search

nettitude / PoshC2

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
BSD 3-Clause "New" or "Revised" License
1.78k stars 323 forks source link

[BUG] C# Shellcode not being executed by Custom Implant #249

Open M1ck3yS3c opened 3 years ago

M1ck3yS3c commented 3 years ago

Description

Using Posh_v4_x64_Shellcode.bin in a Dropper leveraging Process Hollowing tradecraft (See file attached below) doesn't return an implant

Execution Environment:

All of this must be filled in Data | Value Windows 10 Pro | Version 20H2 PoshC2 | v7.4.0

Implant Info

C# Shellcode | Posh_v4_x64_Shellcode.bin

Defensive Technologies

Windows Defender Deactivated

To Reproduce

Steps to reproduce the behavior:

  1. Compile code using Visual Studio (.Net Version 4.0)
  2. Execute

Expected behavior

Expected an Implant on PoshC2 Client .

Attach files if required

Program.txt

Additional context

benpturner commented 3 years ago

Hi, you mentioned C# Implant but have selected the Posh shellcode. Have you tried the Sharp_v4_x64 shellcode varients

M1ck3yS3c commented 3 years ago

Hello! I tried using the Sharp_v4_x64 shellcode with the code I shared below and I do not get an implant back. FYI: Stagefull shellcodes from msfvenom work without any issue using the same code attached.