not show the URL http://192.168.1.100/Download.html

[ricko2991]

Hi, i want to open the url and give me alert in web browser: """"" Not Found The requested URL was not found on this server.

Apache/2.4.46 (Debian) Server at 192.168.1.100 Port 80

""""""

This is my settings on AMSI BYPASS: [i] AMSI MODULE SETTINGS

LPORT    : 666                                                                                                                                                    
LHOST    : 192.168.1.100                                                                                                                                         
LOLBin   : WinHttpRequest                                                                                                                                         
DROPPER  : /root/Toolswork/Bypass/venom/output/Update-KB1234.ps1                                                                                                  
AGENT    : /root/Toolswork/Bypass/venom/output/Security-Update.ps1                                                                                                
UPLOADTO : Fileless (trigger:tmp)                                                                                                                                 
SILENT EXECUTION : OFF    

[r00t-3xp10it]

question:

• 1º - Did you Install venom using venom/aux/setup.sh script ?
  • setup.sh will install dependencies AND config venom.sh settings file
  • venom.sh will use the settings file to config modules then..
• 2º - Do you have Apache2 installed on attacker machine ?
  • Its Apache2 webroot located at: /var/www/html ?
• 3º - Is 192.168.1.100 the attacker ip address ??
• 4º - What shell does your system uses: bash or ZSH ?
  • venom toolkit has created to work on bash shell ..
    
    

Switch from ZSH to BASH:

exec bash

---

HINT: Screenshots of the bugs are required for me to see whats appenning.. I have updated venom today ,,, i advice you to download the v1.0.17 version and try it again..

[ricko2991]

1º - Did you Install venom using venom/aux/setup.sh script ? ANSWER: Yes i install it properly, and not problem.

2º - Do you have Apache2 installed on attacker machine? ANSWER: Yes

• Its Apache2 webroot located at: /var/www/html ? ANSWER: Yes, it may have been set automatically in setup.sh and there were no problems with the configuration

3º - Is 192.168.1.100 the attacker ip address ?? ANSWER: yes, its my ip address

4º - What shell does your system uses: bash or ZSH ? ANSWER: Bash

***But still not work. I open the link and not found the server

[r00t-3xp10it]

try to start apache2 manually ..can you ?? service apache2 start

then goto: http://192.168.1.100 <-- To see if apache2 its working

Another Thing: run setup.sh and delete venom domain name because it is not needed anymore (old configs)

---

[ricko2991]

Yes, it works properly, when i installed setup.sh i chooce use venom domain name. Maybe this is why the link not show. Thanks a lot.

Can i use ngrok in AMSI Evasion payloads options?

[r00t-3xp10it]

• 1º - so the problem was venom domain name config rigth ?? (its interfering with AMSI Evasion Payloads) <= after you reverted the setting it starts working ?

• 2º - nop ... because they required the files stored on apache2 <= ngrok will not give remote access to apache2 .. (But... you can use the Agent (NOT THE DROPPER) with ngrok) <= because dropper will download/exec the agent

[ricko2991]

1º - so the problem was venom domain name config rigth ?? ANSWER : YES (its interfering with AMSI Evasion Payloads) <= after you reverted the setting it starts working ? ANSWER : YES its work perfectly

2º - nop ... because they required the files stored on apache2 <= ngrok will not give remote access to apache2 .. (But... you can use the Agent (NOT THE DROPPER) with ngrok) <= because dropper will download/exec the agent

What the agent exactly can i use?

[r00t-3xp10it]

AGENT (reverse TCP shell): In this case (Amsi Evasion - agent nº5) its Client.exe file...

• so .. you can manually upload the agent to target to recive the connection back ..
• Only the Dropper(s) requires apache2 (to deliver the agent)

In amsi evasion - agent nº1 its: AGENT : /root/Toolswork/Bypass/venom/output/Security-Update.ps1

Final notes

Amsi Evasion - Agent nº5 requires apache2 because it has to deliver the agent and the pdf file..

[ricko2991]

So when i'm not in the same network i can connect use my ip address? Not the ngrok address?

I run ngrok http 80 to expose the web service. I have not try it because i dont have windows device with different ip network

[r00t-3xp10it]

if you are not on same network .. you can manually deliver agent with ngrok and recive the connection .. but... one of the tasks of the dropper it to bypass security mesures and deliver/exec the Agent ..

[ricko2991]

Thanks A lot for helping me fix the problem. I will be trying soon. I Hope if i face the problem again i can fix it