joshfaust
commented
3 years ago Hey,
I've pushed out a new version that may help with this. I think the issue may have been overwriting the shellcode prematurely and I've since added a 10 second buffer between hollow and and overwrite. Currently, I do not have any "Default" shellcode that will run like I did in the last revision. Could you generate some x64 shellcode (CS, Metasploit, etc.) and try?
Hi first of all great work. The idea of using direct calls and encrypted shellcode along with process hollowing and PPID spoofing is really cool. However I am facing a few issues. I compiled a fresh copy of the solution on a VM and generated the two exes. However cant get the loader to connect to the listener on localhost. The mobsync.exe process stays suspended. I am also getting a couple of warnings. I've attached a couple of screenshots. Can you identify what I'm doing wrong?
No connects :(