From ba06edcdd520b5d81d02fa66cc369aacb2dea62a Mon Sep 17 00:00:00 2001
From: last-byte <fed.lag@protonmail.ch>
Date: Tue, 3 Dec 2024 14:58:05 +0100
Subject: [PATCH] fixed a bug in PSRemoting

---
 CHANGELOG.md                             |   6 +++-
 PersistenceSniper/PersistenceSniper.psd1 | Bin 24684 -> 24688 bytes
 PersistenceSniper/PersistenceSniper.psm1 |  39 ++++++++++++-----------
 3 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eeb21c4..4b83b3d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
-## 1.16.1
+## 1.16.3
+Fixes:
+   - Fixed a bug in the remote computer execution which, under certain circumstances, prevented the proper execution of the module 
+
+## 1.16.2
 Fixes:
    - Fixed a bug in the remote computer execution which, under certain circumstances, prevented the proper execution of the module 
    - Fixed a bug in the handling of the LSA Notification Package detection (see PR #27)
diff --git a/PersistenceSniper/PersistenceSniper.psd1 b/PersistenceSniper/PersistenceSniper.psd1
index 8c154982b8d2ef284e0531131b99aaf797a08595..e584134dc8021814d514907314542926f70329e9 100755
GIT binary patch
delta 1627
zcmX|>$!^+E7=?eLt}12K7l_)b8>_+$abOWuW^fq7WFQz;B_!Z7n=o%I^%Wv@(|y;K
zvgtCf(tQ_wgnqs$2pM1h!}-rS_u7A+Lw}z`Kfj)YVvoOHy?Od}^5N|1*V`YV%ZMyQ
zld)XMP;O)=E$K*229gt7isFbXT`^ddr6(TiQ+X}#<c!+1?4G{AU!7l;DM(Y=k(ng9
zblFH0*pf75LT0954vlg09ddap)>3~gbz*)>t<z#joDnriNJUm+f_5({C~ai~!Jf3q
zFTifFs>)vKJSUEnJh_%RwT9eEgsvj9^Ae-ag!-QNRvy5yx#z(hz%MKXx$~j9pg9HX
z8f7-m4kIfhbw=Dks>L;+rU{q}trv(oRXSZovfCpOhrxkY9`F;!p7Xz#EI0vr7yK!A
z4Jtahk@z->l2~qG^O%GQ>k-d^M;^tN+$jZ3bhTMI3^Zg3yeWO2Eo$fVb?J{Y{NS|#
z;W%FRs7xt&I>Tpl1)Dm-;}&jeK6)lB6Kbm(aOwfLr(wjYm=bR>c0*eeVlxILsnN+c
z*@h<LU6jSC(CEuTr9*sye+MEa{R7D9U^$BF81&${j3gs|1br^Mc|&`Q{r3n)Xs}Ud
z(9j^WBkmGu(|8T3Ir^il`%sxeGlI@9kjSv!;bNUgm;W+0mybl|pheXN7OAR$GM1>%
zZOG6&RFu`hD*!dZ{u*>L>NwBU2{BlEWX5uVRtE}cKoWG0l)^l&t%w>Biy|Nn^_be_
z1)falIXGhBX%abkX8Q)<I|@vcg}Kh5VUfrYFOf-dxLjfd;BvsPiA=CBsB(#!)Xfy7
zJ-s_f=$w!}T@jqK$j{l93`CdIwUoyPA`jB>0j!~E3XF|qbzT#jmNo{4X*0MF`PERr
z#F-4Fnv5`6yTEVw?HD$~n<7I>)ZQW^4ML1@J@OXl4pl`I516-5Bnrqm760XvqBFLS
z8twnNcA>C9Rg@-=mf)REqq$1coSNX1m8D{j#w`Pb5ha|-QW0dUXzdWSk>;==De$Wx
zRl&TXrwXwN60$x`W%wQ}$t!gZkYN<efnAZ$!oEr@4H1oal3l+iqcOC=^O|dk2OGLF
ztWBQMO3o0i!9Hg=D>l(8u7&Y5tG**M@pG6tMqLvf8w@-U*`ZWpe4hcqS+E%Y02L1y
zkLCu>1TSN7R!U@wAS`*VkPVX!zK<qx4Yh{azyW9;n!|WAp*l*<EP*xGSYoondq4tH
cl33P161jkJ6p%Wj`tY9t!)O2T<L6KR0KHBRGXMYp

delta 1631
zcmYL}Np9L;6vrP?SCt}F>II^<>V`$Iu`w*7$}xl?jA3RK!aSOpz{XOKP^4~qg-W?V
zj?gP~-$jqm-$xWGgzfM7{fGCy_xbO$@6WUE=hrize)#?7{nPie&liW#{kx}MAHMmn
z$`X}pvBj0RjAbM@VsOn$MJ!oMk(etH3Cf<xo%G~f-pWV0U{#Uo(~nPU^XitAjg%xO
zWtsBZKw)rS%0Lp*fpUz*E3hX8$xBjF;+K$Y4uwY0OF_0J8h~NQ)x}Uss*=V;QCf&M
z;ko7K$_oA+xeM|F+;b=9qL|==@K3;)pd$FNB!jvELr*SY3`mW8o~VUF2NyFB(Jdx#
zvAPnSdyhyGSX1g)EAvZ<LopWQTjZP2M2>yybA3Q?%G=ixLy%994}n|4xub}*XcC4!
z0ne5<2~e7Jv1y1mkvRfsYFQBIK%FAlCTas;P;m?!djLUlEX4LmT(V6`D2LqJRJ13r
z17dSBqIM(zZxgl=qC3pykq*Eg!bq1VU0NPNgH(fA$PnJij3g6Dhi!eC4ihOqR24u$
zo(kmq=~SHB)U`(cs$3@^OXNi<Vtg`UgHf&CV%`s;OU{=0Dx;7VFNeb+3!56s)LNqL
zEr|M1hw$hJ)&}&*TZ6jQyo9l;hPBN423(r1#E7mDN>D(Q%2WrJ;Oi$N8hm52dvH5E
zwaAWpfQwk@<LTkp8WU3M*z5tM6W-4uR)b_AwxXFmMzO&^hlL99-f>=H&^N%=$#`TV
z3P?C`=fTWb%}+*}oTe}(Rj}YKkO<Sn7@i$mcaSL{KcJ2|@H>PeNa&bUJ&Iv-gHiR%
zgR`i(0?GhYV`YNM9!r^HW5*i@i$mTmiC$wdb~3V&iO0^xsD4kYRwOq_(x5Fto~H2u
zTDyi;O@4#C0kH&9Y94gDqJyrp&R}(l6qKx5T-$JJ{B9^uZHJ4vI+S^M)Cp?RfphU*
zJ}EtRyM(k0(VoU;NJ~JhvzO|i?6@y5Qo@2ugWK57Qs12W0|FyD)&f^0reUtcX82i+
zSeaPVc~<K#oE<nUIy%I#;X!3X{(645)UJ`f#Db0EEh{yYODe1JY$LXWO1Y0BpF`fH
z_A>t_RZp;|&VaHSISzINq}l?Tck1Ykc&q0Bns`I_{@DyopK1*DI)5^fX06fg0YY(l
zlHn=Dlg?PVI1fTUplfR?nh_5`$7h+YWr?lnSPj-Lwj4@S9m-+YId1lpwfbsQWEBQ7
jV}8}Km_X?QQs@2u`CUVKhub(5>O;RFD=F?lyZ`bJX_X7o

diff --git a/PersistenceSniper/PersistenceSniper.psm1 b/PersistenceSniper/PersistenceSniper.psm1
index d64bb98..821647f 100755
--- a/PersistenceSniper/PersistenceSniper.psm1
+++ b/PersistenceSniper/PersistenceSniper.psm1
@@ -1,6 +1,6 @@
 <#PSScriptInfo
 
-    .VERSION 1.16.2
+    .VERSION 1.16.3
 
     .GUID 3ce01128-01f1-4503-8f7f-2e50deb56ebc
 
@@ -188,11 +188,14 @@ function Find-AllPersistence {
   
   $ScriptBlock = 
   {
-    if ($ComputerName) {
+
+    
+
+    if ($PSSenderInfo) {
       $PersistenceMethod = $Using:PersistenceMethod
       $VerbosePreference = $Using:VerbosePreference
     }
-    
+
     $ErrorActionPreference = 'SilentlyContinue'
     $hostname = ([Net.Dns]::GetHostByName($env:computerName)).HostName
     $psProperties = @('PSChildName', 'PSDrive', 'PSParentPath', 'PSPath', 'PSProvider')
@@ -2446,8 +2449,8 @@ function Find-AllPersistence {
 # SIG # Begin signature block
 # MIIVlQYJKoZIhvcNAQcCoIIVhjCCFYICAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB
 # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR
-# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUqyLvdXcEKTdX9FIg2NUX11XX
-# wTmgghH1MIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
+# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUIUMfrfd3ixeru6pEa8XuSpFv
+# K12gghH1MIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B
 # AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy
 # MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh
 # MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw
@@ -2547,17 +2550,17 @@ function Find-AllPersistence {
 # ZDErMCkGA1UEAxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIFIzNgIR
 # ANqGcyslm0jf1LAmu7gf13AwCQYFKw4DAhoFAKB4MBgGCisGAQQBgjcCAQwxCjAI
 # oAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIB
-# CzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYEFIUztCW7+cO7MtLBKxnO
-# CUN/ys76MA0GCSqGSIb3DQEBAQUABIICABS9/ZkiWiPpgffGcFMxPbIKSUxeNZI1
-# 8XotdUKVoVXvNS4DM8N0AeFaOFHJxIwJbx9pQTxapaWRd48o/LmzcEW956bTcD1Q
-# 4W8P4tUsajersEarDoPr5ZhVGchphGSODqaHsQDK3aBO4dptipNfH2vnORhuopou
-# lusxaXXwc0hEHIDeMRXYuK5ayJtgzpdr7Tl5425iQ+/PRGBwjg14lHQ66jAdkGPV
-# Oskwc96o8TXYDZV/IZbYZYJJ0LCkX7h6P5wmOwA8aNwPtuDh+Z1cu7HEjbLTDjI/
-# oZDHGn9N1VHX2D3gFQKb2eRKP1AfZhKueStIHBDh1FbqhaVEo9bAlqi9C4olyTCe
-# lq3hI1hszHU1MpdF7Guv/DwZTtW9DWD4BSX5aQNgzpdarermVrHDWzZ6ko00UruU
-# XErd8ltHTqISoDO4mXomu1iEneHCFXj3AftvWVTWFYUlvM3/Ppd/PgMA7g3UB0lC
-# ElgwooMn8rGxFwca7Cxq1fKG2MZQDnpMSSxeTLvhLJ81YISr3usdkiJI7rsaqYhM
-# Dq50t9TFTm5k3T2xEJIUSEUmIwSogGw7FbHerrozabdQKZCyRE9efMQOn7wFCNW6
-# AJoWa4Okoujb6lShchwZhVTUMODnwEnl0YGYGNZcCsLSs/DKVt8FJDWnMIYHu1H+
-# fsQu1ebSoMvr
+# CzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYEFKvcI4ubCUzcSkdEZPRh
+# R7geeivCMA0GCSqGSIb3DQEBAQUABIICAD7GjTD0NrKeLcGn5e1iN4IEAQZslNzN
+# JtfX0uYRSc3qS9SaK04/OH5eEu+COktketgvGCuV9IMURCo9OGzcC1WvYgxXlYGb
+# 6o82wKejWFcenpC3peYpknVBaGEhP7S8Fm5ROXej2RuyuNvN/SEkL2VnY6r40GAv
+# 3ShXZzQqt8PLdJhZa1aIJ/Snx6SyS+4BwI/kj8wRGQ7COOL6TTZzNiKd2Z0BAdee
+# ovxxaLCpXzJNxjeHc7mJibwVo1fuNYsVJ5akcGR5yqfuoto1GMeE/pjE/7BHSj4K
+# npBqCV18Kca4gj7JieYbe2BSjxmy8SLk7Z2OEN+3eJCPNpx7PWlyqGN20dFuFJij
+# d8tHdkSgC6lrOs5Fm0XG06GFP0CIG/kHwYl7E3ZAjlpbDOPXiZ1ai36R4HskOimp
+# jfWOR8WNocJWca1+bGPDt80FsKasqJ7MQVDZH6Hx4a3B9No4sToO9HCguQeIP717
+# xOF959hlOY9ZwTN3ioDCwo0IzIFJpCpUXQNwkJ90IR+oo95nAKjTSBB/y17EkIlL
+# ehdo+eVAnMyDlXEDAvtu6FWdbLe6G4E07vDQ5UmTWvJ+WSknXPZTYrXkqRASpzEo
+# p5xBK1Q03S4NUv/JFbUiUOQoNvCMDpCxiPdAf5KFSc++f65tQsKNT/KVvtkkWkdf
+# jeKdpk6zlHzG
 # SIG # End signature block