client won't reconnect after server restart about remote_hacker_probe HOT 14 CLOSED

Strange, I just tested it and it works for me. I'll try to reproduce the problem and fix it.

from remote_hacker_probe.

Did you try waiting? Give some time to the client. Maybe if you do this when some background process is pending, like if you do reflective dll injection and the server disconnects. It may take some time for the client to clear up used memory and realize it's disconnected.

(For a simple experiment you can check that when the bug happens, The client is taking alot of memory. You can check this in task manager)

Anyway, Give it a moment. I think this might be a bug. So for a temporal fix if used in real world scenarios, Install persistence as backup just in case.

I'll look into it.

Thanks for reporting! 😅

from remote_hacker_probe.

hi quantumcore, i did some test like you suggest waiting for about 2 hours. But the connection wont establish back.
This is a screenshot of the memory usage when it was disconnected.

FYI Both machine are within LAN and no any kind of AV is running on the windows machine

from remote_hacker_probe.

What was the cause of the disconnection?

from remote_hacker_probe.

well, closing the server and open it back on and the client won't reconnect, as i mentioned above.
Sorry for the late reply, i was so busy lately

from remote_hacker_probe.

To recreate the situation, first i execute the evil file on a windows machine while the server is listening. Once the file is executed, connection is established

then close the server, and run it again

Once the server is back, the connection cannot be establish. Even after a long period of time (up to 2 hours).

The evil file is still running on windows machine

To be able to reconnect to the server, the evil file need to be executed again. Result in 2 instances of it running

from remote_hacker_probe.

What is the payload you're using?

from remote_hacker_probe.

I'm using the standard payload builder that comes with Remote Hacker Probe. With server host and server port information. Without any other options (no Infect USB Drives, no DLL Loader).

from remote_hacker_probe.

Hey! Can you try testing if this error still exists with the latest release?

from remote_hacker_probe.

Hey! Can you try testing if this error still exists with the latest release?

Hey ! I have this issue too, I'll try the new version and tell if it does work soon ! thx

from remote_hacker_probe.

@Elmani335 Yes please do so asap.

from remote_hacker_probe.

Hey I tried on my vm the new version is working, but i have few questions :

on this image ^ how to use the reflective loader handler ? i dont' have any machines apperaing here and I don't know how to use it

and on this images ^ on the persistance panel, what does the key mean ? what does it actually do ?

Thx !

from remote_hacker_probe.

@quantumcore

from remote_hacker_probe.

@Elmani335 Yo that's off the issue, hit me up on discord, I'll explain you over there.

also will add a wiki for detailed explanations, later.
Meanwhile, Read about the Reflective Loader here ; https://quantumcored.com/index.php/2021/03/11/running-completely-in-memory-using-remote-hacker-probes-new-dll-loader-payload/

from remote_hacker_probe.