search

qwqdanchun / DcRat

A simple remote tool in C#.
MIT License
916 stars 332 forks source link

remotedesktop donut execute #5

Closed qwer0123456 closed 3 years ago

qwer0123456 commented 3 years ago

https://iwantmore.pizza/posts/meterpreter-shellcode-inject.html

https://github.com/TheWover/donut

https://youtu.be/9_TIGC1mZl0?t=269

4min 25sec

remotedesktop.dll not view remote desktop view

I'm trying a memory exploit called a donut

This is the latest C# hacking source so I ask you a question

The screen view of remotedesktop.dll based on async source is not possible.

Do you have any idea how to solve this problem?

qwqdanchun commented 3 years ago

First make sure you are not run on System permission then try to add amsi bypass?

qwer0123456 commented 3 years ago

  1. administrator does not matter (admin process- > wait no view) (not admin process -> wait no view)

  2. Amsi anti-virus bypass also does not matter (anti virus off)

  3. Quasar remote rat is displayed possible

4.Only async-based remote desktop does not display the screen

qwqdanchun commented 3 years ago

however ,in your video ,the process is run on system permission.you should search for session0 that system process can't capture the screen

qwer0123456 commented 3 years ago

Tcp 192.168.216.130 : 49993 111.111.111.111 : 80 5944 C:\Windows\System32\RuntimeBroker.exe Tcp 192.168.216.130 : 49995 111.111.111.111 : 80 5944 C:\Windows\System32\RuntimeBroker.exe (49995-> remote desktop.dll connect)

There is a new port connection when connecting a remote desktop

Looks like a problem with the new network connection.

I don't know why

qwqdanchun commented 3 years ago

can you make a video of this?

qwer0123456 commented 3 years ago

https://youtu.be/_X3MnTNj1nc

qwqdanchun commented 3 years ago

couldn't find why you can't remote the desktop .what if try on another machine?

qwqdanchun commented 3 years ago

or you can try to run the DcRat in debug mode ,and find out its error

qwer0123456 commented 3 years ago

What files do you compile in debug mode?

server.exe? client.exe? remotedesktop.dll?

qwqdanchun commented 3 years ago

try to compile client.exe in debug mode,and debug it

qwer0123456 commented 3 years ago

Donut not working when compiling in debug mode

python3 donut-maker.py -i Client.exe -> error (debug mode file donut compile error)

I tried to solve this problem

Seems to be impossible with my knowledge

thank you for the reply

qwqdanchun commented 3 years ago

well,if you don't use donut,will it run ?

qwer0123456 commented 3 years ago

The reason for compiling as a donut is

To run C# programs in Metasploit memory. (Donuts are used for the fileless technique)

https://github.com/quasar/Quasar

Quasar program can be viewed normally

But asnyc, which has a lot of additional features, no longer has an update

The only place to update recently is here, so I contacted you.

Thank you

qwqdanchun commented 3 years ago

will try the donut and test it. If I find why,I will reopen this and tell you.