search

Tylous / ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.
257 stars 25 forks source link

cmd.Run() failed with exit status 255 #5

Open karmine05 opened 5 months ago

karmine05 commented 5 months ago

Running go version go1.21.11 linux/amd64

command trying to exec ./ScareCrow -I cli.bin -domain microsoft.com -Loader control

The Output I get for the error :

[*] Encrypting Shellcode Using ELZMA Encryption
[+] Shellcode Encrypted
[+] Patched ETW Enabled
[+] Patched AMSI Enabled
[+] Sleep Timer set for 2357 milliseconds
[*] Creating an Embedded Resource File
[+] Created Embedded Resource File With speech's Properties
[*] Compiling Payload
exit status 1: -seed chosen at random: shiVA2s6dXhB7lC1MKBY7g
# FDSmytDbnTOacx
usage: link [options] main.o
  -B note
        add an ELF NT_GNU_BUILD_ID note when using ELF
  -E entry
        set entry symbol name
  -H type
        set header type
  -I linker
        use linker as ELF dynamic linker
  -L directory
        add specified directory to library path
  -R quantum
        set address rounding quantum (default -1)
  -T int
        set the start address of text symbols (default -1)
  -V    print version and exit
  -X definition
        add string value definition of the form importpath.name=value
  -a    no-op (deprecated)
  -asan
        enable ASan interface
  -aslr
        enable ASLR for buildmode=c-shared on windows (default true)
  -benchmark string
        set to 'mem' or 'cpu' to enable phase benchmarking
  -benchmarkprofile base
        emit phase profiles to base_phase.{cpu,mem}prof
  -buildid id
        record id as Go toolchain build id
  -buildmode mode
        set build mode
  -c    dump call graph
  -capturehostobjs string
        capture host object files loaded during internal linking to specified dir
  -compressdwarf
        compress DWARF if possible (default true)
  -cpuprofile file
        write cpu profile to file
  -d    disable dynamic executable
  -debugnosplit
        dump nosplit call graph
  -debugtextsize int
        debug text section max size
  -debugtramp int
        debug trampolines
  -dumpdep
        dump symbol dependency graph
  -extar string
        archive program for buildmode=c-archive
  -extld linker
        use linker when linking in external mode
  -extldflags flags
        pass flags to external linker
  -f    ignore version mismatch
  -g    disable go package data checks
  -h    halt on error
  -importcfg file
        read import configuration from file
  -installsuffix suffix
        set package directory suffix
  -k symbol
        set field tracking symbol
  -libgcc string
        compiler support lib for internal linking; use "none" to disable
  -linkmode mode
        set link mode
  -linkshared
        link against installed Go shared libraries
  -memprofile file
        write memory profile to file
  -memprofilerate rate
        set runtime.MemProfileRate to rate
  -msan
        enable MSan interface
  -n    dump symbol table
  -o file
        write output to file
  -pluginpath string
        full path name for plugin
  -pruneweakmap
        prune weak mapinit refs (default true)
  -r path
        set the ELF dynamic linker search path to dir1:dir2:...
  -race
        enable race detector
  -s    disable symbol table
  -strictdups int
        sanity check duplicate symbol contents during object file reading (1=warn 2=err).
  -tmpdir directory
        use directory for temporary files
  -v    print link trace
  -w    disable DWARF generation
exit status 2
exit status 1

[+] Payload Compiled
[*] Signing speech.dll With a Fake Cert
2024/06/07 23:11:44 cmd.Run() failed with exit status 255

This issue was resolved before but seems to be happening again now. Any Idea?