Comments (9)
Same issue here with 2012 R2 Standard (6.3.9600) and .NET Framework version 4.0.30319.42000.
In Server/listeners/http.py
, line 66:
ssl_context.set_ciphers('ECDHE+AESGCM')
I just commented out this line and the stager was able to connect.
In my opinion, the ciphers used in ST are too restrictive (which is a good point for security) but in this context I think we could be more lax.
What do you think about configuring a more permissive set of ciphers?
from silenttrinity.
I'm pretty sure that's because .NET 4.5 isn't installed on windows 8.1 embedded by default. Only .NET 4.5 supports the newest TLS ciphers that ST uses.
Feel free to do some debugging tho.
from silenttrinity.
Could you give more details? How did you generate the stager? How did you run it? Can you give more information about the Windows machine? What shows you when you execute: systeminfo | findstr /C:"OS"
?
Thanks.
from silenttrinity.
The systeminfo | findstr "OS"
gives me 6.3.9.96000 N/A Build 96000
from silenttrinity.
Is their anyway I could get the deobfuscated c# build source code? The windows box I am using is just for hopefully contributing to this project so I could always manually install the newest version of the dot net framework, but if I could hack together a stagger that would work for both windows 10 and 8.1...
from silenttrinity.
@RayofLightz Open the visual studio solution and you should be good to go.
from silenttrinity.
Agree with @yaap7, only Windows 10 and Server 2016 supports ECDHE+AESGCM. Win8.1, Server 2012 R2 and older Windows versions support ECDHE+AES. Besides commenting out, another alternative is probably set_ciphers('ECHDE+AESGCM:ECDH+AES').
Full cipher list at https://docs.microsoft.com/en-us/windows/desktop/secauthn/cipher-suites-in-schannel
from silenttrinity.
This should have been fixed in the c2_crypto
branch, feel free to try it out and report back :)
from silenttrinity.
This was fixed in 69530ae
from silenttrinity.
Related Issues (20)
- [Feature Request] Linked Docker Hub builds HOT 1
- Sessions do not appear on client HOT 1
- Update Install Documentation HOT 1
- [BUG] 'PromptSession' object has no attribute 'prompt_async' HOT 3
- Cannot use staged payloads (only stageless) [BUG] HOT 5
- upload.py: module 'module' has no attribute 'STModule' HOT 2
- [BUG] Unable to perform http POST request using exe stager HOT 5
- Could not find a version that satisfies the requirement Hypercorn==0.9.0
- [BUG] env -S not supported on Ubuntu 18.04 HOT 1
- Boo casting exception when executing modules HOT 5
- [FEATURE REQUEST] Implicitly set rhost value in stagers
- [enhancement] Implicitly set rhost value for stargers HOT 1
- [BUG] Unhandled exception in event loop HOT 1
- [BUG]
- [BUG] Not able to run st.py HOT 1
- Stagers never complete. HOT 3
- [BUG]Multi Operator Setup
- [BUG] Silenttrinity Client strait lines not showing up HOT 1
- [BUG] Client crashes after using any command HOT 1
- Got error while using boo/inject
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silenttrinity.