WinPayloads:一个可以绕过安全检查的Windowspayload生成器

2017-07-19 358094人围观 ,发现 5 个不明物体 工具

WinPayloads

今天给大家介绍的是一款名叫WinPayloads的Payload生成器,这款工具使用了metasploits meterpreter shellcode,它不仅可以向shellcode中注入用户IP和端口,而且还可以使用ctypes写入能够执行shellcode的Python文件。

所有生成的代码和文件都将进行AES加密,然后使用pyinstaller编译成一个Windows可执行文件。更加重要的是,WinPayloads所生成的Payload可以绕过Windows安全防护产品的检测。

注:与之前一样,千万不要将Payload上传到任何一个在线病毒检测工具。

功能介绍

1.      UAC绕过-PowerShellEmpire:

https://github.com/PowerShellEmpire/Empire/raw/master/data/module_source/privesc/Invoke-BypassUAC.ps1

2.      PowerUp-PowerShellEmpire:

https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1

3.      Invoke-Shellcode:

https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-Shellcode.ps1

4.      Invoke-Mimikatz:

https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1

5.      Invoke-EventVwrBypass:

https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-EventVwrBypass.ps1

6.      持久化-在目标设备上执行Payload,重启之后Payload依然有效

7.      生成无法被检测到的Windows Payload

8.      易于使用的用户操作界面

9.      上传Payload至本地Web服务器

10.   生成Payload之后自动运行Metasploit监听器

如上所示,Winpayloads还具备UAC绕过和Payload持久化等功能,这些功能都是在meterpreter获取到反向shell之后,通过在目标系统中执行PowerShell文件来实现的。除此之外,Winpayloads还会设置一个SimpleHTTPServer来上传和发送Payload。

下载地址:

GitHub传送门

运行环境

Python 2.7
Kali Linux/Ubuntu/或其他Linux发行版
互联网

安装

setup.sh将会进行以下操作:

安装32位代码和依赖组件;

安装wine32

安装python(wine)

安装python extras(wine)

安装pyinstaller

安装impacket

生成证书

下载psexecspray 模块(https://github.com/Charliedean/PsexecSpray/)

很简单吧?如果你在安装过程中遇到了错误的话,可以尝试运行下面这条命令:

./setup.sh -r

如果问题还是得不到解决的话,你可以到该项目的GitHub主页上留言。

* 参考来源:charliedean, FB小编Alpha_h4ck编译,转载请注明来自FreeBuf.COM

发表评论

已有 5 条评论

  • Season762  (1级)  2017-07-20 回复 1楼

    –2017-07-19 21:24:53– https://download.microsoft.com/download/1/1/1/1116b75a-9ec3-481a-a3c8-1777b5381140/vcredist_x86.exe
    Resolving download.microsoft.com (download.microsoft.com)… 2600:140b:8000:3ac::e59, 2600:140b:8000:3a8::e59, 2600:140b:8000:389::e59, …
    Connecting to download.microsoft.com (download.microsoft.com)|2600:140b:8000:3ac::e59|:443… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 1821192 (1.7M) [application/octet-stream]
    Saving to: ‘vcredist_x86.exe’

    vcredist_x86.exe 100%
    kali rolling系统,完美的卡在这个地方不动了
    [===================================================================================================================>] 1.74M –.-KB/s in 0.02s

    2017-07-19 21:24:54 (72.3 MB/s) – ‘vcredist_x86.exe’ saved [1821192/1821192]

    err:winediag:nulldrv_CreateWindow Application tried to create a window, but no driver could be loaded.
    err:winediag:nulldrv_CreateWindow Make sure that your X server is running and that $DISPLAY is set correctly.

  • 三叶草  (1级) نفل  2017-07-21 回复 2楼

    [*] Creating Payload using Pyinstaller…
    Traceback (most recent call last):
    File "WinPayloads.py", line 41, in <module>
    getAndRunMainMenu()
    File "/root/Winpayloads/lib/menu.py", line 61, in getAndRunMainMenu
    mainMenu.runmenu()
    File "/root/Winpayloads/lib/menu.py", line 115, in runmenu
    result = extrawork(payloadchoice,payload)
    File "/root/Winpayloads/lib/preparepayload.py", line 50, in reversePayloadGeneration
    GeneratePayload(ez2read_shellcode,payloadname,shellcode)
    File "/root/Winpayloads/lib/generatepayload.py", line 67, in GeneratePayload
    ‘%s/payload.py’ % payloaddir(), ‘–noconsole’, ‘–onefile’, ‘–key’,randomenckey], bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    File "/root/.pyenv/versions/2.7.3/lib/python2.7/subprocess.py", line 679, in __init__
    errread, errwrite)
    File "/root/.pyenv/versions/2.7.3/lib/python2.7/subprocess.py", line 1249, in _execute_child
    raise child_exception
    OSError: [Errno 2] No such file or directory

  • 三叶草  (1级) نفل  2017-07-21 回复 3楼

    ./WinPayloads.py
    Traceback (most recent call last):
    File "./WinPayloads.py", line 2, in <module>
    from lib.main import *
    File "/root/Winpayloads/lib/main.py", line 8, in <module>
    import blessed
    ImportError: No module named blessed

  • Jazzbass  (1级)  2017-07-24 回复 4楼

    Traceback (most recent call last):
    File "/opt/pyinstaller/pyinstaller.py", line 14, in <module>
    from PyInstaller.__main__ import run
    File "Z:\opt\pyinstaller\PyInstaller\__main__.py", line 21, in <module>
    import PyInstaller.building.build_main
    File "Z:\opt\pyinstaller\PyInstaller\building\build_main.py", line 34, in <module>
    from .api import PYZ, EXE, COLLECT, MERGE
    File "Z:\opt\pyinstaller\PyInstaller\building\api.py", line 38, in <module>
    from PyInstaller.utils.win32 import winmanifest, icon, versioninfo, winresource
    File "Z:\opt\pyinstaller\PyInstaller\utils\win32\versioninfo.py", line 18, in <module>
    from …lib import pefile
    File "Z:\opt\pyinstaller\PyInstaller\lib\pefile.py", line 26, in <module>
    from past.builtins import cmp, long
    ImportError: No module named past.builtins

取消
Loading...
css.php