question

[98Kstar]

After using cs4.4 raw csharp x64-bit files to generate exe according to your requirements, you cannot return shell. It has been tested on winserver2019 and win10.

[icyguider]

Hello! I looked into this and confirmed I was able to successfully load Cobalt Strike 4.5 staged & stageless raw shellcode on the following systems:

• Windows 10 21H2 (10.0.19044)
• Windows 10 21H1 (10.0.19043)
• Windows Server 2019 (10.0.17763)

This was done using the following arguments to create the executable:

./nimcrypt -f payload.bin -t raw -v

Make sure you are exporting the beacon/stager as the "raw" output type and try running it again with the arguments above. If it still doesn't work, feel free to send over the verbose output that the exe shows when run and that could help us debug further.

I would also recommend trying to use Metasploit's windows/x64/exec or Meterpreter shellcode in the raw format to see if those work for you. That would help figure out if your issues are Cobalt Strike specific or if there's a bigger problem going on.

[98Kstar]

hi,I use ubuntu18 and install all dependencies as required, the same cs server I can make sure that the network is connected to each other. This is a detailed screenshot of my output. Cs4.4 can go online using powershell, but it cannot go online using the generated exe. My system version Microsoft Windows Server 2019 Datacenter (10.0.17763)

[icyguider]

Apologies if I was unclear - I was asking for the verbose output shown by the generated exe when executed on the target Windows system. It should look something like this:

This output will hopefully show us at which step the generated exe is failing so I can attempt to help you further. Otherwise there is really no way for me to tell what's happening.

[98Kstar]

sorry this is my error

[icyguider]

According to that output, it seems that you are compiling the generated exe with the csharp type and not the raw type. As stated in my first comment on this thread, please try generating the exe with the following arguments for the raw shellcode generated by Cobalt Strike, as the csharp type you are supplying to the tool will NOT work with that:

./nimcrypt -f payload.bin -t raw -v

If you need further assistance, I've made a short video demonstrating the complete process using Cobalt Strike 4.4 and Windows Server 2019 Datacenter. Everything should work for you with no issues if you follow it step by step: https://www.youtube.com/watch?v=3cEbRc61XMM

[icyguider]

Closing this issue for now as it's been over a month since the last reply and I think we figured out your issue.