@PT3 said:
Ok I found the upload… I created the dropper and dropped it I get nothing. I’ve built out a replica Victim VM and installed the service. On the replica system I can drop and get the call back all day long. Not here the real box. I suspect it’s because my dropper isn’t being seen. How can I tell from the limited access I have, if my dropper can be “seen”. Please DM as I don’t want to spoil.
Check if you do not do stupid mistakes. Are all steps on your home machine really IDENTICAL to those on dropzone? Double check each and everyone step.
im definitely confused on the stuxnext part just cause that would require a user to still click the thing right? practically spray and praying with payload directories now hoping one will call back
@PT3 said:
Ok I found the upload… I created the dropper and dropped it I get nothing. I’ve built out a replica Victim VM and installed the service. On the replica system I can drop and get the call back all day long. Not here the real box. I suspect it’s because my dropper isn’t being seen. How can I tell from the limited access I have, if my dropper can be “seen”. Please DM as I don’t want to spoil.
Check if you do not do stupid mistakes. Are all steps on your home machine really IDENTICAL to those on dropzone? Double check each and everyone step.
Well of course it’s not identical. The local IP’s aren’t 10’s… Making it identical wouldn’t work now would it.
@PT3 said:
Ok I found the upload… I created the dropper and dropped it I get nothing. I’ve built out a replica Victim VM and installed the service. On the replica system I can drop and get the call back all day long. Not here the real box. I suspect it’s because my dropper isn’t being seen. How can I tell from the limited access I have, if my dropper can be “seen”. Please DM as I don’t want to spoil.
Check if you do not do stupid mistakes. Are all steps on your home machine really IDENTICAL to those on dropzone? Double check each and everyone step.
Well of course it’s not identical. The local IP’s aren’t 10’s… Making it identical wouldn’t work now would it.
And you use the same service to transfer data? You must have installed extra stuff there.
Hi! I think I’m doing something wrong. I’ve found how to download and upload files. But I don’t understand the Stuxnet vector attack or where should I drop it. Maybe I’ve missed some other path to get in? any hints are welcome
@dina said:
Hi! I think I’m doing something wrong. I’ve found how to download and upload files. But I don’t understand the Stuxnet vector attack or where should I drop it. Maybe I’ve missed some other path to get in? any hints are welcome
refer stuxnet malware analysis paper and go through it you will know what to drop and where.