User Tools

Site Tools


Sidebar

LUCY MANUAL Applies to LUCY versions above 2.2.

malware_data:lucy_cannot_see_any_data_from_users_that_clicked_on_the_executable
  • Is the Exe running on a Win7/Win8 host with Internet Explorer? If not, it won’t work (i.e. if it's executed on a MAC or Linux Host). We support Mozilla Firefox too, although there might be issues depending on the browser settings (e.g. if you use a different browser than IE to access the internet with proxy settings).
  • Can you reach LUCY from the internet via HTTP or HTTPS from your PC, where the file gets executed? If not, the tool also won’t be able to save the data. Make sure the DNS resolution works and the corresponding firewall Port mappings are configured properly.
  • Is there a local firewall or security product blocking untrusted code from being executed or communicating back to LUCY?
  • Does the UAC settings (https://msdn.microsoft.com/en-us/library/windows/desktop/bb648649(v=vs.85).aspx) block the file or is it configured in a way, that the user is not even notified?
  • Is the exe only not communicating back to LUCY or is it maybe getting blocked from running? As all LUCY's file templates only run for a few seconds in the memory beside the interactive console post, you could try to generate a campaign with interactive sessions (http://phishing-server.com/PS/doc/dokuwiki/doku.php?id=interactive_reverse_http_s_sessions) and check in the process explorer, if you see the file.exe running as a process in the context of the user. If you don't see the file, you know that something is blocking the execution or your windows version is not compatible with the file templates. In that case you can download our malware testing toolkit which will generate a lhcf.txt file on your desktop with debugging info that can help us investigate the issue. You can then send us this text file. Here is the link to our test file:malwaretestingtoolkit_logile.zip
malware_data/lucy_cannot_see_any_data_from_users_that_clicked_on_the_executable.txt · Last modified: 2016/12/05 16:16 by lucy