jmhickman
commented
5 years ago If I need to upload a payload somewhere, just let me know.
Closed riskydissonance closed 5 years ago
jmhickman
commented
5 years ago If I need to upload a payload somewhere, just let me know.
riskydissonance
commented
5 years ago I'll test it locally anyway but if you can upload the flagged and unflagged DLLs zipped to the issue that'd be super useful, thanks!
jmhickman
commented
5 years ago poshfiles.zip DLLs, plus the config files (since they're been modified) in case that mattered. No pass on the zip. The 4.7 payload, iirc (it's been a few days) had to execute to be detected and quarantined. Hopefully it doesn't depend on talking with the server to trigger the detection!
riskydissonance
commented
5 years ago Hi, this should be fixed now on the dev branch as of https://github.com/nettitude/PoshC2_Python/commit/a5d5e2cec88bd40f6295ef74513225a0bbccace2, if you're able to confirm that'd be awesome :)
jmhickman
commented
5 years ago Sadface
I pulled down the zip of the dev branch, unpacked, performed Install, had it gen the payloads, and then just moved the payload to the host. Caught it immediately even before running it, unfortunately.
Happily though, once I modified my temp dev server with the values from my customized Config.py and oldurls.txt files( there's some sort of breaking compatibility issue trying to copy the file straight it seems), and regenerated the payloads, the same file sat on disk and was able to be executed and connected without issue.
I chose to report both since I don't know if you are trying to solve the 'default' case or the 'customized' case.
riskydissonance
commented
5 years ago I think we're happy if it works in practice. Thanks :)
Silent mastadon on Slack reported that Posh_v4_x64.dll is flagged by AVG free whereas the v4.1 version is not. We should investigate the differences and try and fix it.