Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/python
from string import maketrans
import urllib
import binascii
import re
import base64
lpp = dict()
def unescape_octal(s):
result = ""
while len(s) != 0:
if s[0] == "\\":
(octbyte, s) = (s[1:4], s[4:])
try:
result += chr(int(octbyte, 8))
except ValueError:
result += "\\"
s = octbyte + s
else:
result += s[0]
s = s[1:]
return result
EOL = editor.getEOLMode()
def repl_hex(s):
return binascii.unhexlify(s)
def repl_escapes(lpp,m):
conText = []
r = m.group(0).split('\\')
for s in r[1:]:
if 'x' not in s:
if len(s) == 2:
s = chr(48) + str(s)
s = chr(92) + str(s)
conText.append(unescape_octal(s))
else:
conText.append(repl_hex(s[1:]))
q = ''.join(conText)
if lpp.has_key(q):
lpp[q] += 1
else:
lpp[q] = 1
console.write(str(lpp) + '\n')
return q
def rex_replace_array(u,m,l):
v = len(u) + 1
n = []
for o in l:
n.append(o)
console.write(str(n) + "\n")
console.write("this: " + m.group(0)[v:-2] + "\nthat:")
b = n[m.group(0)[v:-2]]
console.write(b + "\n")
return b
def url_decode(m):
r = r'((\%[a-fA-F0-9]{2})+)'
p = m.group(0)
u = re.search( r, m.group(0)).group().replace("%5C", "%5C%5C")
return re.sub(r,urllib.unquote(urllib.unquote(u)), p)
def find_next(t):
return editor.searchNext(0, t)
def rot_13(s):
trans = maketrans("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ","nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM")
return s.translate(trans)
def b64(s):
return base64.b64decode(s)
def gzinflate(s):
z = 0
while True:
try:
d = zlib.decompress(s, z)
return d
except:
z -= 1
if z == -16:
return False
def replace_keyval(k,v):
editor.replace(k,v)
editor.setCurrentPos(0)
editor.setSelection(0,0)
editor.replace(k,v)
def var_replace(c):
a = list()
z = {}
w = {}
for b in c:
a.append(b)
console.write(str(a) + "\n")
editor.setCurrentPos(0)
editor.setSelectionStart(0)
#editor.setSelectionEnd(len(editor.getText()))
l = ""
while l != "//End_Vars\r\n":
#console.write("current position is: %d\n" % editor.getCurrentPos())
l = editor.getCurLine()
if '=' in l:
l = l.split('=',1)
if l[1][-3] == ';':
l[1] = l[1][:-3]
f = len(l[0])
p = 0
while p < f:
if any(x in l[0][p] for x in a):
console.write(l[0][p] +"\n")
p += 1
else:
console.write("[*] Line does not match variable characters next line\n")
break
if p == f:
z[l[0]] = l[1]
editor.lineDown()
else:
editor.lineDown()
l = editor.getCurLine()
p = 0
for k, v in z.iteritems():
g = '{"GLOBALS"}["' + k[1:] + '"]'
editor.replace(g,v)
console.write(g + "\n")
replace_keyval(k[1:],v)
editor.setCurrentPos(0)
editor.setSelection(0,0)
p = 0
while p <= editor.getLineCount():
line_breaks(editor.getCurLine(),p)
editor.gotoLine(p)
editor.setCurrentPos(0)
editor.setSelection(0,0)
p = 0
while "//START_VAR2" not in editor.getCurLine():
editor.lineDown()
p = p + 1
while p <= editor.getLineCount():
l = editor.getCurLine()
if all(x in l[:10] for x in c):
w[l[:10]] = l.split('=',1)[1]
for k,v in w.iteritems():
console.write(k + " ==> " + v + "\r\n")
def hunt_vars(c,lpp):
stru = re.compile(r'^\$[0-9a-zA-Z]+[\.\=][\=\"].*\";\r\n$')
if stru.match(c):
c = c.split('=')
p = [pos for pos, char in enumerate(c[1]) if char == '"']
c[1] = c[1][p[0]+1:p[1]]
if c[0].endswith('.') and lpp.has_key(c[0][:-1]):
lpp[c[0][:-1]] += c[1]
else:
lpp[c[0]] = c[1]
def evaluable():
x = list()
i = 0
while i <= editor.getLineCount():
c = editor.getLine(i)
b = {'base64_decode':'b64','rot13': 'rot_13','gzuncopmpress': 'gzinflate'}
stru = re.compile(r'^\@eval\(.*$')
if stru.match(c):
d = c.split('(')
i = 1
while i < len(d):
for a in b.keys():
if a in d[1]:
x.append(b[d[i]])
if '"' in c:
e = [m.start() for m in re.finditer('"', c)]
if len(e) == 2:
z = c[e[0] + 1:e[1]]
elif len(e) == 1:
z = c[e[0]+1:-2]
n = i + 1
while True:
z += editor.getLine(n)[:-2]
n += 1
def line_breaks(c,n):
o = 0
if '${"GLOBALS"}' not in c:
while o <= len(c):
if c[o] == "'" and o < len(c):
console.write(c[o])
o += 1
while c[o] != "'" and o <= len(c):
console.write(c[o])
o += 1
for x in [';', '{', '}']:
if c[o] == x and c[o + 1] != '\r':
c = c[:o] + c[o] + "\r\n" + c[o + 1:]
editor.replaceLine(n,c)
return 1
o += 1
else:
return 0
def run_all():
for d in [';','{','}']:
editor.replace(d,d + '\r\n')
editor.rereplace(r'((\\x?[0-9a-f]{2,3})+)', lambda m: repl_escapes(lpp,m))
editor.rereplace(r'(\%[0-9A-Fa-f]{2})+"\)', url_decode)
i=0
while i < editor.getLineCount():
hunt_vars(editor.getLine(i),lpp)
i += 1
i=0
for k,v in lpp.iteritems():
console.write(str(k) + " ==> " + str(v) + "\n")
replace_keyval(k,v)
#evaluable()
# rex_replace_array(u,m,l)
#var_replace(c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment