• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Ladon九种PowerShell命令混淆加密免杀方法


k8

Recommended Posts

九种方式随机混淆PowerShell代码,防止管理员轻易还原,至少比默认明文或Base64隐蔽。
Base64就不说了是个人都能解,一是常用,二是工具多,管理员懂解很正常,所以不推荐。
Ladon提供的混淆方法,每点一次按钮就随机会生成不同的命令,但是执行的都是同个功能
管理员想反查就得每一条都研究如何解密,给管理员增加难度,就是给自己增加控制时间。

更新功能

GUI 2020.10.18
[+] PowerShell转EXE,EXE转PowerShell
EXE->Powershell
PowerShell->EXE
[+] 九种PowerShell命令混淆(随机加密)

HexCommand
AsciiCommand
BinaryCommand
CompressedCommand
BXORCommand
OctalCommand
SpecialCharOnlyCommand
SecureStringCommand
Base64Command
DecodeBase64

应用场景

1.隐藏执行PowerShell命令代码,不让管理员知道你意图
2.PowerShell脚本免杀(很多杀软对脚本的查杀能力很弱)

演示教程

文本框1填写PowerShell代码或PowerShell命令(包含在Powershell中能执行的CMD命令)

1
2
3
Write-Host 'Hello K8gege!' -ForegroundColor Green; 
Write-Host 'Fuck you!' -ForegroundColor Green;
whoami

点击中间按钮对PowerShell进行加密
image

加密生成的代码可直接在CMD中执行
image

随机加密

九种方式随机混淆PowerShell代码,防止管理员轻易还原,至少比默认明文或Base64隐蔽。
如图对同一份代码加密,每点按钮一次,都会生成不同的加密代码(Base64除外)

image

Exe->Powershell

Ladon免杀/.NET免杀/Exe2Ps1/Ps12Exe/EXE转PowerShell
http://k8gege.org/Ladon/Exe2Powershell.html

Ladon下载

历史版本: https://github.com/k8gege/Ladon/releases

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now