-
Notifications
You must be signed in to change notification settings - Fork 7
/
index.py
100 lines (95 loc) · 3.04 KB
/
index.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/python
'''
OWASP ZSC | ZCR Shellcoder
ZeroDay Cyber Research
Z3r0D4y.Com
Ali Razmjoo
'''
import cgi
import cgitb; cgitb.enable()
from core.commands import _show_payloads
import sys
import os
from core.obfuscate import obf_code
from core.encode import encode_process
from core.opcoder import op
exec(compile(
open(
str(os.path.dirname(os.path.abspath(__file__)).replace('\\', '/')) +
'/core/commands.py', "rb").read(), str(os.path.dirname(os.path.abspath(
__file__)).replace('\\', '/')) + '/core/commands.py', 'exec'))
exec(compile(
open(
str(os.path.dirname(os.path.abspath(__file__)).replace('\\', '/')) +
'/core/start.py', "rb").read(), str(os.path.dirname(os.path.abspath(
__file__)).replace('\\', '/')) + '/core/start.py', 'exec'))
print ('Content-type: text/html\nAPI-SERVER: ZERODAY CYBER RESEARCH\nAdmin: [email protected]\n')
form = cgi.FieldStorage()
api = form.getvalue("api_name")
if api is None:
print('''Hello, Please Visit <a href="https://github.com/zscproject/OWASP-ZSC/wiki">WIKI</a> to know about this API server.<br>
Please report problems to Admin, Thank you.<br>
<a href="mailto:ali[dot]razmjoo[at]owasp[dot]org">Ali Razmjoo</a>''')
elif api == 'zsc':
mypayload = form.getvalue("payload")
myinput = form.getvalue("input")
asm_code = form.getvalue("asm_code")
if mypayload != None and myinput != None:
payloads = _show_payloads(commands,True)
if len(payloads) is 0:
print ('no payload found!')
sys.exit(0)
if len(mypayload.rsplit('/')) is 2:
if mypayload in _show_payloads(commands,True):
filename = myinput
language = mypayload.rsplit('/')[0]
encode = mypayload.rsplit('/')[1]
try:
content = myinput
except:
warn('sorry, cann\'t find file\n')
sys.exit(0)
info('Obfuscated Code is:\n\n' + obf_code(language, encode, filename, content,True) +
'\n\n')
if len(mypayload.rsplit('/')) is 3:
os = mypayload.rsplit('/')[0]
func = mypayload.rsplit('/')[1]
encode = mypayload.rsplit('/')[2]
encode_tmp = mypayload.rsplit('/')[2][:3]
data = myinput.rsplit('~~~')
payload_tmp = os+'/'+func+'/'+encode_tmp
payload_flag = False
for _ in _show_payloads(commands,True):
if payload_tmp in _:
payload_flag = True
if payload_flag is True:
run = getattr(
__import__('lib.generator.%s.%s' % (os, func),
fromlist=['run']),
'run')
shellcode = run(data)
try:
asm_code = int(asm_code)
except:
asm_code = 'nop'
if asm_code == 1:
info('Generated shellcode(Assembly) is:\n\n' +encode_process(encode, shellcode, os, func)+
'\n\n')
else:
info('Generated shellcode is:\n\n' +op(encode_process(encode, shellcode, os, func),os) +
'\n\n')
elif mypayload == 'show_all':
limit = form.getvalue("limit")
if limit is not None:
for _ in _show_payloads(commands,True):
if limit in _:
print ('[+]'),_
if limit is None:
_show_payloads(commands,False)
sys.exit(0)
else:
print( '''please be sure you send all required fields!''')
sys.exit(0)
else:
print ('''api not found!''')
sys.exit(0)