我如何去混淆或解码这个 Perl 代码?
How can I de-obfuscate or decode this Perl code?
我找到了这段代码,我认为它是经过编码的。我试图了解它是如何编码的或如何读取它。有没有人有解码此代码的想法?
#!/usr/bin/perl
eval unpack u=>q{_<')I;G0@(EQN7&5<>#5"7'@S,UQX,S-<>#9'@U-UQX-C%<>#<R7'@V15QX-CE<>#9%7'@V-UQX,C!<>#4Y_7'@V1EQX-S5<>#(P7'@T1%QX-C%<>#<Y7'@R,%QX-<>#8U7'@V-5QX-C1<>#(P7'@U-%QX-D9<>#(P7'@T_.5QX-D5<>#<S7'@W-%QX-C%<>#9#7'@V0UQX,C!<>#<S7'@V1EQX-D1<>#8U7'@P05QX,C!<>#(P7'@R,%QX_,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX-<>#9&7'@V-%QX-S5<>#9#7'@V-5QX-S-<>#!!7'@R,%QX,C!<_>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@T.%QX-C5<>#<R7'@V-5QX,C!<>#8Y7'@W,UQX,C!<>#0Q_7'@V15QX,C!<>#0U7'@W.%QX-C%<>#9'@W,%QX-D-<>#8U7'@S05QX,$%<>#(P7'@R,%QX,C!<>#(P7'@R_,%QX,C!<>#(P7'@R,%QX,C!<>#8S7'@W,%QX-C%<>#9%7'@R,%QX-<>#8U7'@W-%QX,T%<>#-!7'@T.5QX_-3!<>#!!7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@V,UQX-S!<>#8Q7'@V15QX,C!<_>#1#7'@U-UQX-3!<>#-!7'@S05QX-35<>#<S7'@V-5QX-S)<>#0Q7'@V-UQX-C5<>#9%7'@W-%QX,$%<>#(P_7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#8S7'@W,%QX-C%<>#9%7'@R,%QX-35<>#4R7'@T_.5QX,T%<>#-!7'@U-%QX-CE<>#<T7'@V0UQX-C5<>#!!7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX_,C!<>#(P7'@U-%QX-CA<>#8Q7'@V15QX-D)<>#(P7'@W.5QX-D9<>#<U7'@R,%QX-#9<>#9&7'@W,EQX,C!<_>#4U7'@W,UQX-CE<>#9%7'@V-UQX,C!<>#1'@W.5QX,C!<>#4S7'@V,UQX-S)<>#8Y7'@W,%QX-S1<>#!!_7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@V.5QX-D5<>#9!7'@S,UQX-C-<>#<T7'@V_1EQX-S)<>#,S7&5<>#5",%QX-D1<;B(["B-S;&5E<"@B,2(I.PIU<V4@3F5T.CI)4#L*=7-E(%1E<FTZ.D%._4TE#;VQO<CL*=7-E($Q74#HZ57-E<D%G96YT.PIU<V4@55)).CI4:71L92!Q=R@@=&ET;&4@*3L*=7-E('9A_<G,@<7<H("104D]'("D["FUY($!I<%]T96%M("`]("@I.PIM>2`D4%)/1R`]("0P.PHC57-A9V4*(VEF("@@_0$%21U8@/3T@,"`I('L*(R`@("`@("`@<')I;G0@(EQE6S0U;55S86=E.B`N+R104D]'(%MF:6QE72!;5$A2_14%UT@6U1)345/551=(%M/5510551=7&Y%>&%M<&QE('!E<FP@)#`@.3`N,"XR,RXU-"`Y,2XP+C4P+C`@_,3(P,"`Q(&QO;%QN:6YJ,V-T;W(S7&XB.PH@(R`@(&5X:70["B-]"FUY("1I<',@/2`D05)'5ELP73L*;W!E_;B!M>2`D:&%N9&QE+"`B7'@S0R(L("1I<',["F-H;VUP*"!M>2!`;&]A9&QI<W0@/2`\)&AA;F1L93X@*3LC_/#T]/3T]/3T]/3T]/3T]($]014X@55`@25!3"F-L;W-E("1H86YD;&4["@IM>2`D=&AR96%D<R`@/2`D05)'_5ELQ73L*(VUY("1I<"`@(#T@;F5W($YE=#HZ25`@*"(D05)'5ELP72`M("1!4D=66S%=(BD@;W(@9&EE("))_;G9A:6QD($E0(%)A;F=E+B(N($YE=#HZ25`Z.D5R<F]R*"D@+B)<;B(["@IP<FEN="`B7&5<>#5"7'@S,UQX_,S%<>#9'@U,UQX-S1<>#8Q7'@W,EQX-S1<>#8Y7'@V15QX-C=<>#(P7'@W-UQX-CE<>#<T7'@V.%QX,C`D_=&AR96%D<UQX,C!<>#<T7'@V.%QX-S)<>#8U7'@V,5QX-C1<>#<S7&Y<>#5"7'@R,5QX-41<>#4S7'@V,UQX_-C%<>#9%7'@V15QX-CE<>#9%7'@V-UQX,C`D05)'5ELP75QX,C!<95QX-4(P7'@V1%QN(CL*9F]R96%C:"!M_>2`D:7`@*$!L;V%D;&ES="D@>PIP<FEN="`B)&EP7&XB.PIP=7-H($!I<%]T96%M+"`D:7`K*R`M/FEP*"D[_"FEF("@@)'1H<F5A9',@/3T@0&EP7W1E86T@*2![(%-C86XH0&EP7W1E86TI.R!`:7!?=&5A;2`]("@I('T*_?0I38V%N*$!I<%]T96%M*3L*"@IS=6(@4V-A;@I["FUY($!0:61S.PH@("`@("`@(&9O<F5A8V@@;7D@)&AO_<W0@*$!?*0H@("`@("`@('L*("`@("`@("!M>2`D<&ED("`@("`@("`](&9O<FLH*3L*("`@("`@("!D:64@_(EQX-#-<>#9&7'@W-5QX-D-<>#8T7'@R,%QX-D5<>#9&7'@W-%QX,C!<>#8V7'@V1EQX-S)<>#9"7'@R,5QX_,C`D(5QN(B!U;FQE<W,@9&5F:6YE9"`D<&ED.PH*("`@("`@("`@("`@("`@(&EF("`H,"`]/2`D<&ED*0H@_("`@("`@("`@("`@("`@>PH@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@('!R:6YT("(D:&]S=%QN_(CL*("`@("`@("`@("`@("`@(&5X:70*("`@("`@("`@("`@("`@('T*("`@("`@("`@("`@("`@(&5L<V4*_("`@("`@("`@("`@("`@('L*("`@("`@("`@("`@("`@('!U<V@@0%!I9',L("1P:60*("`@("`@("`@("`@_("`@('T*("`@("`@("!]"@IF;W)E86-H(&UY("1P:60@*$!0:61S*2![('=A:71P:60H)'!I9"P@,"D@?0I]}
将eval替换为print,你可以看到这里发生了什么:
print "\n\e\x5B\x33\x33\x6D\x57\x61\x72\x6E\x69\x6E\x67\x20\x59\x6F\x75\x20\x4D\x61\x79\x20\x4E\x65\x65\x64\x20\x54\x6F\x20\x49\x6E\x73\x74\x61\x6C\x6C\x20\x73\x6F\x6D\x65\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x4D\x6F\x64\x75\x6C\x65\x73\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x48\x65\x72\x65\x20\x69\x73\x20\x41\x6E\x20\x45\x78\x61\x6D\x70\x6C\x65\x3A\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x63\x70\x61\x6E\x20\x4E\x65\x74\x3A\x3A\x49\x50\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x63\x70\x61\x6E\x20\x4C\x57\x50\x3A\x3A\x55\x73\x65\x72\x41\x67\x65\x6E\x74\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x63\x70\x61\x6E\x20\x55\x52\x49\x3A\x3A\x54\x69\x74\x6C\x65\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x54\x68\x61\x6E\x6B\x20\x79\x6F\x75\x20\x46\x6F\x72\x20\x55\x73\x69\x6E\x67\x20\x4D\x79\x20\x53\x63\x72\x69\x70\x74\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x6E\x6A\x33\x63\x74\x6F\x72\x33\e\x5B0\x6D\n";
#sleep("1");
use Net::IP;
use Term::ANSIColor;
use LWP::UserAgent;
use URI::Title qw( title );
use vars qw( $PROG );
my @ip_team = ();
my $PROG = [=10=];
#Usage
#if ( @ARGV == 0 ) {
# print "\e[45mUsage: ./$PROG [file] [THREADS] [TIMEOUT] [OUTPUT]\nExample perl [=10=] 90.0.23.54 91.0.50.0 1200 1 lol\ninj3ctor3\n";
# exit;
#}
my $ips = $ARGV[0];
open my $handle, "\x3C", $ips;
chomp( my @loadlist = <$handle> );#<============== OPEN UP IPS
close $handle;
my $threads = $ARGV[1];
#my $ip = new Net::IP ("$ARGV[0] - $ARGV[1]") or die "Invaild IP Range.". Net::IP::Error() ."\n";
print "\e\x5B\x33\x31\x6D\x53\x74\x61\x72\x74\x69\x6E\x67\x20\x77\x69\x74\x68\x20$threads\x20\x74\x68\x72\x65\x61\x64\x73\n\x5B\x21\x5D\x53\x63\x61\x6E\x6E\x69\x6E\x67\x20$ARGV[0]\x20\e\x5B0\x6D\n";
foreach my $ip (@loadlist) {
print "$ip\n";
push @ip_team, $ip++ ->ip();
if ( $threads == @ip_team ) { Scan(@ip_team); @ip_team = () }
}
Scan(@ip_team);
sub Scan
{
my @Pids;
foreach my $host (@_)
{
my $pid = fork();
die "\x43\x6F\x75\x6C\x64\x20\x6E\x6F\x74\x20\x66\x6F\x72\x6B\x21\x20$!\n" unless defined $pid;
if (0 == $pid)
{
print "$host\n";
exit
}
else
{
push @Pids, $pid
}
}
foreach my $pid (@Pids) { waitpid($pid, 0) }
}
另请参阅:http://perldoc.perl.org/perlpacktut.html#Uuencoding
Uuencoding
Another odd-man-out in the template alphabet is u , which packs a "uuencoded
string". ("uu" is short for Unix-to-Unix.) Chances are that you won't ever need
this encoding technique which was invented to overcome the shortcomings of
old-fashioned transmission mediums that do not support other than simple ASCII
data. The essential recipe is simple: Take three bytes, or 24 bits. Split them
into 4 six-packs, adding a space (0x20) to each. Repeat until all of the data
is blended. Fold groups of 4 bytes into lines no longer than 60 and garnish
them in front with the original byte count (incremented by 0x20) and a "\n" at
the end. - The pack chef will prepare this for you, a la minute, when you
select pack code u on the menu:
my $uubuf = pack( 'u', $bindat );
A repeat count after u sets the number of bytes to put into an uuencoded line,
which is the maximum of 45 by default, but could be set to some (smaller)
integer multiple of three. unpack simply ignores the repeat count.
正如另一位发帖人所指出的那样 - 提取此功能的第一步是 print 而不是 eval 来获取一些源代码:
第二阶段是 运行 它通过 -MO=Deparse 看看是否有任何奇怪的事情发生。 (然后 perltidy 使其更易于阅读):
#!usr/bin/local/perl
print
"\n\e[33mWarning You May Need To Install some\n Modules\n Here is An Example:\n cpan Net::IP\n cpan LWP::UserAgent\n cpan URI::Title\n Thank you For Using My Script\n inj3ctor3\e[0m\n";
use Term::ANSIColor;
use LWP::UserAgent;
use vars ('$PROG');
my (@ip_team) = ();
my $PROG = [=10=];
my $ips = $ARGV[0];
open my $handle, '<', $ips;
chomp( my (@loadlist) = <$handle> );
close $handle;
my $threads = $ARGV[1];
print "\e[31mStarting with $threads threads\n[!]Scanning $ARGV[0] \e[0m\n";
foreach my $ip (@loadlist) {
print "$ip\n";
push @ip_team, ( $ip++ )->ip;
if ( $threads == @ip_team ) {
Scan(@ip_team);
@ip_team = ();
}
}
Scan(@ip_team);
sub Scan {
my @Pids;
foreach my $host (@_) {
my $pid = fork;
die "Could not fork! $!\n" unless defined $pid;
if ( 0 == $pid ) {
print "$host\n";
exit;
}
else {
push @Pids, $pid;
}
}
foreach my $pid (@Pids) {
waitpid $pid, 0;
}
}
有用的是,顶部块包含写者的签名。其实也一样,因为我完全想重新使用这个非常有用的东西。
[33mWarning You May Need To Install some
Modules
Here is An Example:
cpan Net::IP
cpan LWP::UserAgent
cpan URI::Title
Thank you For Using My Script
inj3ctor3[0m
看起来它的作用是:
- 打开指定为 $ARGV[0] 的文件;
- 将其读入(一次一行)到 IP 地址列表。
- 将其分批成
$ARGV[1] 限制的块。
- 使用
Net::IP 格式化地址
ip
Return the IP address (or first IP of the prefix or range) in quad format, as a string.
print ($ip->ip());
- 将块发送到
Scan which:
- 只是分叉并打印 IP 地址,而不做任何实际扫描之类的事情。
所以...除非我遗漏了一些深刻的东西,否则这个脚本实际上什么都不做。它只是打印一个 IP 地址列表,如果分叉数量设置得非常高,它可以 或许 用于分叉炸弹。
但如您所见 - perl 的优点之一(有些人可能称之为缺点)是很难混淆它,因为它是一种解释型语言。
我找到了这段代码,我认为它是经过编码的。我试图了解它是如何编码的或如何读取它。有没有人有解码此代码的想法?
#!/usr/bin/perl
eval unpack u=>q{_<')I;G0@(EQN7&5<>#5"7'@S,UQX,S-<>#9'@U-UQX-C%<>#<R7'@V15QX-CE<>#9%7'@V-UQX,C!<>#4Y_7'@V1EQX-S5<>#(P7'@T1%QX-C%<>#<Y7'@R,%QX-<>#8U7'@V-5QX-C1<>#(P7'@U-%QX-D9<>#(P7'@T_.5QX-D5<>#<S7'@W-%QX-C%<>#9#7'@V0UQX,C!<>#<S7'@V1EQX-D1<>#8U7'@P05QX,C!<>#(P7'@R,%QX_,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX-<>#9&7'@V-%QX-S5<>#9#7'@V-5QX-S-<>#!!7'@R,%QX,C!<_>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@T.%QX-C5<>#<R7'@V-5QX,C!<>#8Y7'@W,UQX,C!<>#0Q_7'@V15QX,C!<>#0U7'@W.%QX-C%<>#9'@W,%QX-D-<>#8U7'@S05QX,$%<>#(P7'@R,%QX,C!<>#(P7'@R_,%QX,C!<>#(P7'@R,%QX,C!<>#8S7'@W,%QX-C%<>#9%7'@R,%QX-<>#8U7'@W-%QX,T%<>#-!7'@T.5QX_-3!<>#!!7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@V,UQX-S!<>#8Q7'@V15QX,C!<_>#1#7'@U-UQX-3!<>#-!7'@S05QX-35<>#<S7'@V-5QX-S)<>#0Q7'@V-UQX-C5<>#9%7'@W-%QX,$%<>#(P_7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#8S7'@W,%QX-C%<>#9%7'@R,%QX-35<>#4R7'@T_.5QX,T%<>#-!7'@U-%QX-CE<>#<T7'@V0UQX-C5<>#!!7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX_,C!<>#(P7'@U-%QX-CA<>#8Q7'@V15QX-D)<>#(P7'@W.5QX-D9<>#<U7'@R,%QX-#9<>#9&7'@W,EQX,C!<_>#4U7'@W,UQX-CE<>#9%7'@V-UQX,C!<>#1'@W.5QX,C!<>#4S7'@V,UQX-S)<>#8Y7'@W,%QX-S1<>#!!_7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@V.5QX-D5<>#9!7'@S,UQX-C-<>#<T7'@V_1EQX-S)<>#,S7&5<>#5",%QX-D1<;B(["B-S;&5E<"@B,2(I.PIU<V4@3F5T.CI)4#L*=7-E(%1E<FTZ.D%._4TE#;VQO<CL*=7-E($Q74#HZ57-E<D%G96YT.PIU<V4@55)).CI4:71L92!Q=R@@=&ET;&4@*3L*=7-E('9A_<G,@<7<H("104D]'("D["FUY($!I<%]T96%M("`]("@I.PIM>2`D4%)/1R`]("0P.PHC57-A9V4*(VEF("@@_0$%21U8@/3T@,"`I('L*(R`@("`@("`@<')I;G0@(EQE6S0U;55S86=E.B`N+R104D]'(%MF:6QE72!;5$A2_14%UT@6U1)345/551=(%M/5510551=7&Y%>&%M<&QE('!E<FP@)#`@.3`N,"XR,RXU-"`Y,2XP+C4P+C`@_,3(P,"`Q(&QO;%QN:6YJ,V-T;W(S7&XB.PH@(R`@(&5X:70["B-]"FUY("1I<',@/2`D05)'5ELP73L*;W!E_;B!M>2`D:&%N9&QE+"`B7'@S0R(L("1I<',["F-H;VUP*"!M>2!`;&]A9&QI<W0@/2`\)&AA;F1L93X@*3LC_/#T]/3T]/3T]/3T]/3T]($]014X@55`@25!3"F-L;W-E("1H86YD;&4["@IM>2`D=&AR96%D<R`@/2`D05)'_5ELQ73L*(VUY("1I<"`@(#T@;F5W($YE=#HZ25`@*"(D05)'5ELP72`M("1!4D=66S%=(BD@;W(@9&EE("))_;G9A:6QD($E0(%)A;F=E+B(N($YE=#HZ25`Z.D5R<F]R*"D@+B)<;B(["@IP<FEN="`B7&5<>#5"7'@S,UQX_,S%<>#9'@U,UQX-S1<>#8Q7'@W,EQX-S1<>#8Y7'@V15QX-C=<>#(P7'@W-UQX-CE<>#<T7'@V.%QX,C`D_=&AR96%D<UQX,C!<>#<T7'@V.%QX-S)<>#8U7'@V,5QX-C1<>#<S7&Y<>#5"7'@R,5QX-41<>#4S7'@V,UQX_-C%<>#9%7'@V15QX-CE<>#9%7'@V-UQX,C`D05)'5ELP75QX,C!<95QX-4(P7'@V1%QN(CL*9F]R96%C:"!M_>2`D:7`@*$!L;V%D;&ES="D@>PIP<FEN="`B)&EP7&XB.PIP=7-H($!I<%]T96%M+"`D:7`K*R`M/FEP*"D[_"FEF("@@)'1H<F5A9',@/3T@0&EP7W1E86T@*2![(%-C86XH0&EP7W1E86TI.R!`:7!?=&5A;2`]("@I('T*_?0I38V%N*$!I<%]T96%M*3L*"@IS=6(@4V-A;@I["FUY($!0:61S.PH@("`@("`@(&9O<F5A8V@@;7D@)&AO_<W0@*$!?*0H@("`@("`@('L*("`@("`@("!M>2`D<&ED("`@("`@("`](&9O<FLH*3L*("`@("`@("!D:64@_(EQX-#-<>#9&7'@W-5QX-D-<>#8T7'@R,%QX-D5<>#9&7'@W-%QX,C!<>#8V7'@V1EQX-S)<>#9"7'@R,5QX_,C`D(5QN(B!U;FQE<W,@9&5F:6YE9"`D<&ED.PH*("`@("`@("`@("`@("`@(&EF("`H,"`]/2`D<&ED*0H@_("`@("`@("`@("`@("`@>PH@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@('!R:6YT("(D:&]S=%QN_(CL*("`@("`@("`@("`@("`@(&5X:70*("`@("`@("`@("`@("`@('T*("`@("`@("`@("`@("`@(&5L<V4*_("`@("`@("`@("`@("`@('L*("`@("`@("`@("`@("`@('!U<V@@0%!I9',L("1P:60*("`@("`@("`@("`@_("`@('T*("`@("`@("!]"@IF;W)E86-H(&UY("1P:60@*$!0:61S*2![('=A:71P:60H)'!I9"P@,"D@?0I]}
将eval替换为print,你可以看到这里发生了什么:
print "\n\e\x5B\x33\x33\x6D\x57\x61\x72\x6E\x69\x6E\x67\x20\x59\x6F\x75\x20\x4D\x61\x79\x20\x4E\x65\x65\x64\x20\x54\x6F\x20\x49\x6E\x73\x74\x61\x6C\x6C\x20\x73\x6F\x6D\x65\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x4D\x6F\x64\x75\x6C\x65\x73\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x48\x65\x72\x65\x20\x69\x73\x20\x41\x6E\x20\x45\x78\x61\x6D\x70\x6C\x65\x3A\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x63\x70\x61\x6E\x20\x4E\x65\x74\x3A\x3A\x49\x50\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x63\x70\x61\x6E\x20\x4C\x57\x50\x3A\x3A\x55\x73\x65\x72\x41\x67\x65\x6E\x74\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x63\x70\x61\x6E\x20\x55\x52\x49\x3A\x3A\x54\x69\x74\x6C\x65\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x54\x68\x61\x6E\x6B\x20\x79\x6F\x75\x20\x46\x6F\x72\x20\x55\x73\x69\x6E\x67\x20\x4D\x79\x20\x53\x63\x72\x69\x70\x74\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x20\x69\x6E\x6A\x33\x63\x74\x6F\x72\x33\e\x5B0\x6D\n";
#sleep("1");
use Net::IP;
use Term::ANSIColor;
use LWP::UserAgent;
use URI::Title qw( title );
use vars qw( $PROG );
my @ip_team = ();
my $PROG = [=10=];
#Usage
#if ( @ARGV == 0 ) {
# print "\e[45mUsage: ./$PROG [file] [THREADS] [TIMEOUT] [OUTPUT]\nExample perl [=10=] 90.0.23.54 91.0.50.0 1200 1 lol\ninj3ctor3\n";
# exit;
#}
my $ips = $ARGV[0];
open my $handle, "\x3C", $ips;
chomp( my @loadlist = <$handle> );#<============== OPEN UP IPS
close $handle;
my $threads = $ARGV[1];
#my $ip = new Net::IP ("$ARGV[0] - $ARGV[1]") or die "Invaild IP Range.". Net::IP::Error() ."\n";
print "\e\x5B\x33\x31\x6D\x53\x74\x61\x72\x74\x69\x6E\x67\x20\x77\x69\x74\x68\x20$threads\x20\x74\x68\x72\x65\x61\x64\x73\n\x5B\x21\x5D\x53\x63\x61\x6E\x6E\x69\x6E\x67\x20$ARGV[0]\x20\e\x5B0\x6D\n";
foreach my $ip (@loadlist) {
print "$ip\n";
push @ip_team, $ip++ ->ip();
if ( $threads == @ip_team ) { Scan(@ip_team); @ip_team = () }
}
Scan(@ip_team);
sub Scan
{
my @Pids;
foreach my $host (@_)
{
my $pid = fork();
die "\x43\x6F\x75\x6C\x64\x20\x6E\x6F\x74\x20\x66\x6F\x72\x6B\x21\x20$!\n" unless defined $pid;
if (0 == $pid)
{
print "$host\n";
exit
}
else
{
push @Pids, $pid
}
}
foreach my $pid (@Pids) { waitpid($pid, 0) }
}
另请参阅:http://perldoc.perl.org/perlpacktut.html#Uuencoding
Uuencoding
Another odd-man-out in the template alphabet is u , which packs a "uuencoded string". ("uu" is short for Unix-to-Unix.) Chances are that you won't ever need this encoding technique which was invented to overcome the shortcomings of old-fashioned transmission mediums that do not support other than simple ASCII data. The essential recipe is simple: Take three bytes, or 24 bits. Split them into 4 six-packs, adding a space (0x20) to each. Repeat until all of the data is blended. Fold groups of 4 bytes into lines no longer than 60 and garnish them in front with the original byte count (incremented by 0x20) and a "\n" at the end. - The pack chef will prepare this for you, a la minute, when you select pack code u on the menu:
my $uubuf = pack( 'u', $bindat );A repeat count after u sets the number of bytes to put into an uuencoded line, which is the maximum of 45 by default, but could be set to some (smaller) integer multiple of three. unpack simply ignores the repeat count.
正如另一位发帖人所指出的那样 - 提取此功能的第一步是 print 而不是 eval 来获取一些源代码:
第二阶段是 运行 它通过 -MO=Deparse 看看是否有任何奇怪的事情发生。 (然后 perltidy 使其更易于阅读):
#!usr/bin/local/perl
print
"\n\e[33mWarning You May Need To Install some\n Modules\n Here is An Example:\n cpan Net::IP\n cpan LWP::UserAgent\n cpan URI::Title\n Thank you For Using My Script\n inj3ctor3\e[0m\n";
use Term::ANSIColor;
use LWP::UserAgent;
use vars ('$PROG');
my (@ip_team) = ();
my $PROG = [=10=];
my $ips = $ARGV[0];
open my $handle, '<', $ips;
chomp( my (@loadlist) = <$handle> );
close $handle;
my $threads = $ARGV[1];
print "\e[31mStarting with $threads threads\n[!]Scanning $ARGV[0] \e[0m\n";
foreach my $ip (@loadlist) {
print "$ip\n";
push @ip_team, ( $ip++ )->ip;
if ( $threads == @ip_team ) {
Scan(@ip_team);
@ip_team = ();
}
}
Scan(@ip_team);
sub Scan {
my @Pids;
foreach my $host (@_) {
my $pid = fork;
die "Could not fork! $!\n" unless defined $pid;
if ( 0 == $pid ) {
print "$host\n";
exit;
}
else {
push @Pids, $pid;
}
}
foreach my $pid (@Pids) {
waitpid $pid, 0;
}
}
有用的是,顶部块包含写者的签名。其实也一样,因为我完全想重新使用这个非常有用的东西。
[33mWarning You May Need To Install some
Modules
Here is An Example:
cpan Net::IP
cpan LWP::UserAgent
cpan URI::Title
Thank you For Using My Script
inj3ctor3[0m
看起来它的作用是:
- 打开指定为 $ARGV[0] 的文件;
- 将其读入(一次一行)到 IP 地址列表。
- 将其分批成
$ARGV[1]限制的块。 - 使用
Net::IP格式化地址
ip Return the IP address (or first IP of the prefix or range) in quad format, as a string. print ($ip->ip());
- 将块发送到
Scanwhich: - 只是分叉并打印 IP 地址,而不做任何实际扫描之类的事情。
所以...除非我遗漏了一些深刻的东西,否则这个脚本实际上什么都不做。它只是打印一个 IP 地址列表,如果分叉数量设置得非常高,它可以 或许 用于分叉炸弹。
但如您所见 - perl 的优点之一(有些人可能称之为缺点)是很难混淆它,因为它是一种解释型语言。