search

HavocFramework / Havoc

The Havoc Framework.
GNU General Public License v3.0
6.31k stars 903 forks source link

[File a bug report for the Demon Implant]: parseing empty spaces after the Shell command #418

Closed pentestuser72 closed 7 months ago

pentestuser72 commented 8 months ago

What happened?

the inbuilt "shelll" command from the demon does not parse anything after a space in the arguments (e.g. shell sc qc Fake Service) the shell only picks it up as: sc qc Fake

Did You Try With the Dev Branch?

Yes (You tried using the dev branch but the problem persists)

Relevant log output

With Actual CMD: 

sc qc "Rockstar Service"

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: Rockstar Service
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "E:\Launcher\RockstarService.exe"
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Rockstar Game Library Service
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

With Havoc Demon

20/10/2023 19:55:51 [5pider] Demon » shell sc qc "Rockstar Service"
[*] [D28570CE] Tasked demon to execute a shell command
[+] Send Task to Agent [144 bytes]
[+] Received Output [98 bytes]:
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

20/10/2023 20:12:16 [5pider] Demon » shell C:\Users\pentester\Downloads\safesharpup.exe audit ModifiableServices
[] [7916CAF5] Tasked demon to execute a shell command
[+] Send Task to Agent [230 bytes]
[+] Received Output [273 bytes]:

=== SharpUp: Running Privilege Escalation Checks ===

[] In medium integrity but user is a local administrator- UAC can be bypassed.

[] Quitting now, re-run with "audit" argument to run checks anyway (audit mode).

[] Completed Privesc Checks in 0 seconds

20/10/2023 20:12:32 [5pider] Demon » shell C:\Users\pentester\Downloads\safesharpup.exe "audit ModifiableServices"
[] [73E5B1F4] Tasked demon to execute a shell command
[+] Send Task to Agent [230 bytes]
[+] Received Output [273 bytes]:

=== SharpUp: Running Privilege Escalation Checks ===

[] In medium integrity but user is a local administrator- UAC can be bypassed.

[] Quitting now, re-run with "audit" argument to run checks anyway (audit mode).

[] Completed Privesc Checks in 0 seconds

Did You Read Over Your Issue First?

S4ntiagoP commented 7 months ago

you are supposed to escape quotes, that's the problem, maybe I can remove that need for shell commands, will check

S4ntiagoP commented 7 months ago

ok now you don't need to escape quotes while using the shell, powershell and dotnet inline-execute commands: https://github.com/HavocFramework/Havoc/commit/8cc9b3821e908d5d28c16be4311d9b02a90cc6e6 let me know if you still experience issues.