I am studying the section 19 of Zaid’s Learn Ethical Hacking From Scratch which is Post Exploitation using Meterpreter. This part of the lecture assumes a Meterpreter session with windows 10 stablished to continue the lecture. My problem is that I’ve never been successful to install a reverse https or http backdoor in windows 10 because Windows defender designates it as a virus. I have been using Veil/-evasion to create a reverse https or http backdoor at port 8080 using python, go, cc and then using Msfconsole with exploit/multi/handler and payload windows/meterpreter/reverse_https to listen at port 8080 for the reverse connection from windows 10. So is there a right or better way to bypass windows defender and stablish a Meterpreter session with windows 10 within my network? Thank you.
Hi, I would also be interested in getting some feedback on this topic by any of the admins, since the last similar topic was back in 2017.
@atkrsoft Try to disable Windows Defender and try again. You should be able to establish a connection. If so, this will prove the issue is indeed with Windows Defender and not on your implementation of the steps.
Additionally, be sure to disable the options “Cloud-delivered protection” and “Automatic sample protection”). These should always be always off so MS doesn’t collect the fingerprint of your backdoor.
Once you have verified the backdoor works with WD off, re-enable the “real time protection” and then come back here and tell us.
Having said that, I have went through the lessons and created backdoors with msfvenom (with the obfuscations options usually recommended - iterations, encoding, etc), tried TheFatRat and also Empire, but none of them are able to establish a reverse shell with WD turned on. Windows Defender catches them all when I try to run the file.
Could anybody here let us know if they are, at this date (2021) able to create backdoors with these tools? or if further modifications to the code is required.