dmchell
commented
6 years ago As discussed on Slack, stageless uses the raw shellcode rather than the C#. If you use raw it will work :)
Closed m57 closed 6 years ago
dmchell
commented
6 years ago As discussed on Slack, stageless uses the raw shellcode rather than the C#. If you use raw it will work :)
Hi, I came across this yesterday and thought it was a really cool project so today I'm having a little play! I have generated a C# payload from Cobalt Strike, and put it in the format "0x41, 0x42" etc, and then reference that in my command:
python SharpShooter.py --dotnetver 2 --stageless --payload hta --rawscfile ~/payload.cs --smuggle --output payload --template mcafeeI host the html and hta on the web server using "host file" in Cobalt strike. When I go and visit the page the HTA Downloads and I can execute it, but I don't get a callback.
Iv had a skim of the source code but its not immediately obvious to me why this wouldn't work. I have .NET installed on the machine im testing on also.
I suppose im asking does this definitely work with Cobalt Strike C# payloads?
Thanks again for the project and look forward to your response. Cheers
EDIT 14:33: I have been testing again and I put the same shellcode into the CS file and compiled and executed it worked fine. Its not an EDR product blocking either so I am still unsure. just doesnt seem to work when using the generated HTA file