DA command failed - Githubissues

ahmedkhlief / Ninja

Open source C2 server created for stealth red team operations

776 stars 169 forks source link

DA command failed #5

Closed trickster0 closed 4 years ago

trickster0 commented 4 years ago

DA command failed...

[+] New Agent Request Module ASBBypass.ps1 (0 - twice)
[+] Agent (0) - twice@WORKGROUP\DESKTOP-RSVRVGV send Result
True

[~] NKUOC-img.jpeg:load PowerView.ps1              
[+] New Agent Request Module PowerView.ps1 (0 - twice)
[+] Agent (0) - twice@WORKGROUP\DESKTOP-RSVRVGV send Result

[~] NKUOC-img.jpeg:load DA.ps1     
[+] New Agent Request Module DA.ps1 (0 - twice)
[+] Agent (0) - twice@WORKGROUP\DESKTOP-RSVRVGV send Result
Exception calling "FindAll" with "0" argument(s): "Unknown error (0x80005000)"
At line:6331 char:20
+             else { $Results = $CompSearcher.FindAll() }
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : COMException

also let me know if u need any assistance testing against EDRs. I can help u with that. In addition, consider adding proxy sock dynamic tunneling.

ahmedkhlief commented 4 years ago

Hi Trickster0 Regarding the EDR , i will be gratefull if you test the payloads and provide me your feedback in order to make them undetectable .

Regarding the sock tunneling . i will try to add sharpsocks to Ninja .

Regarding the Error , Am working on this issue as its happening because powerview needs credentials to use the commands and if you use it without credentials it will show this error . in order to make sure please test below commands :

load PowerView.ps1 Get-DomainComputer

( now check if the error appear )

$SecPassword = ConvertTo-SecureString ''-AsPlainText -Force

$Cred = New-Object System.Management.Automation.PSCredential('\', $SecPassword)

Get-DomainComputer -Credential $Cred

( Check if everything go smoothly and get back to me in order to add credential support for DA command )

ahmedkhlief commented 4 years ago

Also i can see that you are working on standalone device not joined to domain and DA designed for domain enumeration so it will not work on standalone device

trickster0 commented 4 years ago

ahh indeed u might be right. do you have some chat app to talk more efficiently? like discord? so we can test it against the EDRs and give u better feedback?

trickster0 commented 4 years ago

Apex One - HTA Passed (Did not test exe) Crowdstrike - HTA Failed, exe passed Cylance - HTA Passed ESET - HTA Passed Fireeye - HTA Passed SentinelOne - HTA Passed Kaspersky - HTA Failed, exe succeeded but got deleted after executing 1st command

ahmedkhlief commented 4 years ago

Thank you bro