perl - 我如何去混淆或解码这个 Perl 代码？

Question

我找到了这段代码，我认为它是经过编码的。我试图了解它是如何编码的或如何读取它。有没有人有解码此代码的想法？

#!/usr/bin/perl

eval unpack u=>q{_<')I;G0@(EQN7&5<>#5"7'@S,UQX,S-<>#9$7'@U-UQX-C%<>#<R7'@V15QX-CE<>#9%7'@V-UQX,C!<>#4Y_7'@V1EQX-S5<>#(P7'@T1%QX-C%<>#<Y7'@R,%QX-$5<>#8U7'@V-5QX-C1<>#(P7'@U-%QX-D9<>#(P7'@T_.5QX-D5<>#<S7'@W-%QX-C%<>#9#7'@V0UQX,C!<>#<S7'@V1EQX-D1<>#8U7'@P05QX,C!<>#(P7'@R,%QX_,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX-$1<>#9&7'@V-%QX-S5<>#9#7'@V-5QX-S-<>#!!7'@R,%QX,C!<_>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@T.%QX-C5<>#<R7'@V-5QX,C!<>#8Y7'@W,UQX,C!<>#0Q_7'@V15QX,C!<>#0U7'@W.%QX-C%<>#9$7'@W,%QX-D-<>#8U7'@S05QX,$%<>#(P7'@R,%QX,C!<>#(P7'@R_,%QX,C!<>#(P7'@R,%QX,C!<>#8S7'@W,%QX-C%<>#9%7'@R,%QX-$5<>#8U7'@W-%QX,T%<>#-!7'@T.5QX_-3!<>#!!7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@V,UQX-S!<>#8Q7'@V15QX,C!<_>#1#7'@U-UQX-3!<>#-!7'@S05QX-35<>#<S7'@V-5QX-S)<>#0Q7'@V-UQX-C5<>#9%7'@W-%QX,$%<>#(P_7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#8S7'@W,%QX-C%<>#9%7'@R,%QX-35<>#4R7'@T_.5QX,T%<>#-!7'@U-%QX-CE<>#<T7'@V0UQX-C5<>#!!7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX_,C!<>#(P7'@U-%QX-CA<>#8Q7'@V15QX-D)<>#(P7'@W.5QX-D9<>#<U7'@R,%QX-#9<>#9&7'@W,EQX,C!<_>#4U7'@W,UQX-CE<>#9%7'@V-UQX,C!<>#1$7'@W.5QX,C!<>#4S7'@V,UQX-S)<>#8Y7'@W,%QX-S1<>#!!_7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@R,%QX,C!<>#(P7'@V.5QX-D5<>#9!7'@S,UQX-C-<>#<T7'@V_1EQX-S)<>#,S7&5<>#5",%QX-D1<;B(["B-S;&5E<"@B,2(I.PIU<V4@3F5T.CI)4#L*=7-E(%1E<FTZ.D%._4TE#;VQO<CL*=7-E($Q74#HZ57-E<D%G96YT.PIU<V4@55)).CI4:71L92!Q=R@@=&ET;&4@*3L*=7-E('9A_<G,@<7<H("104D]'("D["FUY($!I<%]T96%M("`]("@I.PIM>2`D4%)/1R`]("0P.PHC57-A9V4*(VEF("@@_0$%21U8@/3T@,"`I('L*(R`@("`@("`@<')I;G0@(EQE6S0U;55S86=E.B`N+R104D]'(%MF:6QE72!;5$A2_14%$4UT@6U1)345/551=(%M/5510551=7&Y%>&%M<&QE('!E<FP@)#`@.3`N,"XR,RXU-"`Y,2XP+C4P+C`@_,3(P,"`Q(&QO;%QN:6YJ,V-T;W(S7&XB.PH@(R`@(&5X:70["B-]"FUY("1I<',@/2`D05)'5ELP73L*;W!E_;B!M>2`D:&%N9&QE+"`B7'@S0R(L("1I<',["F-H;VUP*"!M>2!`;&]A9&QI<W0@/2`\)&AA;F1L93X@*3LC_/#T]/3T]/3T]/3T]/3T]($]014X@55`@25!3"F-L;W-E("1H86YD;&4["@IM>2`D=&AR96%D<R`@/2`D05)'_5ELQ73L*(VUY("1I<"`@(#T@;F5W($YE=#HZ25`@*"(D05)'5ELP72`M("1!4D=66S%=(BD@;W(@9&EE("))_;G9A:6QD($E0(%)A;F=E+B(N($YE=#HZ25`Z.D5R<F]R*"D@+B)<;B(["@IP<FEN="`B7&5<>#5"7'@S,UQX_,S%<>#9$7'@U,UQX-S1<>#8Q7'@W,EQX-S1<>#8Y7'@V15QX-C=<>#(P7'@W-UQX-CE<>#<T7'@V.%QX,C`D_=&AR96%D<UQX,C!<>#<T7'@V.%QX-S)<>#8U7'@V,5QX-C1<>#<S7&Y<>#5"7'@R,5QX-41<>#4S7'@V,UQX_-C%<>#9%7'@V15QX-CE<>#9%7'@V-UQX,C`D05)'5ELP75QX,C!<95QX-4(P7'@V1%QN(CL*9F]R96%C:"!M_>2`D:7`@*$!L;V%D;&ES="D@>PIP<FEN="`B)&EP7&XB.PIP=7-H($!I<%]T96%M+"`D:7`K*R`M/FEP*"D[_"FEF("@@)'1H<F5A9',@/3T@0&EP7W1E86T@*2![(%-C86XH0&EP7W1E86TI.R!`:7!?=&5A;2`]("@I('T*_?0I38V%N*$!I<%]T96%M*3L*"@IS=6(@4V-A;@I["FUY($!0:61S.PH@("`@("`@(&9O<F5A8V@@;7D@)&AO_<W0@*$!?*0H@("`@("`@('L*("`@("`@("!M>2`D<&ED("`@("`@("`](&9O<FLH*3L*("`@("`@("!D:64@_(EQX-#-<>#9&7'@W-5QX-D-<>#8T7'@R,%QX-D5<>#9&7'@W-%QX,C!<>#8V7'@V1EQX-S)<>#9"7'@R,5QX_,C`D(5QN(B!U;FQE<W,@9&5F:6YE9"`D<&ED.PH*("`@("`@("`@("`@("`@(&EF("`H,"`]/2`D<&ED*0H@_("`@("`@("`@("`@("`@>PH@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@('!R:6YT("(D:&]S=%QN_(CL*("`@("`@("`@("`@("`@(&5X:70*("`@("`@("`@("`@("`@('T*("`@("`@("`@("`@("`@(&5L<V4*_("`@("`@("`@("`@("`@('L*("`@("`@("`@("`@("`@('!U<V@@0%!I9',L("1P:60*("`@("`@("`@("`@_("`@('T*("`@("`@("!]"@IF;W)E86-H(&UY("1P:60@*$!0:61S*2![('=A:71P:60H)'!I9"P@,"D@?0I]}

Answer 1

正如另一位发帖人所指出的那样 - 提取其正在执行的操作的第一步是print 而不是 eval 来获取一些源代码:

第二阶段是通过 -MO=Deparse 运行它以查看是否发生任何异常情况。 (然后 perltidy 使其更易于阅读):

#!usr/bin/local/perl
print
    "\n\e[33mWarning You May Need To Install some\n         Modules\n         Here is An Example:\n         cpan Net::IP\n         cpan LWP::UserAgent\n         cpan URI::Title\n         Thank you For Using My Script\n         inj3ctor3\e[0m\n";
use Term::ANSIColor;
use LWP::UserAgent;
use vars ('$PROG');
my (@ip_team) = ();
my $PROG      = $0;
my $ips       = $ARGV[0];
open my $handle, '<', $ips;
chomp( my (@loadlist) = <$handle> );
close $handle;
my $threads = $ARGV[1];
print "\e[31mStarting with $threads threads\n[!]Scanning $ARGV[0] \e[0m\n";

foreach my $ip (@loadlist) {
    print "$ip\n";
    push @ip_team, ( $ip++ )->ip;
    if ( $threads == @ip_team ) {
        Scan(@ip_team);
        @ip_team = ();
    }
}
Scan(@ip_team);

sub Scan {
    my @Pids;
    foreach my $host (@_) {
        my $pid = fork;
        die "Could not fork! $!\n" unless defined $pid;
        if ( 0 == $pid ) {
            print "$host\n";
            exit;
        }
        else {
            push @Pids, $pid;
        }
    }
    foreach my $pid (@Pids) {
        waitpid $pid, 0;
    }
}

有用的是，顶部 block 包含写者的签名。其实也一样，因为我完全想重新使用这个非常有用的东西。

[33mWarning You May Need To Install some
         Modules
         Here is An Example:
         cpan Net::IP
         cpan LWP::UserAgent
         cpan URI::Title
         Thank you For Using My Script
         inj3ctor3[0m

所以看起来它的作用是:

• 打开指定为 $ARGV[0] 的文件；
• 将其读入(一次一行)到 IP 地址列表。
• 将其分批成受 $ARGV[1] 限制的 block 。
• 使用Net::IP 格式化地址

ip Return the IP address (or first IP of the prefix or range) in quad format, as a string. print ($ip->ip());

• 将 block 发送到 Scan，其中:
• 只是 fork 并打印 IP 地址，而不做任何实际扫描之类的事情。

所以...除非我遗漏了一些深刻的东西，否则这个脚本实际上根本没有做任何事情。它只是打印一个 IP 地址列表，如果 fork 数量设置得非常高，它可以或许用于 fork 炸弹。

但如您所见 - perl 的优点之一(有些人可能称之为缺点)是很难混淆它，因为它是一种解释型语言。