search

Mr-Un1k0d3r / ThunderShell

Python / C# Unmanaged PowerShell based RAT
Other
772 stars 223 forks source link

doesn't work on Windows 7 #16

Closed ghost closed 5 years ago

ghost commented 5 years ago

Hi. How can I run payload ps on Windows 7 powershell v2? Do you have any ideas? It doesn't work on Windows 7.

Mr-Un1k0d3r commented 5 years ago

I will add a video in the wiki to show how to use get a session shortly hope it will help in the future

ghost commented 5 years ago

I mean, on Windows 7, the payload ps code doesn't work at all. On Windows 10 there are no such problems. Which version powershell and version Net framework works your payload? Thanks.

Mr-Un1k0d3r commented 5 years ago

The default version that I was using during my test was the following one

PS C:\>$psversiontable

Name                           Value
----                           -----
PSVersion                      3.0
WSManStackVersion              3.0
SerializationVersion           1.1.0.1
CLRVersion                     4.0.30319.42000
BuildVersion                   6.2.9200.22198
PSCompatibleVersions           {1.0, 2.0, 3.0}
PSRemotingProtocolVersion      2.2
Mr-Un1k0d3r commented 5 years ago

Does it return any useful errors or you simply don't get your connect back without errors?

ghost commented 5 years ago

There are no errors on the server. There are not enough libraries in the console when the payload starts. On .Net 2.0 will not work.

Mr-Un1k0d3r commented 5 years ago

The powershell version of the payload is basically just calling Add-Type to load the C# code. Add-Type is supported since powershell 2.0. However, I may be using some C# library that were not available in the .net core 2.0. I'm assuming the same behavior is observed using the exe generated with the solution since I use the mono-mcs utility to compile it (.net version 4 of mono compiler)

I may see if it's possible to create a .net version 2.0 of the payload without removing the core feature for older outdated systems.

ghost commented 5 years ago

Hello. Many thanks for your work and for the time you give! I would be very grateful if you could solve the problem with .net version 2.0 of the payload! How long do you think it will take you?

Mr-Un1k0d3r commented 5 years ago

I will take a look at it but functionalities in .net 2.0 are limited especially from a HTTP request perspective.