Code Monkey home page Code Monkey logo

houqing's Introduction

Hou Qing-Advanced AV Evasion Tool For Red Team Ops

Hou Qing(侯卿)基于Golang语言,用于快速生成免杀的 EXE 可执行文件。

声明:

仅用于技术交流,请勿用于非法用途。

此项目为悬剑项目组近日基于GIthub参考研究出的一个免杀小玩意儿,目测过一些市面主流免杀,无事不必丢v站,不免杀了咱再说。

取之开源,用之开源。希望大家提出宝贵意见。

工具参考:

https://github.com/hack2fun/BypassAV

https://github.com/Gality369/CS-Loader

下载:

1.0下载

依赖:

golang 1.15.6

用法(细看):

下载完成是两个文件:

code.go和loader.go

1.先打开code.go,修改如图两个key。

image-20210114112344275

2.将生成的64位java Shellcode填入(去首尾多于字符,只保留代码!)替换到引号内。

2

如下图:

image-20210114112743348

3.go run code.go + .jpg图片,如图所示:

image-20210114112918574

4.将图片上传到未压缩图床。

5.修改loader.go,key值同code相同,imageURL改为图片链接即可。

image-20210114113131191

6.go run loader.go即可上线。

备注:golang 调用cmd下程序隐藏黑窗口-方法 编译go时加入参数: go build -ldflags="-H windowsgui"

6

image-20210114121646938

houqing's People

Contributors

hangingsword avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

rakjong b1gd0g jorgejorgeliu sry309 dwafdsfs selfevo gg-o1 tthking sesyi momika233 j5s phuong39 amjiyu yukar1z0e supejkj x1wan9 sairson yuyuowo sugarbeet77 mytfx libaizaishuijiao jeromeyoung allblue147 douglas88 bigbrobro mxliang83 0x00finch sockx hackerxj007 ar39 mmm1ku flaray ep113 kenuosec gysf666 the9527 aaasssqqqz belos-pretender last-yesterday fzpixzj90h7baqieoop5hg evi1hack samy1937 qianniaoge w20di 5l1v3r1 lztcode hchwork fidjiw yenannn yulate hack404-007 kagantua grn0bmp pamentierx testitok ii0 flyer116 dirscan nucleareris m277m277

houqing's Issues

引用加载图片的时候遇到了报错

Exception 0xc0000005 0x1 0x35 0x1e3ad080060
PC=0x1e3ad080060

runtime.cgocall(0x6e4880, 0xc0000802e0)
C:/Program Files/Go/src/runtime/cgocall.go:156 +0x4a fp=0xc00007de10 sp=0xc00007ddd8 pc=0x683e6a
syscall.Syscall(0x1e3ad080000, 0x0, 0x0, 0x0, 0x0)
C:/Program Files/Go/src/runtime/syscall_windows.go:479 +0xf4 fp=0xc00007de48 sp=0xc00007de10 pc=0x6df634
syscall.Syscall(0xa61700, 0xc00000a780, 0x1cf8, 0xc000035f30, 0x6)
:1 +0x2b fp=0xc00007de98 sp=0xc00007de48 pc=0x6e572b
main.main()
C:/Users/Administrator/Desktop/HouQing-1.0/Loader.go:73 +0x365 fp=0xc00007df80 sp=0xc00007de98 pc=0x86cca5
runtime.main()
C:/Program Files/Go/src/runtime/proc.go:255 +0x217 fp=0xc00007dfe0 sp=0xc00007df80 pc=0x6b85f7
runtime.goexit()
C:/Program Files/Go/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc00007dfe8 sp=0xc00007dfe0 pc=0x6e3001

goroutine 8 [IO wait]:
internal/poll.runtime_pollWait(0x1e3d26c6708, 0x72)
C:/Program Files/Go/src/runtime/netpoll.go:229 +0x89
internal/poll.(*pollDesc).wait(0xc0000266d8, 0xc00002fba0, 0x0)
C:/Program Files/Go/src/internal/poll/fd_poll_runtime.go:84 +0x32
internal/poll.execIO(0xc00007ef18, 0x8df2c0)
C:/Program Files/Go/src/internal/poll/fd_windows.go:175 +0xe5
internal/poll.(*FD).Read(0xc00007ef00, {0xc00013a000, 0x1000, 0x1000})
C:/Program Files/Go/src/internal/poll/fd_windows.go:441 +0x25f
net.(*netFD).Read(0xc00007ef00, {0xc00013a000, 0x6b8a47, 0xc00003dc30})
C:/Program Files/Go/src/net/fd_posix.go:56 +0x29
net.(*conn).Read(0xc000006048, {0xc00013a000, 0x13, 0xc00002e000})
C:/Program Files/Go/src/net/net.go:183 +0x45
net/http.(*persistConn).Read(0xc0001087e0, {0xc00013a000, 0xc00004a360, 0xc00003dd30})
C:/Program Files/Go/src/net/http/transport.go:1926 +0x4e
bufio.(*Reader).fill(0xc0000463c0)
C:/Program Files/Go/src/bufio/bufio.go:101 +0x103
bufio.(*Reader).Peek(0xc0000463c0, 0x1)
C:/Program Files/Go/src/bufio/bufio.go:139 +0x5d
net/http.(*persistConn).readLoop(0xc0001087e0)
C:/Program Files/Go/src/net/http/transport.go:2087 +0x1ac
created by net/http.(*Transport).dialConn
C:/Program Files/Go/src/net/http/transport.go:1747 +0x1e05

goroutine 9 [select]:
net/http.(*persistConn).writeLoop(0xc0001087e0)
C:/Program Files/Go/src/net/http/transport.go:2386 +0xfb
created by net/http.(*Transport).dialConn
C:/Program Files/Go/src/net/http/transport.go:1748 +0x1e65
rax 0x1e3ad08002c
rbx 0xc0000802e0
rcx 0x0
rdi 0x5649a60000
rsi 0xc00007de58
rbp 0x0
rsp 0x564abffa98
r8 0x0
r9 0x0
r10 0x25
r11 0x25
r12 0x2e
r13 0x0
r14 0xc00002e000
r15 0xffffffffffffffff
rip 0x1e3ad080060
rflags 0x10206
cs 0x33
fs 0x53
gs 0x2b
exit status 2

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.