Execute Assembly not parsing arguments correctly

chvancooten / NimPlant

A light-weight first-stage C2 implant written in Nim.

MIT License

779 stars 109 forks source link

Execute Assembly not parsing arguments correctly #21

Closed shorefall closed 1 month ago

shorefall commented 1 year ago

When I run this it works fine without any additional quotes (could be the problem) When I run this It somehow just prints the help menu of the tool without doing what I want. Any idea?

chvancooten commented 1 year ago

Hi, thanks for reporting this. Could you please paste the exact command line for both versions? The first screenshot appears to be truncated.

shorefall commented 1 year ago

The example working one: SharPersist -t startupfolder -m list

A command that breaks/bugs execution: execute-assembly C:\SharPersist.exe -t startupfolder -c "C:\Windows\System32\cmd.exe" -a "/c payload.exe" -f "Test File on Startup" -m add

shorefall commented 1 year ago

ETW or AMSI did not seem to influence this behaviour.

chvancooten commented 1 year ago

Thanks for the additional information! It's very possible that the quotes break something, though I'm not exactly sure what would cause this behavior. Could you please try the following test cases and see if they improve anything? That may help pinpoint the issue?

Use single quotes instead of double quotes
Leaving out the quotes altogether
Quote all arguments in single quotes, leaving the double quotes in place
Escaping the quotes with a backslash ()