Closed cmprmsd closed 1 year ago
I ran into this issue as well using shellcode from Sliver. I believe the issue is because Sliver can produce some pretty large shellcode payloads and the injection templates in this project cap the shellcode at 1890000 bytes (https://github.com/guervild/uru/blob/main/data/templates/injector/windows/native/local/go-shellcode-syscall/functions.go.tmpl#L70).
Here's a stacktrace that I was able to capture.
Changing the size in the template and rebuilding the project with go build .
got me up and running. This project is awesome but the code base is very new to me. I'm thinking about doing a PR but if someone beats me to all the better. 👍
Sounds plausible! In my case it was also a sliver payload 👍
Hello!
Thank you for the feedback ! I pushed a fix on this branch.
Do not hesitate to tell me if the commit fix the issue, i will merge it in the v0.0.3.
Tested that branch and confirmed it works for me! Thanks!
Great thank you @guervild and @matt-moses for remediating this issue!
The execution of shellcode fails for me in any case. The example config fails silently in debug mode with garble enabled.
When creating a new config with only
sleep 2
andxor
the program does not execute correctly:unobfuscated shellcode comes from sliver:
generate --os windows --http https://domain --format shellcode -l
config (tested with and without xor)
AV is turned off