Phantom-Evasion
Phantom-Evasion copied to clipboard
oddcod3
Additional Options needed - keep alive
- Issue 1 Something I noticed was that if the reverse_tcp meterpreter session died, it didn't spawn/create a new one. If this isn't in it yet, it is really important to add this quick. I know there is a post-exploitation module that should implement this but I'm not sure if that works correctly.
Rerunning the reverse_tcp shellcode every x second needs to be in the File itself! Any persistence as second file is not good. Starting the main file itself is very cpu intense due to the av bypass methods. Thats why it needs to be inside! Like this:
main(){
junkcode()
custom_shellcode="..."
for(;;) {
execute_shellcode()
delay(10000);
}
}
Keeping the process alive is important, but its also important that the process itself reconnects if errors happen, otherwise the process would be still alive but with broken connection >> no shell
-
-
–> Will be implemented
Issue 2 It would be nice to add other options besides
LHostandLPortlikePrependMigrateandPrependMigrateProc, just like you would in msfvenom.I tried to bypass this by creating c shellcode with msfvenom and choosing it instead of the default meterpreter in Phantom-Evasion but it didn't work. (compiling worked but didn't connect) I pasted the shellcode as oneline. Was that the correct way? (see this other issue)
I will include the possibility to add custom msfvenom option in the next release.
Will there be updates on a keepalive feature as described in the question? @oddcod3
@anonymouz4 version 1.2 will be released approximately at the end of this month!
@oddcod3 I thought this would be in version 1.2? Because I can't see anything about this in the release notes?
@anonymouz4 this is a partial update , 1.2.1 will be released in few days with two keepalive modules (write lock & createmutex) and other stuffs i did not inclueded yet!