Closed itm4n closed 1 year ago
When building the script, the file src\02_Helpers.ps1 is blocked by AMSI.
src\02_Helpers.ps1
C:\PATH\TO\PrivescCheck>powershell -ep bypass -c ".\Build.ps1" [OK] Loaded module file 00_Main.ps1 [OK] Loaded module file 01_Win32.ps1 [KO] Failed to load module file 02_Helpers.ps1 [ERROR] At C:\_WORKSPACE\PrivescCheck\src\02_Helpers.ps1:1 char:1 + function Test-IsRunningInConsole { + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This script contains malicious content and has been blocked by your antivirus software. [OK] Loaded module file 03_User.ps1 [OK] Loaded module file 04_Services.ps1 [OK] Loaded module file 05_Applications.ps1 [OK] Loaded module file 06_ScheduledTasks.ps1 [OK] Loaded module file 07_Hardening.ps1 [OK] Loaded module file 08_Config.ps1 [OK] Loaded module file 09_Network.ps1 [OK] Loaded module file 10_Updates.ps1 [OK] Loaded module file 11_Credentials.ps1 [OK] Loaded module file 99_Misc.ps1
This can be worked around by disabling "Windows Security" during build, but it would be nice to improve the Builder script in order to bypass detection earlier in the process.
Slightly modified the Builder script.
That's it. Apparently, this does the trick because the script is no longer caught by AMSI. :partying_face:
When building the script, the file
src\02_Helpers.ps1
is blocked by AMSI.This can be worked around by disabling "Windows Security" during build, but it would be nice to improve the Builder script in order to bypass detection earlier in the process.