Listener not starting on Amsi Evasion Payload Number 1 about venom HOT 15 CLOSED

• 1º- i need a screenshot to see the error ..
• 2º - do you have netcat installed on attacker machine ???
  because amsi evasion agents nº 1, 2, 3 requires netcat listenner ...

Remark:
amsi evasion agent nº 4 does not use netcat Listenner, it uses powershell to recive the tcp connection back.

Manual start netcat listenner

sudo nc -lvp <port number>

Note-To-Self

Amsi Evasion sub-menu does not check for the existence of netcat on attacker side ..
because netcat its by default installed on linux distros ...TODO: add a netcat check ???...

from venom.

So do i need to install netcat on target machine? Because I already have netcat installed on kali linux

from venom.

netcat its only needed in attacker machine (listenner)
something its wrong with your netcat install ..

Execute the follow commands to check if nc its working fine
sudo nc -lvp <port number>

xterm -T "netcat" -e "sudo nc -lvp <port number>" <-- this is the command venom uses to spawn the netcat listenner (handler)

from venom.

Ok and as you told that you need to install xterm for chars.raw, so will pip install xterm work?

from venom.

pip its for PYTHON ...
apt-get install xterm <-- its the command we need to install xterm ..

Thats why your listenner does not start,, because it requires xterm console to spawn netcat ..
xterm oficial webpage

from venom.

Ok, And on the Windows machine do I haveto start the netcat listener? or the.ps1 file will start it when ran

from venom.

Hi
I am trying the Windows Os Payloads in that I am trying number 20.
I run this attack and all i see is this console window. Even Windows Defender detected it.

from venom.

HI
File Less stager works now, But what can i do from netcat? Can i execute system commands? Or open Notepad?

from venom.

#63 (comment) <-- thats the reason why i have written amsi evasion sub-menu because those technics are beeing detected now ..

#63 (comment) <-- netcat gives you access to a console prompt were you can use since cmd commands to powershell commands (the sky its the limit if you are familiarized with those languages) ... in other words: netcat allow you to interact with everything on remote host programatecly ..

from venom.

So can i execute any command or something? Or may be upload files or download them? And can you give tips on manually making these files more Undetectable?

from venom.

you can not upload/download files only by using netcat ..
but we can use netcat to spawn for example ftp service that allow us to upload/download ..

Obfuscation: https://github.com/r00t-3xp10it/hacking-material-books/blob/master/obfuscation/simple_obfuscation.md

from venom.

Alright!
I just have one question now, How can I execute commands while I have the connection on Netcat?

from venom.

HI
I had a question that in Python, We can do process migration? Because I have made my own backdoor in python and now i want that it should run under a parent process such as explorer.exe

from venom.

• 1º - netcat allow you to use almost all languages availabe (intalled) on target machine ...
  that means we have access to cmd, powershell, etc.. or interact with applications/services/etc ...

Examples

netstat -ano <-- use native appl netstat to display a list of tcp/udp connections
cmd.exe /c reg add 'hkcu/software/microsoft/startup /t reg_dword /d 1 /f' <-- use cmd.exe to add registry key

• 2º - migration can be done using any language ...
  but i dont use very oven python so iam not the rigth perso to respond to that question ..

from venom.

Hi!
I was thinking that how can we convert our python backdoor to .ps1? Or a macro file? To XML?

from venom.