client won't reconnect after server restart

[nobeltnium]

When i stop the server and run it again (i'm talking about stop/killing the application and run it again. Not rebooting the machine). Clients won't connect back to the server unless i execute the evil file once more.
Is this a bug or a feature 😅

[quantumcore]

Did you try waiting? Give some time to the client. Maybe if you do this when some background process is pending, like if you do reflective dll injection and the server disconnects. It may take some time for the client to clear up used memory and realize it's disconnected.

(For a simple experiment you can check that when the bug happens, The client is taking alot of memory. You can check this in task manager)

Anyway, Give it a moment. I think this might be a bug. So for a temporal fix if used in real world scenarios, Install persistence as backup just in case.

I'll look into it.

Thanks for reporting! 😅

[nobeltnium]

hi quantumcore, i did some test like you suggest waiting for about 2 hours. But the connection wont establish back.
This is a screenshot of the memory usage when it was disconnected.

FYI Both machine are within LAN and no any kind of AV is running on the windows machine

[quantumcore]

What was the cause of the disconnection?

[nobeltnium]

well, closing the server and open it back on and the client won't reconnect, as i mentioned above.
Sorry for the late reply, i was so busy lately

[quantumcore]

Strange, I just tested it and it works for me. I'll try to reproduce the problem and fix it.

[nobeltnium]

To recreate the situation, first i execute the evil file on a windows machine while the server is listening. Once the file is executed, connection is established

then close the server, and run it again

Once the server is back, the connection cannot be establish. Even after a long period of time (up to 2 hours).

The evil file is still running on windows machine

To be able to reconnect to the server, the evil file need to be executed again. Result in 2 instances of it running

[quantumcore]

What is the payload you're using?

[nobeltnium]

I'm using the standard payload builder that comes with Remote Hacker Probe. With server host and server port information. Without any other options (no Infect USB Drives, no DLL Loader).

[quantumcore]

Hey! Can you try testing if this error still exists with the latest release?

[Elmani335]

Hey! Can you try testing if this error still exists with the latest release?

Hey ! I have this issue too, I'll try the new version and tell if it does work soon ! thx

[quantumcore]

@Elmani335 Yes please do so asap.

[Elmani335]

Hey I tried on my vm the new version is working, but i have few questions :

on this image ^ how to use the reflective loader handler ? i dont' have any machines apperaing here and I don't know how to use it

and on this images ^ on the persistance panel, what does the key mean ? what does it actually do ?

Thx !

[Elmani335]

@quantumcore

[quantumcore]

@Elmani335 Yo that's off the issue, hit me up on discord, I'll explain you over there.

also will add a wiki for detailed explanations, later.
Meanwhile, Read about the Reflective Loader here ; https://quantumcored.com/index.php/2021/03/11/running-completely-in-memory-using-remote-hacker-probes-new-dll-loader-payload/