XORpass is an encoder to bypass WAF filters using XOR operations.
Installation & Usage
git clone https://github.com/devploit/XORpass
cd XORpass
$ php encode.php STRING
$ php decode.php “XORed STRING”
Example of bypass
Using clear PHP function:
Using XOR bypass of that function:
$ php encode.php system # return A
$ php encode.php ls # return B
payload == A(B)
Why does PHP treat our payload as a string?
The ^ is the exclusive or operator, which means that we’re in reality working with binary values. So lets break down what happens.
The XOR operator on binary values will return 1 where just one of the bits were 1, otherwise it returns 0 (0^0 = 0, 0^1 = 1, 1^0 = 1, 1^1 = 0). When you use XOR on characters, you’re using their ASCII values. These ASCII values are integers, so we need to convert those to binary to see what’s actually going on.
A = 65 = 1000001
S = 83 = 1010011
B = 66 = 1000010
A 1000001
^
S 1010011
^
B 1000010
——————————
result 0010010 = 80 = P
A^S^B = P
If we do an ‘echo “A”^”S”^”B”;’ PHP will return us a P as we see.
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…