Sorry, this site doesn't work properly without JavaScript.

XORpass - An encoder to bypass WAF

by Admin

on 14:16

XORpass is an encoder to bypass WAF filters using XOR operations.

Installation & Usage

git clone https://github.com/devploit/XORpass
cd XORpass
$ python3 xorpass.py -h

Example of bypass:

Using clear PHP function:

Using XOR bypass of that function:

$ python3 xorpass.py -e "system(ls)"

Why does PHP treat our payload as a string?

The ^ is the exclusive or operator, which means that we're in reality working with binary values. So let's break down what happens.

The XOR operator on binary values will return 1 where just one of the bits were 1, otherwise it returns 0 (0^0 = 0, 0^1 = 1, 1^0 = 1, 1^1 = 0). When you use XOR on characters, you're using their ASCII values. These ASCII values are integers, so we need to convert those to binary to see what's actually going on.

A = 65 = 1000001
S = 83 = 1010011
B = 66 = 1000010

A       1000001
        ^
S       1010011
        ^
B       1000010
----------------
result  1010000 = 80 = P

A^S^B = P

If we do an 'echo "A"^"S"^"B";' PHP will return us a P as we see.

GET XORpass

BugBounty OSITN Pentester WAF

Newer Posts Older Posts


      
      <script type='text/javascript'>
  setTimeout(function() {
    var headID = document.getElementsByTagName("head")[0];

    // External JavaScript files
    var externalScripts = [
      'https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1618281995222563',
      'https://www.googletagmanager.com/gtag/js?id=UA-43857487-1',
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
      'https://www.google-analytics.com/analytics.js'
      'https://tools.cyberkendra.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js'
    ];

    for (var i = 0; i < externalScripts.length; i++) {
      var newScript = document.createElement('script');
      newScript.type = 'text/javascript';
      newScript.src = externalScripts[i];
      headID.appendChild(newScript);
    }

    // External CSS files
    var externalStyles = [
	'https://www.google.com/cse/static/element/8435450f13508ca1/default_v5+en.css'
    ];

    for (var j = 0; j < externalStyles.length; j++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = externalStyles[j];
      headID.appendChild(newLink);
    }

    // Google Fonts
    var googleFonts = [
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-NYiFV0U1.woff2',
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-4I-FV0U1.woff2'
      'https://fonts.gstatic.com/s/rubik/v20/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2'
    ];

    for (var k = 0; k < googleFonts.length; k++) {
      var newLink = document.createElement('link');
      newLink.rel = 'stylesheet';
      newLink.type = 'text/css';
      newLink.href = googleFonts[k];
      headID.appendChild(newLink);
    }
  }, 5000);
</script>
    
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/848617736-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY6frba6OsJHO9O-3bJflpzxenV01Q:1713999132275';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3163889773480073810','//tools.cyberkendra.com/2021/11/xorpass-encoder-to-bypass-waf.html','3163889773480073810');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3163889773480073810', 'title': 'Hack Tools', 'url': 'https://tools.cyberkendra.com/2021/11/xorpass-encoder-to-bypass-waf.html', 'canonicalUrl': 'https://tools.cyberkendra.com/2021/11/xorpass-encoder-to-bypass-waf.html', 'homepageUrl': 'https://tools.cyberkendra.com/', 'searchUrl': 'https://tools.cyberkendra.com/search', 'canonicalHomepageUrl': 'https://tools.cyberkendra.com/', 'blogspotFaviconUrl': 'https://tools.cyberkendra.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-43857487-1', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Hack Tools - RSS\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3163889773480073810/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Hack Tools - Atom\x22 href\x3d\x22https://tools.cyberkendra.com/feeds/4354781349615923212/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-1618281995222563', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/a492d7e068c3786e', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Learn more \xbb', 'pageType': 'item', 'postId': '4354781349615923212', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB3MW2Xl4nVsmbpebu1VQnkFf0dZ3LzQcJebp5hPz5t_EfxhfM47OF6rJM6kS2LTMPOufOC0rK_uGgUHwDnLWGvLy1pDR-wIiiOE3NLVNS1rtla-A_tg81XAPUrYI621pNuPVqtiDqanXV/s72-w640-c-h214/68747470733a2f2f692e696d6775722e636f6d2f6971653167724b2e706e67.png', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB3MW2Xl4nVsmbpebu1VQnkFf0dZ3LzQcJebp5hPz5t_EfxhfM47OF6rJM6kS2LTMPOufOC0rK_uGgUHwDnLWGvLy1pDR-wIiiOE3NLVNS1rtla-A_tg81XAPUrYI621pNuPVqtiDqanXV/w640-h214/68747470733a2f2f692e696d6775722e636f6d2f6971653167724b2e706e67.png', 'pageName': 'XORpass - An encoder to bypass WAF', 'pageTitle': 'Hack Tools: XORpass - An encoder to bypass WAF', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'XORpass - An encoder to bypass WAF', 'description': '', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB3MW2Xl4nVsmbpebu1VQnkFf0dZ3LzQcJebp5hPz5t_EfxhfM47OF6rJM6kS2LTMPOufOC0rK_uGgUHwDnLWGvLy1pDR-wIiiOE3NLVNS1rtla-A_tg81XAPUrYI621pNuPVqtiDqanXV/w640-h214/68747470733a2f2f692e696d6775722e636f6d2f6971653167724b2e706e67.png', 'url': 'https://tools.cyberkendra.com/2021/11/xorpass-encoder-to-bypass-waf.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 4354781349615923212}}, {'name': 'widgets', 'data': [{'title': 'JavaScript Variables', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList995'}, {'title': 'CSS Options', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList996'}, {'title': 'Custom SVG Pack (SVG Sprites)', 'type': 'HTML', 'sectionId': 'elcreative_panel_top', 'id': 'HTML994'}, {'title': 'Hack Tools (Header)', 'type': 'Header', 'sectionId': 'section_app_bar', 'id': 'Header1'}, {'title': 'Navigation Drawer Menu', 'type': 'LinkList', 'sectionId': 'section_navigation', 'id': 'LinkList999'}, {'title': 'More Menu', 'type': 'PageList', 'sectionId': 'section_navigation', 'id': 'PageList999'}, {'title': 'Post Ad Slot (Top)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML996'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'section_main_widget', 'id': 'Blog1', 'posts': [{'id': '4354781349615923212', 'title': 'XORpass - An encoder to bypass WAF', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB3MW2Xl4nVsmbpebu1VQnkFf0dZ3LzQcJebp5hPz5t_EfxhfM47OF6rJM6kS2LTMPOufOC0rK_uGgUHwDnLWGvLy1pDR-wIiiOE3NLVNS1rtla-A_tg81XAPUrYI621pNuPVqtiDqanXV/w640-h214/68747470733a2f2f692e696d6775722e636f6d2f6971653167724b2e706e67.png', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': ''}]}], 'allBylineItems': [{'name': 'author', 'label': 'by'}, {'name': 'timestamp', 'label': 'on'}, {'name': 'comments', 'label': 'Post a Comment'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': ''}]}, {'title': 'Between Post Ad Slot', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML995'}, {'title': 'Post Ad Slot (Bottom)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML997'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_aside_widget', 'id': 'HTML1'}, {'title': 'Custom Vanilla JavaScript', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML998'}, {'title': 'Custom jQuery Script', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML999'}, {'title': 'Contact Form', 'type': 'ContactForm', 'sectionId': 'hidden', 'id': 'ContactForm1'}]}]);
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList995', 'elcreative_panel_top', document.getElementById('LinkList995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList996', 'elcreative_panel_top', document.getElementById('LinkList996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML994', 'elcreative_panel_top', document.getElementById('HTML994'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'section_app_bar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList999', 'section_navigation', document.getElementById('LinkList999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList999', 'section_navigation', document.getElementById('PageList999'), {'title': 'More Menu', 'links': [{'isCurrentPage': false, 'href': 'https://tools.cyberkendra.com/', 'title': 'Home'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML996', 'section_main_widget', document.getElementById('HTML996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'section_main_widget', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML995', 'section_main_widget', document.getElementById('HTML995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML997', 'section_main_widget', document.getElementById('HTML997'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'section_aside_widget', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML998', 'elcreative_panel_bottom', document.getElementById('HTML998'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML999', 'elcreative_panel_bottom', document.getElementById('HTML999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ContactFormView', new _WidgetInfo('ContactForm1', 'hidden', document.getElementById('ContactForm1'), {'contactFormMessageSendingMsg': 'Sending...', 'contactFormMessageSentMsg': 'Your message has been sent.', 'contactFormMessageNotSentMsg': 'Message could not be sent. Please try again later.', 'contactFormInvalidEmailMsg': 'A valid email address is required.', 'contactFormEmptyMessageMsg': 'Message field cannot be empty.', 'title': 'Contact Form', 'blogId': '3163889773480073810', 'contactFormNameMsg': 'Name', 'contactFormEmailMsg': 'Email', 'contactFormMessageMsg': 'Message', 'contactFormSendMsg': 'Send', 'contactFormToken': 'AOuZoY7sLlzk92o03ogFneON3M5DY_bk5g:1713999132275', 'submitUrl': 'https://www.blogger.com/contact-form.do'}, 'displayModeFull'));
</script>
</body>