kyleavery
commented
1 year ago Can you provide the Malleable C2 profile you were using?
Closed PlumbusOperator closed 9 months ago
kyleavery
commented
1 year ago Can you provide the Malleable C2 profile you were using?
PlumbusOperator
commented
1 year ago Thanks for your quick reply.
It was the 'example.profile' from your repo and a slightly modified version of that (only http-get/post sections were changed).
naliferopoulos
commented
1 year ago I seem to have encountered this issue on Windows 8.1 as well. I dig some digging around, the crash appears to happen after NtSignalAndWaitForSingleObject, during the creation of the new thread with the crafted context. For some reason, I haven't been able to properly debug the new thread with x64dbg though so I am not sure exactly what goes wrong. Could it perhaps be an issue with the tampoline gadget in ntdll.dll on 8.1/Win server 2016, if the crashes are indeed related?
fyxme
commented
1 year ago Getting the same issue when testing the loader in a guest VM but not on the host for some reason, both Windows 10. Thought it was a memory issue at first but increasing memory/pagefile size didnt fix it.
_EDIT: Regenerated the profile and forgot to validate it again, had to remove sleep_mask and smartinject_. Works on both host and vm after that
kyleavery
commented
9 months ago I'm unable to reproduce. I just pushed some small bug fixes. Try again and reopen if you still have this issue.
mangocherrychk
commented
3 weeks ago Did you manage to find a solution to this you guys ? @PlumbusOperator @naliferopoulos
Hi, I encountered an issue with the by AceLdr generated shellcode on Win server 2016.
Summary test/debug results:
Why do you think this is happening and what could be a possible solution?