Linux backdoor not working [solved]

I have create backdoor using stager multi/bash in empire.

After creating backdoor, I downloaded the file from evil-files & saved it in “Downloads”

When I run the bash for the particular backdoor it connected with kali.

But when i typed “sysinfo” didnt get any information about the Linux target device.

When i check the “Downloads” its showing “empty”

Why is this happening?

So did you get an agent in Empire after executing the backdoor at the target machine?

Anyway can I see the result of ifconfig in Kali and in the target machine please?

Can you also show me the options used in the agent and in the listener please?

Its connecting to the target machine(Ubuntu) But only thing is that when i check the “sysinfo” unable to get any information about the target machine.

And when I check the “Downloads” file, its showing “NO FILES”

But before doing the “bash Basic_bash_shell” the downloaded file was there in “Downloads” folder.

When i run the bash command, the folder is empty.

I have even unstalled & reinstalled the Empire but still getting the same problem.

Is it due to in build anti-virus in Linux machine?

Cant find any in-build Defender in Ubuntu.

Just help me out with this.

And also I have a doubt.

When i use the empire file with .bat extension & run it in Windows machine. I was able to bypass Windows Defender.

But when I tried to converter it into .exe extension was unable to by pass the Wndows Defender.

This is very strange, do other commands work ? have you tried doing pwd, dir ?? have you tried using any modules ??

As for the Windows defender issue, I just tested the autoit method and I managed to bypass it 2 days ago, I can’t test now cause I’m out of the office but will test it when I’m back on Monday.

Other commands means?

I tried “Info” after doing “interact agents” , its showing the list of information but when i try “sysinfo” not getting any information.

Even reinstalled Empire till now, I am unable to resolve it.

Also with Windows Defender was unable to bypass defender tried everything was unsuccessful.

I even went back to the original install by doing snapshot, But still no luck.

When i download the file, Windows defender is removing it.

Really frustrating :frowning:

Even tried copying the code & paste it into terminal.

But still I am getting the same error.

When I check “sysinfo” & It didnt display any information.

Yeah I tried searching for it for you and yeah no luck, I will have to do some tests on my lab and get back to you, I will be back in the office tomorrow (Monday) and I’ll try to figure out what’s happening.

As for Windows defender then yeah try HxD.


I bypassed Windows Defender with empire with editing the .exe file

Great stuff, that’s why I included more than one method for generating the backdoors, cause like I said in the course sometimes not all the backdoors will allow you to bypass all AV programs, maybe in a month’s time Empire will be detected and Veil will work