- This topic has 8 replies, 2 voices, and was last updated 3 years, 7 months ago by
.
-
Posts
-
Hello,
I created a windows powershell stager and after transferring it to windows, running it gives me the following error and the empire listener doesn’t catch anything!
Error: Could not find C::\Users\IEUser\Dowwnloads\%~f0
Wait, how do I attach the image in this thing?
Hi!
You can upload it to an image host service and share the linkh here.Did you disable defender in victim machine?
Can you show me the following please:
1. Result of ifconfig and route -n in Kali.
2. The result of ipconfig in Windows.
3. The options for the listener.
4. The options for the stager.
5. Can you share a screenshot of the Network settings used in VirtualBox for both machines.Let me know.
DiegoHi Diego,
Yes, the defender in victim machine is off. The backdoor generated by veil and fatrat works. The one generated by empire doesn’t work
https://ibb.co/vwg0bdF
https://ibb.co/KNV0WzV
https://ibb.co/V9q0MCp
https://ibb.co/SyC1Qqh
https://ibb.co/sH8c5qq
https://ibb.co/FqgvG3HCheck these links for the images.
Best,
False GeniusHi,
By the way, I tried running fatrat backdoor. It connected to the listener on my host machine. Then, this happened:
https://ibb.co/crkrD8FPlease, help!
False Genius
Hi,
I fixed the problem by switching windows defender on and off again so it’s all working now. I have one last question! When we target a machine, the windows defender
antivirus on that machine will be on by default. When I ran the powershell-empire backdoor on my virtual windows machine, the defender detected that backdoor and I had to manually switch the defender off for the backdoor to work. Even the one generated by fatrat gets detected. Only the backdoor generated by veil passes the defender security. What to do to make sure that all of them work?False Genius
Also, are there any other websites besides nodistribute.com to check these backdoors? After uploading my backdoor on that website, it gives me timeout error.
False Genius
Hi!
You can try to use antiscan.me as a nodistribute alternaive.Basically bypassing AV programs is like a game of cat and mouse, so backdoors might start getting detected at some stage, then the developers release an update, this will allow you to generate undetectable backdoors, then AV programs release an update which will make backdoors detectable ……..
So the main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date.
Here’s a few solutions to try if your backdoor is getting detected:1. Make sure that you have the latest version of Veil, so do updated before doing use 1.
2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.
3. Try generating a backdoor using the fat rat, empire.
4. Modify backdoor code if its in bat as shown in lecture 33.
5. Modify backdoor using a hex editor as shown in lecture 40.
6. Create your own backdoor (covered in python course).The best thing to do is look at the last lecture of the course (bonus lecture) it contains all the courses that you can take with this course and a comparison between them.
Also check out this video:
Hope it helps!
Diego
- You must be logged in to reply to this topic.
