Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #44664
    False GeniusFalse Genius
    Participant

    Hello,

    I created a windows powershell stager and after transferring it to windows, running it gives me the following error and the empire listener doesn’t catch anything!

    Error: Could not find C::\Users\IEUser\Dowwnloads\%~f0

    Wait, how do I attach the image in this thing?

    #44686
    diegodiego
    Moderator

    Hi!
    You can upload it to an image host service and share the linkh here.

    Did you disable defender in victim machine?

    Can you show me the following please:
    1. Result of ​ifconfig and route -n ​in Kali.
    2. The result of ipconfig in Windows.
    3. The options for the listener.
    4. T​he options for the stager.​
    5. Can you share a screenshot of the Network settings used in VirtualBox for both machines.

    Let me know.
    Diego

    #44691
    False GeniusFalse Genius
    Participant

    Hi Diego,

    Yes, the defender in victim machine is off. The backdoor generated by veil and fatrat works. The one generated by empire doesn’t work

    https://ibb.co/vwg0bdF
    https://ibb.co/KNV0WzV
    https://ibb.co/V9q0MCp
    https://ibb.co/SyC1Qqh
    https://ibb.co/sH8c5qq
    https://ibb.co/FqgvG3H

    Check these links for the images.

    Best,
    False Genius

    #44693
    False GeniusFalse Genius
    Participant

    Hi,

    By the way, I tried running fatrat backdoor. It connected to the listener on my host machine. Then, this happened:
    https://ibb.co/crkrD8F

    Please, help!

    False Genius

    #44694
    False GeniusFalse Genius
    Participant

    Hi,

    I fixed the problem by switching windows defender on and off again so it’s all working now. I have one last question! When we target a machine, the windows defender
    antivirus on that machine will be on by default. When I ran the powershell-empire backdoor on my virtual windows machine, the defender detected that backdoor and I had to manually switch the defender off for the backdoor to work. Even the one generated by fatrat gets detected. Only the backdoor generated by veil passes the defender security. What to do to make sure that all of them work?

    False Genius

    #44695
    False GeniusFalse Genius
    Participant

    Also, are there any other websites besides nodistribute.com to check these backdoors? After uploading my backdoor on that website, it gives me timeout error.

    False Genius

    #44739
    diegodiego
    Moderator

    Hi!
    You can try to use antiscan.me as a nodistribute alternaive.

    Basically bypassing AV programs is like a game of cat and mouse, so backdoors might start getting detected at some stage, then the developers release an update, this will allow you to generate undetectable backdoors, then AV programs release an update which will make backdoors detectable ……..

    So the main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date.​​
    Here’s a few solutions to try if your backdoor is getting detected:

    1. Make sure that you have the latest version of Veil, so do ​updated ​before doing ​use 1.
    ​2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.​
    3. Try generating a backdoor using the fat rat, empire.
    4. Modify backdoor code if its in bat as shown in lecture 33.
    5. Modify backdoor using a hex editor as shown in lecture 40.
    6. Create your own backdoor (covered in python course).

    The best thing to do is look at the last lecture of the course (bonus lecture) it contains all the courses that you can take with this course and a comparison between them.

    Also check out this video:

    How To Create Fully Undetectable Backdoors

    Hope it helps!
    Diego

    #44755
    False GeniusFalse Genius
    Participant

    Alright, thank you.

    False Genius

    #44781
    diegodiego
    Moderator

    You’re welcome!
    Greetings!
    Diego

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.