no response

[shadow1ng]

win 2008 r2

[S4ntiagoP]

Hey there, can you recompile with "make debug" and try again? also, any messages in the script console? Thank you!

[shadow1ng]

in cs4.5 Unknown symbol 'imp_BeaconDataExtract' Unknown symbol '__imp_BeaconDataInt' Unknown symbol 'imp_BeaconDataInt' Unknown symbol 'imp_BeaconAddValue' Unknown symbol '__imp_BeaconPrintf' Unknown symbol 'imp_BeaconRemoveValue'

[S4ntiagoP]

Use the latest release for Cobalt Strike

[shadow1ng]

It can run now. But no command execution result was returned

beacon> noconsolation --local C:\\windows\\system32\\cmd.exe /c ipconfig
[+] host called home, sent: 90964 bytes
[+] received output:
DEBUG: source/utils.c:936:save_pe_info(): 
[+] received output:
The PE cmd.exe is already saved
[+] received output:
DEBUG: source/loader.c:379:load_pe(): 
[+] received output:
Mapped at 0x0000000000AC0000 - 0x0000000000B2A000
[+] received output:
DEBUG: source/loader.c:381:load_pe(): 
[+] received output:
Copying Headers
[+] received output:
DEBUG: source/loader.c:387:load_pe(): 
[+] received output:
Copying each section to memory
[+] received output:
DEBUG: source/loader.c:400:load_pe(): 
[+] received output:
Copied .text at 0x0000000000AC1000
[+] received output:
DEBUG: source/loader.c:400:load_pe(): 
[+] received output:
Copied .rdata at 0x0000000000AF6000
[+] received output:
DEBUG: source/loader.c:400:load_pe(): 
[+] received output:
Copied .data at 0x0000000000B00000
[+] received output:
DEBUG: source/loader.c:400:load_pe(): 
[+] received output:
Copied .pdata at 0x0000000000B1C000
[+] received output:
DEBUG: source/loader.c:400:load_pe(): 
[+] received output:
Copied .didat at 0x0000000000B1F000
[+] received output:
DEBUG: source/loader.c:400:load_pe(): 
[+] received output:
Copied .rsrc at 0x0000000000B20000
[+] received output:
DEBUG: source/loader.c:400:load_pe(): 
[+] received output:
Copied .reloc at 0x0000000000B29000
[+] received output:
DEBUG: source/loader.c:410:load_pe(): 
[+] received output:
Applying Relocations
[+] received output:
DEBUG: source/loader.c:477:load_pe(): 
[+] received output:
Processing the Import Table
[+] received output:
DEBUG: source/loader.c:268:handle_import(): 
[+] received output:
IAT hooking api-ms-win-crt-runtime-l1-1-0.dll!_c_exit with ntdll!RtlExitUserThread
[+] received output:
DEBUG: source/loader.c:268:handle_import(): 
[+] received output:
IAT hooking api-ms-win-crt-private-l1-1-0.dll!_o_exit with ntdll!RtlExitUserThread
[+] received output:
DEBUG: source/loader.c:280:handle_import(): 
[+] received output:
IAT hooking api-ms-win-core-libraryloader-l1-2-0.dll!GetModuleHandleW with my_get_module_handle_w
[+] received output:
DEBUG: source/loader.c:274:handle_import(): 
[+] received output:
IAT hooking api-ms-win-core-libraryloader-l1-2-0.dll!GetProcAddress with my_get_proc_address
[+] received output:
DEBUG: source/loader.c:540:load_pe(): 
[+] received output:
Processing Delayed Import Table
[+] received output:
DEBUG: source/loader.c:577:load_pe(): 
[+] received output:
Setting permissions for each PE section
[+] received output:
DEBUG: source/loader.c:604:load_pe(): 
[+] received output:
Section name: .text, size, 0x35000, protections: 0x20
[+] received output:
DEBUG: source/loader.c:604:load_pe(): 
[+] received output:
Section name: .rdata, size, 0xA000, protections: 0x2
[+] received output:
DEBUG: source/loader.c:604:load_pe(): 
[+] received output:
Section name: .data, size, 0x1000, protections: 0x4
[+] received output:
DEBUG: source/loader.c:604:load_pe(): 
[+] received output:
Section name: .pdata, size, 0x3000, protections: 0x2
[+] received output:
DEBUG: source/loader.c:604:load_pe(): 
[+] received output:
Section name: .didat, size, 0x1000, protections: 0x4
[+] received output:
DEBUG: source/loader.c:604:load_pe(): 
[+] received output:
Section name: .rsrc, size, 0x9000, protections: 0x2
[+] received output:
DEBUG: source/loader.c:604:load_pe(): 
[+] received output:
Section name: .reloc, size, 0x1000, protections: 0x2
[+] received output:
DEBUG: source/loader.c:624:load_pe(): 
[+] received output:
Setting permissions of module headers to READONLY (4096 bytes)
[+] received output:
DEBUG: source/loader.c:636:load_pe(): 
[+] received output:
Flushing instructionCache
[+] received output:
DEBUG: source/loader.c:887:SetCommandLineW(): 
[+] received output:
Searching 2606 pointers
[+] received output:
DEBUG: source/loader.c:896:SetCommandLineW(): 
[+] received output:
BaseUnicodeCommandLine found at 00007FFEAF02D0C0:00000000007E4100 : cmd.exe /c ipconfig
[+] received output:
DEBUG: source/loader.c:899:SetCommandLineW(): 
[+] received output:
GetCommandLineW() : cmd.exe /c ipconfig
[+] received output:
DEBUG: source/loader.c:910:SetCommandLineW(): 
[+] received output:
BaseAnsiCommandLine found at 00007FFEAF02D0D0:00000000007B5FC0 : cmd.exe /c ipconfig
[+] received output:
DEBUG: source/loader.c:913:SetCommandLineW(): 
[+] received output:
GetCommandLineA() : cmd.exe /c ipconfig
[+] received output:
DEBUG: source/loader.c:977:SetCommandLineW(): 
[+] received output:
Checking __wargv
[+] received output:
DEBUG: source/loader.c:960:SetCommandLineW(): 
[+] received output:
Checking _acmdln
[+] received output:
DEBUG: source/loader.c:963:SetCommandLineW(): 
[+] received output:
Setting msvcrt.dll!_acmdln "cmd.exe /c ipconfig" to "cmd.exe /c ipconfig"
[+] received output:
DEBUG: source/loader.c:960:SetCommandLineW(): 
[+] received output:
Checking __argv
[+] received output:
DEBUG: source/loader.c:963:SetCommandLineW(): 
[+] received output:
Setting msvcrt.dll!__argv "cmd.exe /c ipconfig" to "cmd.exe /c ipconfig"
[+] received output:
DEBUG: source/loader.c:977:SetCommandLineW(): 
[+] received output:
Checking _wcmdln
[+] received output:
DEBUG: source/loader.c:980:SetCommandLineW(): 
[+] received output:
Setting msvcrt.dll!_wcmdln "cmd.exe /c ipconfig" to "cmd.exe /c ipconfig"
[+] received output:
DEBUG: source/loader.c:977:SetCommandLineW(): 
[+] received output:
Checking __wargv
[+] received output:
DEBUG: source/loader.c:960:SetCommandLineW(): 
[+] received output:
Checking __p__acmdln
[+] received output:
DEBUG: source/loader.c:963:SetCommandLineW(): 
[+] received output:
Setting ucrtbase.dll!__p__acmdln "cmd.exe /c ipconfig" to "cmd.exe /c ipconfig"
[+] received output:
DEBUG: source/loader.c:960:SetCommandLineW(): 
[+] received output:
Checking __p___argv
[+] received output:
DEBUG: source/loader.c:963:SetCommandLineW(): 
[+] received output:
Setting ucrtbase.dll!__p___argv "" to "cmd.exe /c ipconfig"
[+] received output:
DEBUG: source/loader.c:977:SetCommandLineW(): 
[+] received output:
Checking __p__wcmdln
[+] received output:
DEBUG: source/loader.c:980:SetCommandLineW(): 
[+] received output:
Setting ucrtbase.dll!__p__wcmdln "cmd.exe /c ipconfig" to "cmd.exe /c ipconfig"
[+] received output:
DEBUG: source/loader.c:977:SetCommandLineW(): 
[+] received output:
Checking __p___wargv
[+] received output:
DEBUG: source/utils.c:792:create_thread(): 
[+] received output:
Created thread with 0x00007FFEAEDEBE90 as start address
[+] received output:
DEBUG: source/console.c:912:recover_handle_info(): 
[+] received output:
Recovered handle information
[+] received output:
DEBUG: source/console.c:70:redirect_std_out_err_for_mingw(): 
[+] received output:
redirect_std_out_err_for_mingw
[+] received output:
DEBUG: source/console.c:77:redirect_std_out_err_for_mingw(): 
[+] received output:
PE didn't load msvcrt.dll, skipping
[+] received output:
DEBUG: source/console.c:169:redirect_std_out_err_for_msvc(): 
[+] received output:
redirect_std_out_err_for_msvc
[+] received output:
DEBUG: source/console.c:523:redirect_std_out_err_for_cmd(): 
[+] received output:
redirect_std_out_err_for_cmd
[+] received output:
DEBUG: source/console.c:775:redirect_std_out_err_for_ps(): 
[+] received output:
redirect_std_out_err_for_ps
[+] received output:
DEBUG: source/console.c:782:redirect_std_out_err_for_ps(): 
[+] received output:
PE didn't load mscoree.dll, skipping
[+] received output:
DEBUG: source/console.c:882:redirect_std_out_err_generic(): 
[+] received output:
redirect_std_out_err_generic
[+] received output:
DEBUG: source/runner.c:119:prepare_thread(): 
[+] received output:
Executing cmd.exe
[+] received output:
DEBUG: source/runner.c:228:read_output(): 
[+] received output:
The thread has finished
[+] received output:
done

[shadow1ng]

noconsolation --local C:\windows\system32\cmd.exe /c calc can open calculator。 but noconsolation --local C:\windows\system32\cmd.exe /c ipconfig no cmd result,just debug info

[S4ntiagoP]

most likely there is a compatibility issue with win 2008 r2, whenever I have some free time I will give it a go, thank you for reporting.