- July 18, 2020 at 3:45 pm #42611
I’ve been trying to get a reverse connection windows/meterpreter/reverse http/https/tcp using Msfconsole with Fatrat or Veil but I don’t get a reverse connection when i run the backdoor on my windows machine. Both are on the same NAT network.
Using Msfconsole im listening on the same port that I’ve chosen in the backdoor usually something like 8080.
I should be able to get the reverse connection no matter what program I’ve used to make the back door if im then listening on Msfconsole?
link to settings for msfconsole and fatrat: https://imgur.com/a/6ggpOSs
link to show the test.bat file on my Windows machine: https://imgur.com/a/O6RxlD0July 19, 2020 at 4:33 am #42634
Yeah, as long as you choose meterpreter payloads in any tool you should be able to get them in msfconsole. Have you disabled defender in victim machine?
Can you show the results of:
ifconfig and route -n in kali
ipconfig in windows
Can you share a screenshot of the Network settings used in VirtualBox for both machines?
DiegoJuly 20, 2020 at 4:40 pm #42717
Windows Defender is disabled in the Windows host machine, some times it will still detect the backdoor if I used Veil, Fatrat is fine doesn’t get detected.
Images uploaded here: https://imgur.com/a/MwJNT5GJuly 21, 2020 at 3:52 am #42753
You have to disable defender in your windows virtual machine and not in the host machine, can you try to use a different payload and port? Actually try with different payloads.
Let me know how it goes!
DiegoJuly 21, 2020 at 7:23 am #42762
Sorry meant its disabled in the virtual machine, although when disabled it still detects and automatically deletes some backdoors.
Il try using different ports and payloads.
Currently tried reverse_http reverse_https and reverse_tcp although I tried on both ports 4444 and 8080 I will keep trying to change the port.
Failing that il see if I can create a backdoor using Veil and then change the code with hashcat to see if it works.
From my settings I’m not doing anything wrong though?July 22, 2020 at 3:59 am #42812
No, your settings looks ok. But if your windows virtual machine detects and deletes the backdoor then you haven’t disable defender. Windows defender has many features, the one you need to disabele is Virus & Threats. Also hashcat is used for different things not for modifying binaries. So disable the feature that I mentioned and use Veil to create your backdoor.
Let me know how it goes!
- You must be logged in to reply to this topic.