moom825
commented
3 years ago hmm strange issue, i know the problem and how to fix it. how the fod helper uac bypass works is by changing the windir which i believe is c:/windows/system32 so anything trying to use %windir% will result in the path of ur file. what it should be doing is deleting that reg key in the end. but as i noticed you compiled the python script to an exe. it was not made for that, it was made to uac bypass python scripts not an exe, thats why it failed and could not delete the reg key in the end.
ghost
Bot was working fine until i attempt to run the command !uacbypass with no success at all. Errors started appearing When clicking at Taskbar shortcuts as noted below:
C:\Windows\System32\fodhelper.exe | file will not open anymore | Error is now being shown, it seens whenever this file is clicked systems tries to locate the bot binary.exe for whatever reason. (There has been a registry change I believe ath the !uacbypass command.
If I attempt to Open Network and Internet Settings a Command Prompt opens and Error appears looking for the file.
Errors in video: https://user-images.githubusercontent.com/3595920/128725054-829a0d84-4824-426b-a982-b5048405af08.mp4 https://user-images.githubusercontent.com/3595920/128725059-ddfe140d-ef1f-42ed-9cf8-5610b38ce35b.mp4
CMD has now Parameters set to it as shown in the image:: "C:\Windows\System32\cmd.exe" /k start C:\Users\%username%\AppData\Local\Temp_MEI60802\D:\Folder\Exercises\2 - Remote Access Trojan\dist\SecureXDRAT.exe
Registry Changes made by the bot:
@moom825