offsecginger
zombie timeout
so I just recently downloaded this tool and it starts and works fine but for some reason after putting the url on the "target machine" it works but after like 2 seconds it says zombie 0: Timed out. I dont know if theres something im missing or maybe that i didnt install ,but any help would be appreciated
That's A/V eating it.
On Sat, Dec 17, 2022, 6:07 AM MaliciousArk @.***> wrote:
so I just recently downloaded this tool and it starts and works fine but for some reason after putting the url on the "target machine" it works but after like 2 seconds it says zombie 0: Timed out. I dont know if theres something im missing or maybe that i didnt install ,but any help would be appreciated
— Reply to this email directly, view it on GitHub https://github.com/offsecginger/koadic/issues/2, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKDBEQEVCO75GOBDJPB3NLWNWNIDANCNFSM6AAAAAATB4ODYY . You are receiving this because you are subscribed to this thread.Message ID: @.***>
I'm not sure then. It might be that real time protection is still enabled. Windows defender likes to ghost. Turn that on sometimes. I really have an updated the project. I've just kind of kept it alive.
On Sat, Dec 17, 2022, 12:10 PM MaliciousArk @.***> wrote:
i disabled anti virus and it still does the same thing
— Reply to this email directly, view it on GitHub https://github.com/offsecginger/koadic/issues/2#issuecomment-1356333923, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKDBEW6FEDHZPOD2SEA4GLWNXXY3ANCNFSM6AAAAAATB4ODYY . You are receiving this because you commented.Message ID: @.***>
will try to figure it out cause it looks like a cool tool to have and play around with but thanks for the help
@MaliciousArk did you find any solutions? I have the same issues, I turned off all windows security but it keeps saying "zombie 0: Timed out", I can t find other people having and talking about this problem exept you, let me know if you fixed the problem. Thx
verbose says:
[v] handler::handle() - Incoming HTTP from ('192.168.0.16', 52593) [v] handler::handle() - Incoming HTTP from ('192.168.0.16', 52594) [v] handler::parse_params() - Host header present: 192.168.0.19:9999 [v] handler::handle_new_session() [+] Zombie 1: Staging new connection (192.168.0.16) on Stager 0 [v] handler::reply() - sending status 200 with 27031 bytes to ('192.168.0.16', 52594) [v] handler::handle() - Incoming HTTP from ('192.168.0.16', 52595) [v] handler::parse_params() - COULD NOT FIND session.key = ff83f211******************UQ=; [v] handler::reply() - sending status 404 with 0 bytes to ('192.168.0.16', 52595) [v] handler::handle() - Incoming HTTP from ('192.168.0.16', 52596) [v] handler::parse_params() - COULD NOT FIND session.key = ff83f211******************UQ=;\..\..\..\./mshtml,RunHTMLApplication [v] handler::reply() - sending status 404 with 0 bytes to ('192.168.0.16', 52596)
Yeah it does exactly the same thing to me, and I didn't found any solutions yet you are the only ones who have the same issue as me. Did you found any solution ?
Oh okay si you think koadic is now deprecated ? And if yes do you have any good alternatives ?
i have the same problem did you guys find any solution or the problem still remains?
Same problem here, so the project is deprecated or is there anyone that is able to use that?
Guys, i think Koadic just got updated, because now (if you turn off AV of course) zombies don't timeout anymore ! Hope it's the same for you all !
Same issue here. Here are some logs
[v] handler::handle() - Incoming HTTP from ('10.10.54.111', 51488)
[v] handler::parse_params() - Host header present: 10.10.54.26:9999
[v] handler::handle_new_session()
[+] Zombie 5: Staging new connection (10.10.54.111) on Stager 1
[v] handler::reply() - sending status 200 with 27088 bytes to ('10.10.54.111', 51488)
[v] handler::handle() - Incoming HTTP from ('10.10.54.111', 51489)
[v] handler::parse_params() - COULD NOT FIND session.key = bd803a7f703146bc892e3a4036e5a6ea;G1HQ2PU3Y6=;
[v] handler::reply() - sending status 404 with 0 bytes to ('10.10.54.111', 51489)
[v] handler::handle() - Incoming HTTP from ('10.10.54.111', 51490)
[v] handler::parse_params() - COULD NOT FIND session.key = bd803a7f703146bc892e3a4036e5a6ea;G1HQ2PU3Y6=;\..\..\..\./mshtml,RunHTMLApplication
[v] handler::reply() - sending status 404 with 0 bytes to ('10.10.54.111', 51490)
[!] Zombie 5: Timed out.
Ya'll, I'm not updating this tool right now. This was 0xzerosum's and I loved it. It's a JS payload factory. It's gonna get caught by any EDR worth its salt. If you know what you're doing you can easily bypass defenses with it, but just like any payload, it'll be temporary. The reason you're getting timeouts is because whatever defenses present on the system (AMSI still works when Real-Time Protection is disabled) are eating the process. You may get an initial connection, and maybe even run a command that returns, but lately, if you try to process hollow or process inject with any C2, you're gonna have a bad time. I encourage you to look at Mythic C2 if you're looking for a free, legitimate modern payload delivery and management system. As always, don't be jerks and don't do bad things to innocent people / orgs. Feel free to hit me up on Twitter (currently known as X) if you wanna chat. I'm @offsec_ginger.
Message ID: @.***>