These files\folders need to be delivered to the endpoints being targeted:
- \Bot2\Movere.Bot2.Local.exe
- \Bot2\Movere.Bot2.Local.exe.config
- \Bot4\Movere.Bot4.Local.exe
- \Bot4\Movere.Bot4.Local.exe.config
- \FrameworkVerifier.exe
- \Token.txt
Once the above have been delivered, the below command must be executed:
FrameworkVerifier.exe noconsole:80
This will trigger the framework verifier, which will identify which Bot version to use. The noconsole:80 piece is just a dummy name and can be anything that will not resolve in the environment.
Using this technique, the endpoints being targeted will need to be able to reach the Internet to offload their payloads. If they cannot, then the payload will self delete along with all of these files after a few minutes. If the Movere Console can be opened on a device (on any port), then enter that device's name with the desired port number, (e.g. server1:80).
NOTE: The Movere Console listens on port 80 by default. If you want to change this then open the file 'Movere.Service.exe.config' and change this line ' <add key="PortNumber" value="80" />' to the desired port.
Next, on the device you run the Movere Console from, you will need to perform a localhost scan. This will open the Movere service listener on the desired port number. Now you can trigger the framework verifier and each targeted endpoint will attempt to send its payload to this device over the specified port number first. If this fails, then it will attempt to upload to the cloud directly. That said, if the targeted endpoints can reach the Internet directly, then simply enter a fake name and when each endpoint fails to contact the fake name they will then attempt a direct cloud upload.
Comments
0 comments
Please sign in to leave a comment.