Payload not executing

[ghost]

Hello here I am again..!

I am now getting the stager connection but when I choose the option 'Windows Meterpreter Reverse Shell' the execute command is sent but I'm not getting the meterpreter connection.

Regards, djitn.

[Charliedean]

Hey, Funny enough I've just noticed this today as well.

Looks to be an issue with pulling the invoke shellcode module. It's due to github now only supporting TLS 1.2.

I am looking to send the module over the initial stager connection to remove the need to download it on the target machine.

Will fix the bug tomorrow and hope to implement the offline sending soon. Thanks

[ghost]

The offline sending would be awesome! Thank you.

[Charliedean]

Hi,

I have temporally fixed the bug in this location. https://github.com/nccgroup/Winpayloads/commit/5fd1b779410617105e0b4bc32a135cf9c655887c

I will implement the offline sending today.

Thanks Charlie

[Charliedean]

support has been added. https://github.com/nccgroup/Winpayloads/commit/fbf876ac5d874b92495e4b6fb49d2d93d8a51723

setup will need to be ran again

[ghost]

Hello,

I've deleted everything, reinstalled it and ran the 'setup.sh'. I'm still not able to get the payload to connect back to my device.

[Charliedean]

Hmm that's weird, I tested before pushing and can confirm its working for me. Can you check the external modules directory and check there are PS1 files present.

Will look further into this tomorrow. Thanks

[ghost]

The external module directory has 5 .ps1 files in it. The stager connection is working as expected.

[Charliedean]

Hi,

Could you try the following for me.

create stager open new terminal and type netstat -pant note down the open ports used by python (windows) browse to ip address and port found in the previous step and look for p.ps1 download that file. edit the file and go to line 94. add a new line and add echo $data save and exit now execute the powershell file by browsing to the directory and typeing into cmd powershell -exec bypass then when in powershell type ./p.ps1 This should then make the connection back to winpayloads. Try payload 2 and you should see the output in the powershell terminal. Copy and paste the base64 output from the terminal into github so i can debug.

Sorry if this is confusing. Charlie

[ghost]

Did what you asked! (twice just to be sure)

Here is the content that was echoed by the powershell script:

1. https://my.monkeycloud.be/index.php/s/jNsaeH2iDELFYbW
2. https://my.monkeycloud.be/index.php/s/2YRtBxaYHq6NFLS

Maybe completely reinstalling Kali is an idea?

EDIT:

After completely reinstalling kali the same thing occured. But after completely disabling windows defender (no other anti-virus programs are installed) it kind of works! I thought it was not necessary to disable windows defender.

[Charliedean]

Hi, Sorry for the delay - must have missed the notification from github.

So are you getting any messages from windows defender when its on and trying winpayloads?

Charlie

[ghost]

Hello, No problem. There are no messages from windows defender.

Djitn