search

BC-SECURITY / Empire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.
https://bc-security.gitbook.io/empire-wiki/
BSD 3-Clause "New" or "Revised" License
4.06k stars 565 forks source link

[BUG] Invoke-ReflectivePEInjection does not pass -ExeArgs #370

Open githubkuyaya opened 3 years ago

githubkuyaya commented 3 years ago

Empire Version

OS Information (Linux flavor, Python version)

Describe the bug

Invoke-ReflectivePEInjection does not pass any -ExeArgs to the .exe.

To Reproduce

Steps to reproduce the behavior:

  1. . .\Invoke-ReflectivePEInjection
  2. Invoke-ReflectivePEInjection -PEPath C:\PathToAnyExe -ExeArgs "SomeArgs"

Expected behavior

Invoke-ReflectivePEInjection should pass the arguments to the .exe file. In my case (see screenshot below), mimikatz should instantly exit.

Screenshots

mimi

Additional context

Mimikatz itself lets you pass arguments with or without "", so those shouldn't be a problem. Example: mimikatz.exe "exit" and mimikatz.exe exit will both do the same.

Cx01N commented 3 years ago

Just so we know what to test later this week. Can you update this to include the version of Empire and Windows (including build)? Thanks.

githubkuyaya commented 3 years ago

Done :).