Closed Chomikmarkus closed 2 years ago
Also C# dropper is not connecting back to host! I am using letsencrypt certificates, may this be reason
Also when i run powershell payloads on older systems like windows 2012 R2 it seems to run some errors!
So I tried it out on fresh install Ubuntu 20.04 , no ssl enabled still getting errors in upload/download
thanks for the detailed information , i will check and update you
i fixed the upload issue , please pull and test . Am checking the other issues
Also when i run powershell payloads on older systems like windows 2012 R2 it seems to run some errors!
this very strange as am using Ninja mostly on server 2012 with all versions and didn't have the same issue . from what i see on the first lines . i think its firewall issue that detect Ninja and close connection which happened with me before . try to encrypt the payload and download it to the host then decrypt and run from the disk or the command line . i will try to add this feature in next version to bypass the firewall detection . also this maybe the firewall configured to not allow connection to new domains or unusual ports usage . please try to make request with wget to get your payload and see the output .
Weird thing I learned yesterday! Macro payload with office 2016 on windows 10 machines works perfectly! Office 2021 detects it as malicious! No defender is altough alarmed! Only that your antivirus scanner detects macro as malicious!
well its piwershell execution policy, when its fixed RemoteSigned or Restricted macro is detected as malicious!
Amsi protection probably! When i use base64 or b52 payloads i get only powershell stager sent, but no session created!
Upload/Download works fine now!
Upload/Download commands seems not to be working! Running it on Ubuntu 20.04 Here is output: (Ninja : Agent(2)-WIN-QQ80VPAFRNH) [~] MQKWZ-img.jpeg:load download.ps1
[+] New Agent Request Module download.ps1 (2 - Administrator) [+] Agent (2) - Administrator@WORKGROUP\WIN-QQ80VPAFRNH send Result
[~] MQKWZ-img.jpeg:dn -filename "work.xll" [2022-01-06 23:22:13,113] ERROR in app: Exception on /axis [POST] Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 2073, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1518, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1516, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1502, in dispatch_request return self.ensure_sync(self.view_functions[rule.endpoint])(req.view_args) File "/root/Ninja/core/webserver.py", line 292, in download if AGENTS.get(id) != None and data != None: NameError: name 'data' is not defined [2022-01-06 23:22:13,990] ERROR in app: Exception on /axis [POST] Traceback (most recent call last): File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 2073, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1518, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1516, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.8/dist-packages/flask/app.py", line 1502, in dispatch_request return self.ensure_sync(self.view_functions[rule.endpoint])(req.view_args) File "/root/Ninja/core/webserver.py", line 292, in download if AGENTS.get(id) != None and data != None: NameError: name 'data' is not defined (Ninja : Agent(2)-WIN-QQ80VPAFRNH) [+] Agent (2) - *Administrator@WORKGROUP\WIN-QQ80VPAFRNH send Result Exception calling "UploadString" with "3" argument(s): "The remote server returned an error: (500) Internal Server Error." At line:29 char:12