Closed Vedant-Bhalgama closed 4 years ago
screenshot
to see the error ..Remark:
amsi evasion agent nº 4 does not use netcat
Listenner, it uses powershell
to recive the tcp connection back.
sudo nc -lvp <port number>
Amsi Evasion sub-menu does not check for the existence of netcat
on attacker side ..
because netcat its by default installed on linux distros ...TODO: add a netcat check ???...
So do i need to install netcat on target machine? Because I already have netcat installed on kali linux
netcat its only needed in attacker machine (listenner) something its wrong with your netcat install ..
Execute the follow commands to check if nc its working fine
sudo nc -lvp <port number>
xterm -T "netcat" -e "sudo nc -lvp <port number>"
<-- this is the command venom uses to spawn the netcat listenner (handler)
Ok and as you told that you need to install xterm for chars.raw, so will pip install xterm work?
pip
its for PYTHON
...
apt-get install xterm <-- its the command we need to install xterm ..
Thats why your listenner does not start,, because it requires xterm
console to spawn netcat
..
xterm oficial webpage
Ok, And on the Windows machine do I haveto start the netcat listener? or the.ps1 file will start it when ran
Hi I am trying the Windows Os Payloads in that I am trying number 20. I run this attack and all i see is this console window. Even Windows Defender detected it.
HI File Less stager works now, But what can i do from netcat? Can i execute system commands? Or open Notepad?
https://github.com/r00t-3xp10it/venom/issues/63#issuecomment-654572534 <-- thats the reason why i have written amsi evasion sub-menu
because those technics are beeing detected now ..
https://github.com/r00t-3xp10it/venom/issues/63#issuecomment-654573792 <-- netcat gives you access to a console prompt were you can use since cmd commands to powershell commands (the sky its the limit if you are familiarized with those languages) ... in other words: netcat allow you to interact with everything on remote host programatecly ..
So can i execute any command or something? Or may be upload files or download them? And can you give tips on manually making these files more Undetectable?
you can not upload/download files only by using netcat ..
but we can use netcat
to spawn for example ftp
service that allow us to upload/download ..
Obfuscation: https://github.com/r00t-3xp10it/hacking-material-books/blob/master/obfuscation/simple_obfuscation.md
Alright! I just have one question now, How can I execute commands while I have the connection on Netcat?
HI I had a question that in Python, We can do process migration? Because I have made my own backdoor in python and now i want that it should run under a parent process such as explorer.exe
Examples
netstat -ano
<-- use native appl netstat to display a list of tcp/udp connections
cmd.exe /c reg add 'hkcu/software/microsoft/startup /t reg_dword /d 1 /f'
<-- use cmd.exe to add registry key
Hi! I was thinking that how can we convert our python backdoor to .ps1? Or a macro file? To XML?
Hi!
I am using that File Less Payload in Amsi-Evasion Module, The payload gets delivered successfully and I start the .ps1 script with the PowerShell On target computer, It executes successfully but on the kali side it shows Press Any Key to start Handler, I press key and the Handler doesnt starts only, How can i start the listener manually? For The ps1 script?