I'm working on a retired, easy, Windows-based machine. I have ssh access and upload a file (nc.exe, msfvenom, etc) to the machine. Then, when I run my exploit that executes successfully, the file disappears.
My first thought was someone was deleting it, but I have VIP+ access, so it's a personal machine, correct?
My second thought was there's an AV deleting the file since it disappears right when I run the exploit. Soo... I tried nc.exe and various msfvenom .exes. Same thing. Then, I found an article on AV evasion and compiled a XOR msfvenom payload based on c++ code supplied by the author. It too disappeared (though the article was a few years old, so I'm sure the AVs can fingerprint the binary by now).
Not sure where to go from here. So far, the box has been straight forward. I'm at the final stretch, but my file keeps disappearing. Surely AV evasion wouldn't be necessary on an "easy" box, right?