search

0xsp-SRD / mortar

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
MIT License
1.41k stars 226 forks source link

I want to pass command #23

Closed ifconfig2333 closed 2 years ago

ifconfig2333 commented 2 years ago

you able to pass commands for the loaded binary

you deleted the exe, how do i pass the command

I need the program to receive commands

lawrenceamer commented 2 years ago

may insert your command like this https://github.com/0xsp-SRD/mortar/blob/main/DLL/agressor.lpr#L191

bin_decryptor('c:\\windows\\system32\\cmd.exe /c sekulra::logonpasswords' );

could work with DLL

ifconfig2333 commented 2 years ago

Thank you for your answer. This is a success.

still have a question. Can the exe inside be replaced?

or calc.exe

bin_decryptor('c:\\windows\\system32\\calc.exe');

lawrenceamer commented 2 years ago

it should be CLI application that accepts command args only

ifconfig2333 commented 2 years ago

Hello lawrenceamer, today I found that windows defender can check this DLL can you modify it. thank you

Hello lawrenceamer, today I found that windows defender can kill this DLL file, can you modify it? thanks

mooneee commented 2 years ago

dll removed by defander