search

BC-SECURITY / Starkiller

Starkiller is a Frontend for PowerShell Empire.
https://www.bc-security.org/post/an-introduction-to-starkiller
MIT License
1.37k stars 196 forks source link

[BUG] RunAs / SpawnAs / Credential Use failure #56

Closed SaltyWafffles closed 3 years ago

SaltyWafffles commented 3 years ago

Empire Version

Starkiller Version Starkiller 1.4.0

OS Information (Linux flavor, Python version)

Describe the bug Suspected that ALL credential modules are truncating any passwords with a '$' in them. Confirmed to be an issue with runas/spawnas, but I suspect its for all credential use.

To Reproduce Steps to reproduce the behavior:

  1. Get an agent on a machine
  2. Attempt to use the 'runas' or 'spawnas' module with credentials that has a '$' in it
  3. Cred use will fail

Expected behavior Credentials should be able to be used successfully if a user has any special characters, specifically a $ sign in the password.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

Additional context Add any other context about the problem here.

vinnybod commented 3 years ago

Closed since its a duplicate of https://github.com/BC-SECURITY/Empire/issues/409 (which I believe is fixed in 4.0)