title: SpookFlare一个loader/dropper生成器 date: 2018-12-14 16:44:51 categories:
- Post-Exploitation
SpookFlare从不同的视角绕过目标的安全措施,它可以让你有机会绕过目标的防御对策,无论是客户端检测还是网络端检测。SpookFlare是一个loader/dropper生成器, 可以用于Meterpreter,Empire, Koadic 等,SpookFlare具有混淆,编码,运行时代码编译和字符替换功能。因此,您可以像老板一样绕过目标系统的对策,直到他们“学会”SpookFlare有效负载的技术和行为。
项目地址:https://github.com/hlldz/SpookFlare
SpookFlare主要功能
-
Obfuscation 混淆
-
Encoding 编码
-
Run-time Code Compiling 运行时代码编译
-
Character Substitution 字符替换
-
Patched Meterpreter Stage Support 支持meterpreter stage
-
Blocked powershell.exe Bypass 绕过powershell锁定
___ ___ ___ ___ _ _____ _ _ ___ ___
/ __| _ \/ _ \ / _ \| |/ / __| | /_\ | _ \ __|
\__ \ _/ (_) | (_) | ' <| _|| |__ / _ \| / _|
|___/_| \___/ \___/|_|\_\_| |____/_/ \_\_|_\___|
Version : 2.0
Author : Halil Dalabasmaz
WWW : artofpwn.com, spookflare.com
Twitter : @hlldz
Github : @hlldz
Licence : Apache License 2.0
Note : Stay in shadows!
[*] You can use "help" command for access help section.
SpookFlare > list
ID | Payload | Description
----+------------------------+------------------------------------------------------------
1 | meterpreter/binary | .EXE Meterpreter Reverse HTTP and HTTPS loader
2 | meterpreter/powershell | PowerShell based Meterpreter Reverse HTTP and HTTPS loader
3 | javascript/hta | .HTA loader with .HTML extension for specific command
4 | vba/macro | Office Macro loader for specific command
安装
# git clone https://github.com/hlldz/SpookFlare.git
# cd SpookFlare
# pip install -r requirements.txt
技术细节
https://artofpwn.com/spookflare.html
相关教程:
-
SpookFlare HTA Loader for Koadic: https://youtu.be/6OyZuyIbRLU
-
SpookFlare PowerShell/VBA Loaders for Meterpreter: https://youtu.be/xFBRZz78U_M
-
v1.0 Usage Video: https://www.youtube.com/watch?v=p_eKKVoEl0o