August 26, 2020 at 3:49 pm #44664
I created a windows powershell stager and after transferring it to windows, running it gives me the following error and the empire listener doesn’t catch anything!
Error: Could not find C::\Users\IEUser\Dowwnloads\%~f0
Wait, how do I attach the image in this thing?August 27, 2020 at 3:40 am #44686
You can upload it to an image host service and share the linkh here.
Did you disable defender in victim machine?
Can you show me the following please:
1. Result of ifconfig and route -n in Kali.
2. The result of ipconfig in Windows.
3. The options for the listener.
4. The options for the stager.
5. Can you share a screenshot of the Network settings used in VirtualBox for both machines.
Let me know.
DiegoAugust 27, 2020 at 7:30 am #44691
Yes, the defender in victim machine is off. The backdoor generated by veil and fatrat works. The one generated by empire doesn’t work
Check these links for the images.
False GeniusAugust 27, 2020 at 9:20 am #44693
By the way, I tried running fatrat backdoor. It connected to the listener on my host machine. Then, this happened:
False GeniusAugust 27, 2020 at 9:47 am #44694
I fixed the problem by switching windows defender on and off again so it’s all working now. I have one last question! When we target a machine, the windows defender
antivirus on that machine will be on by default. When I ran the powershell-empire backdoor on my virtual windows machine, the defender detected that backdoor and I had to manually switch the defender off for the backdoor to work. Even the one generated by fatrat gets detected. Only the backdoor generated by veil passes the defender security. What to do to make sure that all of them work?
False GeniusAugust 27, 2020 at 9:53 am #44695
Also, are there any other websites besides nodistribute.com to check these backdoors? After uploading my backdoor on that website, it gives me timeout error.
False GeniusAugust 28, 2020 at 1:59 am #44739
You can try to use antiscan.me as a nodistribute alternaive.
Basically bypassing AV programs is like a game of cat and mouse, so backdoors might start getting detected at some stage, then the developers release an update, this will allow you to generate undetectable backdoors, then AV programs release an update which will make backdoors detectable ……..
So the main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date.
Here’s a few solutions to try if your backdoor is getting detected:
1. Make sure that you have the latest version of Veil, so do updated before doing use 1.
2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.
3. Try generating a backdoor using the fat rat, empire.
4. Modify backdoor code if its in bat as shown in lecture 33.
5. Modify backdoor using a hex editor as shown in lecture 40.
6. Create your own backdoor (covered in python course).
The best thing to do is look at the last lecture of the course (bonus lecture) it contains all the courses that you can take with this course and a comparison between them.
Also check out this video:
Hope it helps!
DiegoAugust 28, 2020 at 3:38 pm #44755
Alright, thank you.
False GeniusAugust 29, 2020 at 3:41 am #44781
- You must be logged in to reply to this topic.