通过 Metasploit::Framework::Compiler 编译解密 RC4

如何使用 Metasploit::Framework::Compiler 解密 RC4

Metasploit C 编译器内置了对 RC4 加密和解密的支持, 它作为 rc4.h 头文件实现.

代码示例

#include <Windows.h>
#include <rc4.h>

#define PAYLOADSIZE 12
#define RC4KEY "4ASMkFslyhwXehNZw048cF1Vh1ACzyyA"

int main(void) {
  unsigned char payload[] = "\xd8\xb0\xe9\x5a\x89\xc2\xee\x43\xb9\x30\xd0\x86";
  int lpBufSize = sizeof(int) * PAYLOADSIZE;
  LPVOID lpBuf = VirtualAlloc(NULL, lpBufSize, MEM_COMMIT, 0x04);
  memset(lpBuf, '\0', lpBufSize);
  RC4(RC4KEY, payload, (char*) lpBuf, PAYLOADSIZE);
  MessageBox(NULL, (char*) lpBuf, "Test", MB_OK);
  return 0;
}

要编译, 请使用 Metasploit::Framework::Compiler::Windows.compile_c.