• Invoke-Obfuscation(psh代码混淆)


    Invoke-Obfuscation(psh代码混淆)

    启动

    git clone https://github.com/danielbohannon/Invoke-Obfuscation.git

    cd Invoke-Obfuscation

    powershell

    Import-Module ./Invoke-Obfuscation.psd1

    Invoke-Obfuscation

    使用

    set

    设置要混淆的powershell代码位置

    set scriptpath C:\Users\nathan\Desktop\1.ps1

    set scriptpath http://192.168.1.121/1.ps1

    set scriptblock powershell -nop -w -hidden -e (此处为混淆的powershell的代码)

    tutorial

    1.加载scriptblock(set scriptblock)或脚本路径/URL(set SCRIPTPATH)

    2.黄色选项为混淆菜单导航,绿色选项应用混淆

    输入'back/cd'到上一个菜单和HOME/MAIN到HOME菜单

    输入'encoding',然后输入5,应用SecureString混淆

    3.

    输入'TEST/EXEC'在本地测试混淆的命令

    输入'SHOW'以查看当前混淆的命令

    4.

    输入'COPY/CLIP'将命令复制到剪贴板

    输入'OUT'将混淆命令写入键盘

    5.

    输入'RESET'以消除所有混淆并重新开始

    输入'UNDO'以撤销上次混淆

    输入'HELP/?'显示帮助菜单

    help

    帮助菜单

    工具使用教程 TUTORIAL

    显示帮助菜单 HELP,GET-HELP,?,/?,MENU

    显示要混淆的payload选项 SHOW OPTIONS,SHOW,OPTIONS

    清屏 CLEAR,CLEAR-HOST.CLS

    在本地执行混淆的命令 EXEC,EXECUTE,TEST,RUN

    复制混淆命令到剪切板 COPY,CLIP,CLIPBOARD

    写入混淆命令到磁盘 OUT

    重置混淆命令的所有混淆 RESET

    撤销混淆命令的上次混淆 UNDO

    回到先前的混淆菜单 BACK,CD ..

    退出Invoke-Obfuscation QUIT,EXIT

    返回主菜单 HOME,MAIN

    可用选项

    TOKEN 混淆PowerShell命令token

    AST 混淆PowerShell AST节点(PS3,0+)

    STRING 将整个命令混淆为字符串

    ENCODING 通过编码混淆整个命令

    COMPRESS 将整个命令转换为一行程序并进行压缩

    LAUNCHER 用启动器技术混淆命令参数(在结束时运行一次)

    token

    TOKEN\STRING 混淆字符串tokens(建议先运行)

    TOKEN\COMMAND 混淆命令tokens

    TOKEN\ARGUMENT 混淆参数tokens

    TOKEN\MEMBER 混淆成员tokens

    TOKEN\VARIABLE 混淆变量tokens

    TOKEN\TYPE 混淆类型tokens

    TOKEN\COMMENT 删除所有注释tokens

    TOKEN\WHITESPACE 传入随即空格(建议后运行)

    TOKEN\ALL 从上面选择所有选项(随即选项)

    TOKEN\ALL\1 执行所有token混淆技术(随即顺序)

    AST

    AST\NamedAttributeArgumentAst      Obfuscate NamedAttributeArgumentAst nodes

    AST\ParamBlockAst                   Obfuscate ParamBlockAst nodes

    AST\ScriptBlockAst                  Obfuscate ScriptBlockAst nodes

    AST\AttributeAst                     Obfuscate AttributeAst nodes

    AST\BinaryExpressionAst              Obfuscate BinaryExpressionAst nodes

    AST\HashtableAst                     Obfuscate HashtableAst nodes

    AST\CommandAst                     Obfuscate CommandAst nodes

    AST\AssignmentStatementAst           Obfuscate AssignmentStatementAst nodes

    AST\TypeExpressionAst                Obfuscate TypeExpressionAst nodes

    AST\TypeConstraintAst                Obfuscate TypeConstraintAst nodes

    AST\ALL                              Select All choices from above

    string

    STRING\1    Concatenate entire command

    STRING\2    Reorder entire command after concatenating

    STRING\3    Reverse entire command after concatenating

    encoding

    ENCODING\1          将整个命令编码为ASCII

    ENCODING\2          将整个命令编码为Hex

    ENCODING\3          将整个命令编码为Octal

    ENCODING\4          将整个命令编码为Binary

    ENCODING\5          将整个命令编码为SecureString (AES)

    ENCODING\6          将整个命令编码为BXOR

    ENCODING\7          将整个命令编码为Special Characters

    ENCODING\8          将整个命令编码为Whitespace

    compress

    COMPRESS\1 将整个命令转换为一行程序并进行压缩

    launcher

    [*] LAUNCHER\PS         PowerShell

    [*] LAUNCHER\CMD        Cmd + PowerShell

    [*] LAUNCHER\WMIC       Wmic + PowerShell

    [*] LAUNCHER\RUNDLL     Rundll32 + PowerShell

    LAUNCHER\VAR+       Cmd + set Var && PowerShell iex Var

    LAUNCHER\STDIN+     Cmd + Echo | PowerShell - (stdin)

    LAUNCHER\CLIP+      Cmd + Echo | Clip && PowerShell iex clipboard

    LAUNCHER\VAR++      Cmd + set Var && Cmd && PowerShell iex Var

    LAUNCHER\STDIN++    Cmd + set Var && Cmd Echo | PowerShell - (stdin)

    LAUNCHER\CLIP++     Cmd + Echo | Clip && Cmd && PowerShell iex clipboard

    LAUNCHER\RUNDLL++   Cmd + set Var && Rundll32 && PowerShell iex Var

    LAUNCHER\MSHTA++    Cmd + set Var && Mshta && PowerShell iex Var

  • 相关阅读:
    C语言参数类型
    Java web速成之jsp
    一种更优雅书写Python代码的方式
    Tomcat实现七层、四层代理的动静分离
    ZigBee 3.0理论教程-通用-1-10:安全加密-应用子层(APS)安全
    .NET MVC第一章、项目创建与使用
    MySQL事务与MVCC如何实现的隔离级别
    安全漏洞-linux漏洞修复命令
    C++中的字符串编码处理
    <迷宫问题及最短路径问题(使用DFS与回溯法求解)>——《算法》
  • 原文地址:https://blog.csdn.net/m0_63127854/article/details/126291695