Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #42611
    Kayoh
    Participant

    I’ve been trying to get a reverse connection windows/meterpreter/reverse http/https/tcp using Msfconsole with Fatrat or Veil but I don’t get a reverse connection when i run the backdoor on my windows machine. Both are on the same NAT network.

    Using Msfconsole im listening on the same port that I’ve chosen in the backdoor usually something like 8080.

    I should be able to get the reverse connection no matter what program I’ve used to make the back door if im then listening on Msfconsole?

    link to settings for msfconsole and fatrat: https://imgur.com/a/6ggpOSs

    link to show the test.bat file on my Windows machine: https://imgur.com/a/O6RxlD0

    #42634
    Diego PérezDiego Pérez
    Moderator

    Hi!
    Yeah, as long as you choose meterpreter payloads in any tool you should be able to get them in msfconsole. Have you disabled defender in victim machine?

    Can you show the results of:
    ifconfig and route -n in kali
    ipconfig in windows
    Can you share a screenshot of the Network settings used in VirtualBox for both machines?

    Thanks!
    Diego

    #42717
    Kayoh
    Participant

    Windows Defender is disabled in the Windows host machine, some times it will still detect the backdoor if I used Veil, Fatrat is fine doesn’t get detected.

    Images uploaded here: https://imgur.com/a/MwJNT5G

    #42753
    Diego PérezDiego Pérez
    Moderator

    Hi!
    You have to disable defender in your windows virtual machine and not in the host machine, can you try to use a different payload and port? Actually try with different payloads.

    Let me know how it goes!
    Diego

    #42762
    Kayoh
    Participant

    Sorry meant its disabled in the virtual machine, although when disabled it still detects and automatically deletes some backdoors.

    Il try using different ports and payloads.

    Currently tried reverse_http reverse_https and reverse_tcp although I tried on both ports 4444 and 8080 I will keep trying to change the port.

    Failing that il see if I can create a backdoor using Veil and then change the code with hashcat to see if it works.

    From my settings I’m not doing anything wrong though?

    #42812
    Diego PérezDiego Pérez
    Moderator

    Hi!
    No, your settings looks ok. But if your windows virtual machine detects and deletes the backdoor then you haven’t disable defender. Windows defender has many features, the one you need to disabele is Virus & Threats. Also hashcat is used for different things not for modifying binaries. So disable the feature that I mentioned and use Veil to create your backdoor.

    Let me know how it goes!
    Diego

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.