Closed riskydissonance closed 5 years ago
If I need to upload a payload somewhere, just let me know.
I'll test it locally anyway but if you can upload the flagged and unflagged DLLs zipped to the issue that'd be super useful, thanks!
poshfiles.zip DLLs, plus the config files (since they're been modified) in case that mattered. No pass on the zip. The 4.7 payload, iirc (it's been a few days) had to execute to be detected and quarantined. Hopefully it doesn't depend on talking with the server to trigger the detection!
Hi, this should be fixed now on the dev
branch as of https://github.com/nettitude/PoshC2_Python/commit/a5d5e2cec88bd40f6295ef74513225a0bbccace2, if you're able to confirm that'd be awesome :)
Sadface
I pulled down the zip of the dev branch, unpacked, performed Install, had it gen the payloads, and then just moved the payload to the host. Caught it immediately even before running it, unfortunately.
Happily though, once I modified my temp dev server with the values from my customized Config.py
and oldurls.txt
files( there's some sort of breaking compatibility issue trying to copy the file straight it seems), and regenerated the payloads, the same file sat on disk and was able to be executed and connected without issue.
I chose to report both since I don't know if you are trying to solve the 'default' case or the 'customized' case.
I think we're happy if it works in practice. Thanks :)
Silent mastadon on Slack reported that Posh_v4_x64.dll is flagged by AVG free whereas the v4.1 version is not. We should investigate the differences and try and fix it.