- This topic has 7 replies, 2 voices, and was last updated 4 years, 6 months ago by Diego Pérez.
- AuthorPosts
- June 18, 2020 at 6:08 pm #40236KayohParticipant
Followed the course instructions, and created a Listener http, then made the .bat file which is undetectable to windows defender, ran it on the target computer but I get no connection on Empire? no active agents.
any ideas?
June 19, 2020 at 4:38 am #40282Diego PérezModeratorHi!
Can you share a screenshot of:
1. Result of ifconfig and route -n in Kali.
2. The result of ipconfig in Windows.
3. The options used for the listener and for the stager.
4. Can you share a screenshot of the Network settings used in VirtualBox for both machines.Also try to disable defender and try the attack again.
Let me know.
DiegoJune 19, 2020 at 9:01 am #40292KayohParticipantHi Diego,
uploaded all of the pictures you’ve requested to imgur, if you click the image below it should show all pictures
Hope this helps.
I don’t get any messages from Windows Defender when running the .bat file so i don’t think it blocks it.
June 20, 2020 at 4:26 am #40398Diego PérezModeratorHi!
Thanks.
Can you disable defender and see if the conection back success?Let me know how it goes!
DiegoJune 20, 2020 at 6:02 pm #40432KayohParticipantThe connection works when Windows Defender is disabled. Windows Defender doesn’t block it or notice its a malicious file, why would it block the outgoing connection?
Would i have to rely on Veil, Empire or TheFatRat to create something that would give me a connection if windows defender is enabled?
June 21, 2020 at 4:46 am #40471Diego PérezModeratorHi!
Defender is also watching outgoing connections so it may prevent it from connecting. You can try to use a common port like 80 but you won’t be able to use apache server as 2 apps can’t use the same port at the same time.
Basically bypassing AV programs is like a game of cat and mouse, so backdoors might start getting detected at some stage, then the developers release an update, this will allow you to generate undetectable backdoors, then AV programs release an update which will make backdoors detectable ……..So the main thing is to make sure that Veil or any other tool you’re using to generate the backdoor is up to date.
Here’s a few solutions to try if your backdoor is getting detected:
1. Make sure that you have the latest version of Veil, so do updated before doing use 1.
2. Experiment with different payloads, and experiment with different payload options and you should be able to bypass it.
3. Try generating a backdoor using the fat rat, empire.
4. Modify backdoor code if its in bat as shown in lecture 33.
5. Modify backdoor using a hex editor as shown in lecture 40.
6. Create your own backdoor (covered in python course).
The best thing to do is look at the last lecture of the course (bonus lecture) it contains all the courses that you can take with this course and a comparison between them.
Hope it helps!
DiegoJune 21, 2020 at 9:43 am #40480KayohParticipantThanks a lot for the help, i will keep trying and testing see if i can figure it out.
June 22, 2020 at 6:08 am #40511Diego PérezModeratorHi!
Cool, experimenting is the best way to learn.Greetings!
Diego - AuthorPosts
- You must be logged in to reply to this topic.