,引擎优化是什么工作,网站敏感关键词,免费推广网站注册入口还是正常的HTTP流量 既然是webshell一定是看POST流量 对每一个进行追踪tcp流 最终发现 在 流9 (tcp.stream eq 9)存在 base32 --base64的流量的加密逻辑
import base64import libnum
from Crypto.PublicKey import RSApubkey -----BEGIN PUBLIC KEY…还是正常的HTTP流量 既然是webshell一定是看POST流量 对每一个进行追踪tcp流 最终发现 在 流9 (tcp.stream eq 9)存在 base32 --base64的流量的加密逻辑
import base64import libnum
from Crypto.PublicKey import RSApubkey -----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK/qv5P8ixWjoFI2rzF62tm6sDFnRsKsGhVSCuxQIxuehMWQLmv6TPxyTQPefIKufzfUFaca/YHkIVIC19ohmE5X738TtxGbOgiGef4bvd9sU6M42k8vMlCPJp1woDFDOFoBQpr4YzH4ZTR6PsHP8VEIJMG5uiLQOLxdKdxi41QIDAQAB
-----END PUBLIC KEY-----
prikey -----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIrq/k/yLFaOgUjavMXra2bqwMWdGwqwaFVIK7FAjG56ExZAua/pM/HJNA958gq5/N9QVpxr9geQhUgLX2iGYTlfvfxO3EZs6CIZ5/hu932xTozjaTy8yUI8mnXCgMUM4WgFCmvhjMfhlNHoz4c/xUQgkwbm6ItA4vF0p3GLjVAgMBAAECgYBDsqawT5DAUOHRft6oZ//jsJMTrOFu41ztrKkbPAUqCesh4R1WXAjY4wnvY1WDCBN5CNLLIo4RPuli2R81HZ4OpZuiHv81sNMccauhrJrioDdbxhxbM7/jQ6M9YajwdNisL5zClXCOs1/y019vDiMDk0kX8hiIYlpPKDwjqQQJBAL6Y0fuoJng57GGhdwvN2c656tLDPj9GRi0sfeeMqavRTMz6/qea1LdAuzDhRoS2Wb8ArhOkYns0GMazzc1q428CQQC6sM9OiVR4EV/ewGnBnF0p3alcYr//Gp1wZ6fKIrFJQpbHTzf27AhKgOJ1qB6A7P/mQS6JvYDPsgrVkPLRnX7AkEAr/xpfyXfB4nsUqWFR3f2UiRmx98RfdlEePeo9YFzNTvX3zkuo9GZ8e8qKNMJiwbYzT0yft59NGeBLQ/eynqUrwJAE6Nxy0Mq/Y5mVVpMRababeMBY9SHeeBk22QsBFlt6NT2Y3Tz4CeoH547NEFBJDLKIICO0rJ6kF6cQScERASbQJAZy088sVY6DJtGRLPuysv3NiyfEvikmczCEkDPex4shvFLddwNUlmhzml5pscIie44mBOJ0uX37yco3q6UoRQg
-----END PRIVATE KEY-----
pubkey RSA.import_key(pubkey)
prikey RSA.import_key(prikey)
n pubkey.ndef enc_replace(base64_str: str):base64_str base64_str.replace(/, e5Lg^FM5EQYe5!yF62%V$UG*B*RfQeM)base64_str base64_str.replace(, n6B8G6nE2tt4UR6h3QBt*5CpVu8W)return base64_str.replace(, JXWUDuLUgwRLKD9fD6VY2aFeErFf2)def encrypt(plain_text):# 私钥加密cipher_text bfor i in range(0, len(plain_text), 128):part plain_text[i:i128]enc libnum.n2s(pow(libnum.s2n(part), prikey.d, n))cipher_text encreturn enc_replace(base64.b64encode(cipher_text).decode())if __name__ __main__:m b-RSA- * 30print(f原始数据: {m})c encrypt(m)print(f加密数据: {c})
由加密逻辑逆向解密逻辑rsa
import base64import libnum
from Crypto.PublicKey import RSApubkey -----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCK/qv5P8ixWjoFI2rzF62tm6sDFnRsKsGhVSCuxQIxuehMWQLmv6TPxyTQPefIKufzfUFaca/YHkIVIC19ohmE5X738TtxGbOgiGef4bvd9sU6M42k8vMlCPJp1woDFDOFoBQpr4YzH4ZTR6PsHP8VEIJMG5uiLQOLxdKdxi41QIDAQAB
-----END PUBLIC KEY-----
prikey -----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIrq/k/yLFaOgUjavMXra2bqwMWdGwqwaFVIK7FAjG56ExZAua/pM/HJNA958gq5/N9QVpxr9geQhUgLX2iGYTlfvfxO3EZs6CIZ5/hu932xTozjaTy8yUI8mnXCgMUM4WgFCmvhjMfhlNHoz4c/xUQgkwbm6ItA4vF0p3GLjVAgMBAAECgYBDsqawT5DAUOHRft6oZ//jsJMTrOFu41ztrKkbPAUqCesh4R1WXAjY4wnvY1WDCBN5CNLLIo4RPuli2R81HZ4OpZuiHv81sNMccauhrJrioDdbxhxbM7/jQ6M9YajwdNisL5zClXCOs1/y019vDiMDk0kX8hiIYlpPKDwjqQQJBAL6Y0fuoJng57GGhdwvN2c656tLDPj9GRi0sfeeMqavRTMz6/qea1LdAuzDhRoS2Wb8ArhOkYns0GMazzc1q428CQQC6sM9OiVR4EV/ewGnBnF0p3alcYr//Gp1wZ6fKIrFJQpbHTzf27AhKgOJ1qB6A7P/mQS6JvYDPsgrVkPLRnX7AkEAr/xpfyXfB4nsUqWFR3f2UiRmx98RfdlEePeo9YFzNTvX3zkuo9GZ8e8qKNMJiwbYzT0yft59NGeBLQ/eynqUrwJAE6Nxy0Mq/Y5mVVpMRababeMBY9SHeeBk22QsBFlt6NT2Y3Tz4CeoH547NEFBJDLKIICO0rJ6kF6cQScERASbQJAZy088sVY6DJtGRLPuysv3NiyfEvikmczCEkDPex4shvFLddwNUlmhzml5pscIie44mBOJ0uX37yco3q6UoRQg
-----END PRIVATE KEY-----
pubkey RSA.import_key(pubkey)
prikey RSA.import_key(prikey)
n pubkey.ndef enc_replace(base64_str: str):base64_str base64_str.replace(/, e5Lg^FM5EQYe5!yF62%V$UG*B*RfQeM)base64_str base64_str.replace(, n6B8G6nE2tt4UR6h3QBt*5CpVu8W)return base64_str.replace(, JXWUDuLUgwRLKD9fD6VY2aFeErFf2)def encrypt(plain_text):# 私钥加密cipher_text bfor i in range(0, len(plain_text), 128):part plain_text[i:i128]enc libnum.n2s(pow(libnum.s2n(part), prikey.d, n))cipher_text encreturn enc_replace(base64.b64encode(cipher_text).decode())if __name__ __main__:m b-RSA- * 30print(f原始数据: {m})c encrypt(m)print(f加密数据: {c})
可以对请求的流量进行解密 对流10 解密其流量请求 tcp.stream eq 10
G1TUg4bIVOFYi8omV2SQrTa8fzYfboRNN7fV6FJn6B8G6nE2tt4UR6h3QBt*5CpVu8Wbm3O74uCUbwMkvRCYae44TX1ZO8X4w2Nk1igaIZjSQIJ9MMHhD9cn6B8G6nE2tt4UR6h3QBt*5CpVu8WSV5EzikNsyM5c1nlPS8uqw1P2pJuYLaLxloK0x5xhQHDqqAxkuKrBzPn0noQ2bDn6B8G6nE2tt4UR6h3QBt*5CpVu8WlVnGwsfP7YP9PYJXWUDuLUgwRLKD9fD6VY2aFeErFf2拿到关键数据
echo U2FsdGVkX1SslS2BbHfe3c4/t/KxLaM6ZFlOdbtfMHnG8lepnhMnde40tNOYjSvoErLzy0csL7c5d4TlMntBQ /root/FLAG/flag.txt但是U2FsdGVkX1SslS2BbHfe3c4/t/KxLaM6ZFlOdbtfMHnG8lepnhMnde40tNOYjSvoErLzy0csL7c5d4TlMntBQ 加密方式未知接着寻找 在流8中 发现 base hint.py 响应base32----base64解码后 得到提示
FLAG is NOT HERE!!!!!!!!!!!PASSWORD:
Password-based-encryption已知密文和密钥 不知道加密方式 多试试就可以了 无非就那么几种 最后发现是aes加密 https://www.sojson.com/encrypt_aes.html
密文:U2FsdGVkX1SslS2BbHfe3c4/t/KxLaM6ZFlOdbtfMHnG8lepnhMnde40tNOYjSvoErLzy0csL7c5d4TlMntBQ
key:Password-based-encryptionflag{d0e1183c-07c3-49ea-b048-addbe6cc1b20}
