Tagged: backdoor
- This topic has 13 replies, 2 voices, and was last updated 4 years, 6 months ago by Diego Pérez.
- AuthorPosts
- May 16, 2020 at 10:05 am #37033NameParticipant
Hello, I have a problem with the meterpreter – it’s not showing the hacked results of the target computer. Please view the details here. Thanks.
May 17, 2020 at 6:20 am #37132Diego PérezModeratorHi Dennis!
Make sure that you’re using the same payload when generating the backdoor and when using multi handler, if you’re already doing that then try using a different port, if you’re still having issues then please show me the following please:
1. Result of ifconfig in Kali.
3. The result of ipconfig in Windows.
3. The result of options before generating the backdoor in Veil or the IP used in the backdoor.
4. The result of show options before running the multi handler.Also you can try with tcp payloads, they have been working pretty well in my experience.
Let me know.
DiegoMay 17, 2020 at 8:00 am #37147NameParticipantHi, it doesn’t seem that the backdoor generated has problems. However, I think this is because the Windows virus detector automatically detects the backdoor file as a threat and prevents installing it, even though I force it to run the file. After I click to run the file, Windows recognizes it and automatically deletes it. Because the file isn’t launched fully on my Windows virtual machine, the results of the target computer are not showing.
I tried antivirus scans on nodistribute and antiscan, but it appears on nodistribute that ‘either the file is empty or there’s a problem in the file.’ Nodistribute doesn’t seem to work on my computer. Antiscan states that the file with this format can’t be scanned. Only the ones that are ‘transformed,’ such as, to a Word document or a PDF, can be scanned. Are there any other antivirus scan methods?
If the backdoor I generated gets detected by most antivirus scan programs, how can I modify it to be undetectable? In the case of Veil, I’ve learned in the lesson that ‘PROCESSORS’ and ‘SLEEP’ can be changed, but I’m not sure what values to change to. Also, is it okay to set LPORT to a value that’s different from 80 or 8080? (80 and 8080 are the port numbers that most internet servers are using, right?) Are there ways to modify backdoors that are generated via TheFatRat, too?
Thanks.
May 19, 2020 at 6:52 am #37324Diego PérezModeratorHi Dennis!
In order to debug all the issues please share the info requested and disable windows defender. First we have to know that the backdoor works and then we’ll deal with AV evasion.
Yes, you can use other ports rahter than 80 or 8080, actually 80 is not a good idea if you have an apache server running.Another virus scanner could be https://www.virscan.org/language/en/.
Let me know.
DiegoMay 19, 2020 at 10:55 am #37343NameParticipantHi, here are the screenshots of the results you’ve asked: you can check in this document. Thanks.
May 20, 2020 at 5:56 am #37419Diego PérezModeratorHi Dennis!
Thanks!
I’ve found that https backdoors work better when using port 443, also you can try to use tcp payloas as they are more reliables.
If all of this fail, can you share a screenshot of the result of route – n in kali?Let me know.
DiegoJune 7, 2020 at 8:55 am #39282NameParticipantHi, Diego. I wasn’t able to continue ethical hacking lessons for a while due to school assignments to complete. Here are the results of the attempts that you previously suggested to try (they both didn’t work.), with the screenshot of the result of the route -n in Kali. Thanks.
June 8, 2020 at 4:12 am #39372Diego PérezModeratorHi Dennis!
What was wrong with the tcp payloads? Why couldn’t you generate the backdoor?Let me know.
DiegoJune 8, 2020 at 12:13 pm #39405NameParticipantHi, Diego. I’m not sure why the error is occurring, but the system reports that it’s unable to create an output file, even though it can save the Source code and the Metasploit Resource file.
You can view the screenshots of the errors here. I attempted both for port 8080 and 443.
Thanks.
June 9, 2020 at 6:57 am #39508Diego PérezModeratorHi Dennis!
When you selected the name for yhe output file you have to append the extension as well, I mean rev_tcp_8080.exeTry it out and let me know how it goes!
DiegoJune 18, 2020 at 1:25 pm #40208NameParticipantHi, Diego. I also tried appending the extension on the output file, just as you recommended, but it still shows the same result. You can check the screenshot here.
Thanks.June 19, 2020 at 4:34 am #40280Diego PérezModeratorHi!
The error is complaining that the file with a same name exists in Veil’s database, can you use a different name please?Let me know how it goes!
DiegoJune 19, 2020 at 7:21 am #40291NameParticipantHi, I think the error comment on the bottom of the previous screenshot ‘/var /lib/veil/output/source/rev_tcp_8080.exe.go:9: binary redeclared as imported package name previous declaration at /var/lib/veil/output/source/rev_tcp_8080.exe.go:3’ is stating regarding the result you’ve mentioned – the duplicate files. Am I right?
I tried generating the file with numerous different names, but the system still reports the same error.
How can I handle this error?
Thanks.June 20, 2020 at 4:23 am #40397Diego PérezModeratorHi!
Then if you have used a different name, it’s definetively weired.
Have you tried to create a backdoor using a different language other that go? like cs for example.Let me know how it goes!
Diego - AuthorPosts
- You must be logged in to reply to this topic.