search

NavyTitanium / Fake-Sandbox-Artifacts

This script allows you to create various artifacts on a bare-metal Windows computer in an attempt to trick malwares that looks for VM or analysis tools
249 stars 12 forks source link

--pipe start Creating 8 pipes Error creating the pipes #2

Closed Tabloid-pixel closed 3 years ago

Tabloid-pixel commented 3 years ago

As the tittle says when executed the --pipe start command it fails to create them.

Not currently aware of the reason really.

Any idea as to what could be the problem would be appreciated.

NavyTitanium commented 3 years ago

I had issues before using the win32pipe library on Windows systems that were not fully updated. Also try to disable antivirus or other software that could be in conflict. Which Windows version are you using?

NavyTitanium commented 3 years ago

You can verify which named pipes are running on Windows with: C:>powershell get-childitem \.\pipe\ The script will report a failure in the creation of the named pipes if any of them fails

Tabloid-pixel commented 3 years ago

Sorry, I am currently sick (receiving treatment without success so far) so I had not the strength to write back before because of my illness!

I am using windows 10 enterprise 64 version evaluation period. The version is fully updated.

I don´t understand this way you have to check which named pipes are running... should I open a powershell terminal and type get-childitem .\pipe ? Does not seem like this would work, as I have try this and does not work... What should I do?

Whenever I try to create the pipes with "python fsa.py --pipe start" The terminal writes back: "Creating 8 pipes Error creating the pipes" To Note: After the creating 8 pipes, another window terminal pops up which showing no info for 1/2 seconds and then closes, so I think this may be there may be a problem when creating the pipes... python should run fin this time though so no idea what is doing the command to create pipes for it to fail.

In regards to win32pipe no idea how to check if it is working correctly or not. I had a prior problem in an installation of pywin32 which required me to reinstall it and to execute an exe file in lib packages of the python folder. This solved the problem and pywin32 started to work correctly. Currently, because I had to reinstall windows (yeah I am going to update again to a full windows10 enterprise version in some weeks) I did not encounter this problem however and pywin32 works correctly, so no idea what´s the problem.

Tabloid-pixel commented 3 years ago

So I have tried again and no idea why it now says:

First time it happens... seems it is working now but makes no sense for it work now and not before... suspicious.