Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Module bypassuac_tokenmanipulation not work #547

Open
P4nD4Bot opened this issue Feb 21, 2022 · 1 comment
Open

[BUG] Module bypassuac_tokenmanipulation not work #547

P4nD4Bot opened this issue Feb 21, 2022 · 1 comment
Assignees
@Hubbl3
Labels
bug Something isn't working

Comments

@P4nD4Bot
Copy link

P4nD4Bot commented Feb 21, 2022
edited
Loading

Note: Please fill out all sections (if applicable) and do not delete the below section headers, otherwise the bot will close the issue.

Empire Version

Lastest

OS Information (Linux flavor, Python version)

  • OS: Kali Linux
  • Python: 3.9.10

Describe the bug

When using module bypassuac_tokenmanipulation no connection to host where new stagers in

To Reproduce

Steps to reproduce the behavior:

  1. Using module powershell/privesc/bypassuac_tokenmanipulation
  2. set Host, Port, Stagers (bat)
  3. Using python3 -m http.server to host new launcher.bat stagers
  4. Submit

Expected behavior

Module tasked but no new agent spawn

Screenshots

image

Additional context

In python http.server no new connection fire when module submited
@P4nD4Bot P4nD4Bot added the bug Something isn't working label Feb 21, 2022
@P4nD4Bot
Copy link
Author

P4nD4Bot commented Feb 28, 2022
edited
Loading

I thing cradle base64 encode go wrong that make Invoke-BypassUACTokenManipulation not woking.

Steps to fix:

  1. Host must be URL (http://IP)
    Additional code to format IP to url:
        import socket
        try:
            socket.inet_aton(host)
        except socket.error as e:
            pass
        else:
            host = "http://" + host
  1. Add .encode("ascii") to blank_command And .decode("ascii") to encoded_cradle .

image

vinnybod added a commit that referenced this issue Feb 21, 2023
@vinnybod
Fix loading Invoke_ExfilDataToGiHub. Fix issue detecting logs in load…
75c9dfe 
… modules test (#547)

* Fix loading Invoke_ExfilDataToGiHub. Fix issue detecting logs in load modules test.

* changelog, update isort to fix pre-commit error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Hubbl3 Hubbl3

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hubbl3 @P4nD4Bot