这个工具实际在22年年初就写完了,现在才上传到Github,是因为目前的工作实际上大部分时间都在二线,以及以当前所掌握的知识没办法继续更新了,当然有一些零碎的点没有加到工具里,比如IAT导入表擦除等,后续如果学到了新的知识再来继续写下去。也希望有兴趣的同伴一起来改,比如用python/go等语言执行shellcode。
Input a raw file to bypass av and execute.
一个只需要提供shellcode文件的免杀框架,可输出exe/dll/ps1
编译需要mingw套件
usage:____ _ _ ____ _ ____ _____ ____ _ __/ ___\/ \ /|/ \/ __\/ \ /|/ __\/ __// _Y |/ /| \| |_||| || \/|| | ||| \/|| \ | / | /\___ || | ||| || __/| |/\||| /| /_ | \_| \\____/\_/ \|\_/\_/ \_/ \|\_/\_\\____\\____|_|\_\By: [email protected]王半仙Input a raw file to bypass av and execute.optional arguments: -h, --help show this help message and exit -f FILENAME, --filename FILENAME Provide a shellcode in raw format. -e ENCRYPTTYPE, --encryptType ENCRYPTTYPE Shellcode encryption method(e.g. b64, xor, aes, uuid, mac, ipv4, diy...) --alloc ALLOC Function for allocating memory(e.g. Virtualalloc, MapViewOfFile, malloc...) --callback CALLBACK Callback function used to execute your shellcode. --syscall Replace VirtualAlloc, the VritualProtect function is called by syscall.(Only x64) --bit BIT Is the shellcode 32-bit or 64-bit? Default is x64. (e.g. x86/x64) --script SCRIPT Generate binary file type. (e.g. cpp/dll) --obf Powershell file easyObf...
-f FILENAME, --filename FILENAME Provide a shellcode in raw format.
-e ENCRYPTTYPE, --encryptType ENCRYPTTYPE
Shellcode encryption method(e.g. b64,xor,aes,diy...)
默认申请内存为VirtualAllocExNuma,不可与syscall同用
申请内存方式参考Schrodinger-s-Cat,malloc,calloc,MapViewOfFile申请内存方式存在问题,有成功了的交流一下
--alloc ALLOC Function for allocating memory(e.g. Virtualalloc, HeapAlloc)
选定回调函数、template目录下的cpp皆可,可自己添加,默认为CertEnumSystemStore
当前有36个可用callback,用来代替经典的CreateThread来执行shellcode
--callback CALLBACK Callback function used to execute your shellcode.
--syscall Replace VirtualAlloc, the VritualProtect function is called by syscall.(Only x64)
--bit BIT Is the shellcode 32-bit or 64-bit? Default is x64. (e.g. x86/x64)
--script SCRIPT Generate binary file type. (e.g. cpp/dll/ps1)
不指定--script默认为exe,切换到output目录下,使用输出信息中的Compile-Command编译即可