Closed ricko2991 closed 4 years ago
question:
venom
using venom/aux/setup.sh
script ?
setup.sh
will install dependencies AND config venom.sh settings
filevenom.sh
will use the settings
file to config modules then../var/www/html
?192.168.1.100
the attacker ip address ??bash
or ZSH
?
venom
toolkit has created to work on bash
shell ..Switch from ZSH to BASH:
exec bash
HINT: Screenshots of the bugs are required for me to see whats appenning.. I have updated venom today ,,, i advice you to download the v1.0.17 version and try it again..
1º - Did you Install venom using venom/aux/setup.sh script ? ANSWER: Yes i install it properly, and not problem.
2º - Do you have Apache2 installed on attacker machine? ANSWER: Yes
3º - Is 192.168.1.100 the attacker ip address ?? ANSWER: yes, its my ip address
4º - What shell does your system uses: bash or ZSH ? ANSWER: Bash
***But still not work. I open the link and not found the server
try to start apache2 manually ..can you ??
service apache2 start
then goto: http://192.168.1.100
<-- To see if apache2 its working
Another Thing: run setup.sh and delete venom domain name because it is not needed anymore (old configs)
Yes, it works properly, when i installed setup.sh i chooce use venom domain name. Maybe this is why the link not show. Thanks a lot.
Can i use ngrok in AMSI Evasion payloads options?
1º - so the problem was venom domain name
config rigth ??
(its interfering with AMSI Evasion Payloads) <= after you reverted the setting it starts working ?
2º - nop ... because they required the files stored on apache2
<= ngrok will not give remote access to apache2 ..
(But... you can use the Agent
(NOT THE DROPPER) with ngrok) <= because dropper will download/exec the agent
1º - so the problem was venom domain name config rigth ?? ANSWER : YES (its interfering with AMSI Evasion Payloads) <= after you reverted the setting it starts working ? ANSWER : YES its work perfectly
2º - nop ... because they required the files stored on apache2 <= ngrok will not give remote access to apache2 .. (But... you can use the Agent (NOT THE DROPPER) with ngrok) <= because dropper will download/exec the agent
What the agent exactly can i use?
AGENT (reverse TCP shell): In this case (Amsi Evasion - agent nº5) its Client.exe
file...
Dropper(s)
requires apache2 (to deliver the agent)
In amsi evasion - agent nº1 its: AGENT : /root/Toolswork/Bypass/venom/output/Security-Update.ps1
Amsi Evasion - Agent nº5 requires apache2 because it has to deliver the agent and the pdf file..
So when i'm not in the same network i can connect use my ip address? Not the ngrok address?
I run ngrok http 80 to expose the web service. I have not try it because i dont have windows device with different ip network
if you are not on same network .. you can manually deliver agent with ngrok and recive the connection .. but... one of the tasks of the dropper it to bypass security mesures and deliver/exec the Agent ..
Thanks A lot for helping me fix the problem. I will be trying soon. I Hope if i face the problem again i can fix it
Hi, i want to open the url and give me alert in web browser: """"" Not Found The requested URL was not found on this server.
Apache/2.4.46 (Debian) Server at 192.168.1.100 Port 80
""""""
This is my settings on AMSI BYPASS: [i] AMSI MODULE SETTINGS