- This topic has 13 replies, 2 voices, and was last updated 4 years, 5 months ago by
.
- Posts
Hello, I have a problem with the meterpreter – it’s not showing the hacked results of the target computer. Please view the details here. Thanks.
Hi Dennis!
Make sure that you’re using the same payload when generating the backdoor and when using multi handler, if you’re already doing that then try using a different port, if you’re still having issues then please show me the following please:
1. Result of ifconfig in Kali.
3. The result of ipconfig in Windows.
3. The result of options before generating the backdoor in Veil or the IP used in the backdoor.
4. The result of show options before running the multi handler.Also you can try with tcp payloads, they have been working pretty well in my experience.
Let me know.
DiegoHi, it doesn’t seem that the backdoor generated has problems. However, I think this is because the Windows virus detector automatically detects the backdoor file as a threat and prevents installing it, even though I force it to run the file. After I click to run the file, Windows recognizes it and automatically deletes it. Because the file isn’t launched fully on my Windows virtual machine, the results of the target computer are not showing.
I tried antivirus scans on nodistribute and antiscan, but it appears on nodistribute that ‘either the file is empty or there’s a problem in the file.’ Nodistribute doesn’t seem to work on my computer. Antiscan states that the file with this format can’t be scanned. Only the ones that are ‘transformed,’ such as, to a Word document or a PDF, can be scanned. Are there any other antivirus scan methods?
If the backdoor I generated gets detected by most antivirus scan programs, how can I modify it to be undetectable? In the case of Veil, I’ve learned in the lesson that ‘PROCESSORS’ and ‘SLEEP’ can be changed, but I’m not sure what values to change to. Also, is it okay to set LPORT to a value that’s different from 80 or 8080? (80 and 8080 are the port numbers that most internet servers are using, right?) Are there ways to modify backdoors that are generated via TheFatRat, too?
Thanks.
Hi Dennis!
In order to debug all the issues please share the info requested and disable windows defender. First we have to know that the backdoor works and then we’ll deal with AV evasion.
Yes, you can use other ports rahter than 80 or 8080, actually 80 is not a good idea if you have an apache server running.Another virus scanner could be https://www.virscan.org/language/en/.
Let me know.
DiegoHi, here are the screenshots of the results you’ve asked: you can check in this document. Thanks.
Hi Dennis!
Thanks!
I’ve found that https backdoors work better when using port 443, also you can try to use tcp payloas as they are more reliables.
If all of this fail, can you share a screenshot of the result of route – n in kali?Let me know.
DiegoHi, Diego. I wasn’t able to continue ethical hacking lessons for a while due to school assignments to complete. Here are the results of the attempts that you previously suggested to try (they both didn’t work.), with the screenshot of the result of the route -n in Kali. Thanks.
Hi Dennis!
What was wrong with the tcp payloads? Why couldn’t you generate the backdoor?Let me know.
DiegoHi, Diego. I’m not sure why the error is occurring, but the system reports that it’s unable to create an output file, even though it can save the Source code and the Metasploit Resource file.
You can view the screenshots of the errors here. I attempted both for port 8080 and 443.
Thanks.
Hi Dennis!
When you selected the name for yhe output file you have to append the extension as well, I mean rev_tcp_8080.exeTry it out and let me know how it goes!
DiegoHi, Diego. I also tried appending the extension on the output file, just as you recommended, but it still shows the same result. You can check the screenshot here.
Thanks.Hi!
The error is complaining that the file with a same name exists in Veil’s database, can you use a different name please?Let me know how it goes!
DiegoHi, I think the error comment on the bottom of the previous screenshot ‘/var /lib/veil/output/source/rev_tcp_8080.exe.go:9: binary redeclared as imported package name previous declaration at /var/lib/veil/output/source/rev_tcp_8080.exe.go:3’ is stating regarding the result you’ve mentioned – the duplicate files. Am I right?
I tried generating the file with numerous different names, but the system still reports the same error.
How can I handle this error?
Thanks.
- You must be logged in to reply to this topic.
