remote_hacker_probe icon indicating copy to clipboard operation
remote_hacker_probe copied to clipboard

Published 20 hours ago verified publisher icon quantumcore

client won't reconnect after server restart

Open nobeltnium opened this issue 3 years ago • 14 comments

When i stop the server and run it again (i'm talking about stop/killing the application and run it again. Not rebooting the machine). Clients won't connect back to the server unless i execute the evil file once more. Is this a bug or a feature :sweat_smile:

nobeltnium avatar Sep 16 '21 14:09 nobeltnium

Did you try waiting? Give some time to the client. Maybe if you do this when some background process is pending, like if you do reflective dll injection and the server disconnects. It may take some time for the client to clear up used memory and realize it's disconnected.

(For a simple experiment you can check that when the bug happens, The client is taking alot of memory. You can check this in task manager)

Anyway, Give it a moment. I think this might be a bug. So for a temporal fix if used in real world scenarios, Install persistence as backup just in case.

I'll look into it.

Thanks for reporting! 😅

quantumcore avatar Sep 16 '21 17:09 quantumcore

hi quantumcore, i did some test like you suggest waiting for about 2 hours. But the connection wont establish back. This is a screenshot of the memory usage when it was disconnected. image FYI Both machine are within LAN and no any kind of AV is running on the windows machine

nobeltnium avatar Sep 19 '21 04:09 nobeltnium

What was the cause of the disconnection?

quantumcore avatar Sep 19 '21 17:09 quantumcore

well, closing the server and open it back on and the client won't reconnect, as i mentioned above. Sorry for the late reply, i was so busy lately

nobeltnium avatar Sep 23 '21 02:09 nobeltnium

Strange, I just tested it and it works for me. I'll try to reproduce the problem and fix it.

quantumcore avatar Sep 23 '21 14:09 quantumcore

To recreate the situation, first i execute the evil file on a windows machine while the server is listening. Once the file is executed, connection is established image

then close the server, and run it again image

Once the server is back, the connection cannot be establish. Even after a long period of time (up to 2 hours).

The evil file is still running on windows machine image

To be able to reconnect to the server, the evil file need to be executed again. Result in 2 instances of it running image

nobeltnium avatar Sep 23 '21 15:09 nobeltnium

What is the payload you're using?

quantumcore avatar Sep 23 '21 15:09 quantumcore

I'm using the standard payload builder that comes with Remote Hacker Probe. With server host and server port information. Without any other options (no Infect USB Drives, no DLL Loader). image

nobeltnium avatar Sep 23 '21 15:09 nobeltnium

Hey! Can you try testing if this error still exists with the latest release?

quantumcore avatar Jan 08 '22 12:01 quantumcore

Hey! Can you try testing if this error still exists with the latest release?

Hey ! I have this issue too, I'll try the new version and tell if it does work soon ! thx

Elmani335 avatar Feb 02 '22 23:02 Elmani335

@Elmani335 Yes please do so asap.

quantumcore avatar Feb 03 '22 14:02 quantumcore

Hey I tried on my vm the new version is working, but i have few questions :

image on this image ^ how to use the reflective loader handler ? i dont' have any machines apperaing here and I don't know how to use it

image and on this images ^ on the persistance panel, what does the key mean ? what does it actually do ?

Thx !

Elmani335 avatar Feb 03 '22 17:02 Elmani335

@quantumcore

Elmani335 avatar Feb 04 '22 17:02 Elmani335

@Elmani335 Yo that's off the issue, hit me up on discord, I'll explain you over there.

also will add a wiki for detailed explanations, later. Meanwhile, Read about the Reflective Loader here ; https://quantumcored.com/index.php/2021/03/11/running-completely-in-memory-using-remote-hacker-probes-new-dll-loader-payload/

quantumcore avatar Feb 05 '22 11:02 quantumcore