Thund3rPat
commented
4 years ago Hi, Thank you for opening this issue! We will look into this and will inform you if we find something out.
Closed harrihaven2 closed 4 years ago
Thund3rPat
commented
4 years ago Hi, Thank you for opening this issue! We will look into this and will inform you if we find something out.
Thund3rPat
commented
4 years ago Hi, sorry for the waiting time. So I tested a few x64-Payloads(not all) and just want to give you a little update about my results.
Both Mimikatz Build Scripts works(but with AV off):
Also tested the following Scripts which include payloads from msfvenom:
I setup a listener in msfconsole and was able to connect via Reverse Shell(again with AV off).
I think the attacks itself runs fine, just the evasion are outdated(AV removes executable when dropped on target or when executed). Of course I will proceed further testing.
Thund3rPat
commented
4 years ago Hi, for now I will close this issue. I have done some further testing and come to the conclusion that the payloads itself works. If you still have questions or suggestions for improvement don't hesitate and ask/give them.
Hey there!
I found your project and thought it was a super cool and impressive endeavor. I'm playing with the AVET framework on a couple VM's, but the only *win64 script I've tried that works according to the comments in the corresponding script is the "build_disablewindefpsh_xorfromcmd_revhttps_win64.sh". I was wondering when the last date these were tested and what the probability is that the brokenness is from commands and techniques that are outdated instead of an operator error.
I am more than willing to accept I am doing something wrong, but I've been wrestling with it all morning, and I can't seem to find a solution that doesn't have me doing some editing beyond variable/payload replacement int the avet source.
P.S. I have Windows Defender off just to see if I can get the payload to run as expected before I check the AV evasion aspect.