Closed vysecurity closed 2 years ago
That probably isn't a good outcome in most scenarios. I will look into this and push a fix.
@vysecurity I just did a test where I injected into cmd.exe on 64-bit Windows 11. Executing the exit
command in that Beacon's console did not kill the host process. Can you tell me more about the circumstances in which you encountered this bug so that I can replicate it?
@kyleavery I did the same to inject to cmd.exe on 64-bit Windows 10. Process died when exit command was issued. Besides, may I know if AceLdr does not support .NET execution? It also died when I tried to execute .NET in memory. Thanks!
@ScriptIdiot I just tested 64-bit Windows 10 cmd.exe and the process did not exit. Did you use the example profile? If not, can you post your profile?
I am unable to replicate the issue on Windows 10 or 11 with cmd.exe or notepad.exe. If you continue to experience this behavior, reopen the issue and post your C2 profile and any debug information you can collect.
I’ll have another look, it might be related to the loader. Though it’s just a basic loader that uses syscalls to inject into explorer.
On Sun, 14 Aug 2022 at 10:41, Kyle Avery @.***> wrote:
@vysecurity https://github.com/vysecurity I just did a test where I injected into cmd.exe on 64-bit Windows 11. Executing the exit command in that Beacon's console did not kill the host process. Can you tell me more about the circumstances in which you encountered this bug so that I can replicate it?
— Reply to this email directly, view it on GitHub https://github.com/kyleavery/AceLdr/issues/2#issuecomment-1214272399, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA3N7USTCPBMMWGGSVX72CLVZBMGLANCNFSM56NXYW4Q . You are receiving this because you were mentioned.Message ID: @.***>
Is the process death expected when you exit?