Tagged: 

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #37033
    AvatarName
    Participant

    Hello, I have a problem with the meterpreter – it’s not showing the hacked results of the target computer. Please view the details here. Thanks.

    #37132
    diegodiego
    Moderator

    Hi Dennis!

    ​Make sure that you’re using the same payload when generating the backdoor and when using multi handler, if you’re already doing that then try using a different port, if you’re still having issues then please show me the following please:

    1. Result of ​ifconfig ​in Kali.
    3. The result of ipconfig in Windows.
    3. The result of ​options ​before generating the backdoor in Veil or the IP used in the backdoor.
    4. T​he result of ​show options ​before running the multi handler.​

    Also you can try with tcp payloads, they have been working pretty well in my experience.

    Let me know.
    Diego

    #37147
    AvatarName
    Participant

    Hi, it doesn’t seem that the backdoor generated has problems. However, I think this is because the Windows virus detector automatically detects the backdoor file as a threat and prevents installing it, even though I force it to run the file. After I click to run the file, Windows recognizes it and automatically deletes it. Because the file isn’t launched fully on my Windows virtual machine, the results of the target computer are not showing.

    I tried antivirus scans on nodistribute and antiscan, but it appears on nodistribute that ‘either the file is empty or there’s a problem in the file.’ Nodistribute doesn’t seem to work on my computer. Antiscan states that the file with this format can’t be scanned. Only the ones that are ‘transformed,’ such as, to a Word document or a PDF, can be scanned. Are there any other antivirus scan methods?

    If the backdoor I generated gets detected by most antivirus scan programs, how can I modify it to be undetectable? In the case of Veil, I’ve learned in the lesson that ‘PROCESSORS’ and ‘SLEEP’ can be changed, but I’m not sure what values to change to. Also, is it okay to set LPORT to a value that’s different from 80 or 8080? (80 and 8080 are the port numbers that most internet servers are using, right?) Are there ways to modify backdoors that are generated via TheFatRat, too?

    Thanks.

    #37324
    diegodiego
    Moderator

    Hi Dennis!
    In order to debug all the issues please share the info requested and disable windows defender. First we have to know that the backdoor works and then we’ll deal with AV evasion.
    Yes, you can use other ports rahter than 80 or 8080, actually 80 is not a good idea if you have an apache server running.

    Another virus scanner could be https://www.virscan.org/language/en/.

    Let me know.
    Diego

    #37343
    AvatarName
    Participant

    Hi, here are the screenshots of the results you’ve asked: you can check in this document. Thanks.

    #37419
    diegodiego
    Moderator

    Hi Dennis!
    Thanks!
    I’ve found that https backdoors work better when using port 443, also you can try to use tcp payloas as they are more reliables.
    If all of this fail, can you share a screenshot of the result of route – n in kali?

    Let me know.
    Diego

    #39282
    AvatarName
    Participant

    Hi, Diego. I wasn’t able to continue ethical hacking lessons for a while due to school assignments to complete. Here are the results of the attempts that you previously suggested to try (they both didn’t work.), with the screenshot of the result of the route -n in Kali. Thanks.

    #39372
    diegodiego
    Moderator

    Hi Dennis!
    What was wrong with the tcp payloads? Why couldn’t you generate the backdoor?

    Let me know.
    Diego

    #39405
    AvatarName
    Participant

    Hi, Diego. I’m not sure why the error is occurring, but the system reports that it’s unable to create an output file, even though it can save the Source code and the Metasploit Resource file.

    You can view the screenshots of the errors here. I attempted both for port 8080 and 443.

    Thanks.

    #39508
    diegodiego
    Moderator

    Hi Dennis!
    When you selected the name for yhe output file you have to append the extension as well, I mean rev_tcp_8080.exe

    Try it out and let me know how it goes!
    Diego

    #40208
    AvatarName
    Participant

    Hi, Diego. I also tried appending the extension on the output file, just as you recommended, but it still shows the same result. You can check the screenshot here.
    Thanks.

    #40280
    diegodiego
    Moderator

    Hi!
    The error is complaining that the file with a same name exists in Veil’s database, can you use a different name please?

    Let me know how it goes!
    Diego

    #40291
    AvatarName
    Participant

    Hi, I think the error comment on the bottom of the previous screenshot ‘/var /lib/veil/output/source/rev_tcp_8080.exe.go:9: binary redeclared as imported package name previous declaration at /var/lib/veil/output/source/rev_tcp_8080.exe.go:3’ is stating regarding the result you’ve mentioned – the duplicate files. Am I right?
    I tried generating the file with numerous different names, but the system still reports the same error.
    How can I handle this error?
    Thanks.

    #40397
    diegodiego
    Moderator

    Hi!
    Then if you have used a different name, it’s definetively weired.
    Have you tried to create a backdoor using a different language other that go? like cs for example.

    Let me know how it goes!
    Diego

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.