forked from sqlsec/BlueLotus_XSSReceiver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
change_encrypt_pass.php
139 lines (115 loc) · 6 KB
/
change_encrypt_pass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
//本文件未鉴权,安全起见默认禁用此php文件,需要时自行注释exit()
exit();
/*
* 当修改config.php里的加密方式或者加密密码时,可用此文件来重新加密xss记录,js的描述,ip封禁列表
* 请在修改加密方式或者加密密码后执行此文件(如果选择不加密,加密密码写任意值)
* 用法:
* php change_encrypt_pass.php (以前是否加密true/false) (旧加密密码) (旧加密方法AES/RC4) (现在是否加密) (新加密密码) (新加密方法)
* 举例
* php change_encrypt_pass.php true bluelotus AES true bluelotus RC4
* php change_encrypt_pass.php true bluelotus AES false xxxx(任意值) AES
*/
/*
* 从旧版本升级的方法
* 1. php change_encrypt_pass.php update (以前是否加密true/false) (旧加密密码)
* 此时所有xss记录转化为加密开启,密码bluelotus,加密方法RC4
* 2. 修改config.php,修改加密开关,新密码,加密方式
* 3. php change_encrypt_pass.php true bluelotus rc4 (现在是否加密) (新加密密码) (新加密方法)
* 4. 升级完成
*/
define("IN_XSS_PLATFORM", true);
require_once("config.php");
if( isset( $argv[1] ) ) {
if ($argv[1] === "update")
update_from_old_version($argv[2], $argv[3]);
else
change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]);
}
function update_from_old_version($old_encrypt_enable, $old_encrypt_pass) {
//如果从旧版本升级,就统一先切换为RC4,密码bluelotus
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
}
function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(MY_JS_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(JS_TEMPLATE_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
}
function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
$logfile = DATA_PATH . '/forbiddenIPList.dat';
$str = @file_get_contents($logfile);
if ($str === false)
return;
$str = decrypt($str, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
$str = encrypt($str, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents($logfile, $str))
echo "修改封禁ip成功\n";
else
echo "修改封禁ip失败,可能是没有权限,chmod 777!\n";
}
function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
$filename = basename($file, ".php");
if (preg_match("/^[0-9]{10}$/", $filename)) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
$info = @file_get_contents($logFile);
if ($info !== false && strncmp($info, '<?php exit();?>', 15) === 0) {
$info = substr($info, 15);
$info = decrypt($info, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
} else
$info = "";
$info = encrypt($info, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents($logFile, '<?php exit();?>' . $info))
echo "修改一条xss记录成功\n";
else
echo "修改一条xss记录失败,可能是没有权限,chmod 777!\n";
}
}
}
function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type) {
$files = glob($path . '/*.js');
foreach ($files as $file) {
//由于可能有中文名,故使用正则来提取文件名
$filename = preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename = substr($filename, 0, strlen($filename) - 3);
$desc = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc');
if ($desc !== false)
$desc = decrypt($desc, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
else
$desc = "";
$desc = encrypt($desc, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc', $desc))
echo "修改一条js描述成功\n";
else
echo "修改一条js描述失败,可能是没有权限,chmod 777!\n";
}
}
function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) {
if ($encrypt_enable) {
if ($encrypt_type === "AES") {
require_once("aes.php");
$info = AESEncryptCtr($info, $encrypt_pass);
} else {
require_once("rc4.php");
$info = base64_encode(rc4($info, $encrypt_pass));
}
} else
$info = base64_encode($info);
return $info;
}
function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type) {
if ($encrypt_enable) {
if ($encrypt_type === "AES") {
require_once("aes.php");
$info = AESDecryptCtr($info, $encrypt_pass);
} else {
require_once("rc4.php");
$info = rc4(base64_decode($info), $encrypt_pass);
}
} else
$info = base64_decode($info);
return $info;
}