Closed qwer0123456 closed 3 years ago
First make sure you are not run on System permission then try to add amsi bypass?
administrator does not matter (admin process- > wait no view) (not admin process -> wait no view)
Amsi anti-virus bypass also does not matter (anti virus off)
Quasar remote rat is displayed possible
4.Only async-based remote desktop does not display the screen
however ,in your video ,the process is run on system permission.you should search for session0 that system process can't capture the screen
Tcp 192.168.216.130 : 49993 111.111.111.111 : 80 5944 C:\Windows\System32\RuntimeBroker.exe Tcp 192.168.216.130 : 49995 111.111.111.111 : 80 5944 C:\Windows\System32\RuntimeBroker.exe (49995-> remote desktop.dll connect)
There is a new port connection when connecting a remote desktop
Looks like a problem with the new network connection.
I don't know why
can you make a video of this?
couldn't find why you can't remote the desktop .what if try on another machine?
or you can try to run the DcRat in debug mode ,and find out its error
What files do you compile in debug mode?
server.exe? client.exe? remotedesktop.dll?
try to compile client.exe in debug mode,and debug it
Donut not working when compiling in debug mode
python3 donut-maker.py -i Client.exe -> error (debug mode file donut compile error)
I tried to solve this problem
Seems to be impossible with my knowledge
thank you for the reply
well,if you don't use donut,will it run ?
The reason for compiling as a donut is
To run C# programs in Metasploit memory. (Donuts are used for the fileless technique)
https://github.com/quasar/Quasar
Quasar program can be viewed normally
But asnyc, which has a lot of additional features, no longer has an update
The only place to update recently is here, so I contacted you.
Thank you
will try the donut and test it. If I find why,I will reopen this and tell you.
https://iwantmore.pizza/posts/meterpreter-shellcode-inject.html
https://github.com/TheWover/donut
https://youtu.be/9_TIGC1mZl0?t=269
4min 25sec
remotedesktop.dll not view remote desktop view
I'm trying a memory exploit called a donut
This is the latest C# hacking source so I ask you a question
The screen view of remotedesktop.dll based on async source is not possible.
Do you have any idea how to solve this problem?