search

optiv / ScareCrow

ScareCrow - Payload creation framework designed around EDR bypass.
2.71k stars 503 forks source link

cmd.Run() failed with exit status 0xffffffff #66

Closed qwertymamont closed 1 year ago

qwertymamont commented 2 years ago

Hello! After trying to compile it gives the following error: cmd.Run() failed with exit status 0xffffffff

What could be the problem?

Tylous commented 2 years ago

There is now run.cmd command when you compile the framework. If you are referring to making a loader then, it could be on the code cert. I would need to see the command you than and the output to help troubleshoot it.

qoo7972365 commented 1 year ago

[] Encrypting Shellcode Using AES Encryption [+] Shellcode Encrypted [+] Patched ETW Enabled [+] Patched AMSI Enabled [+] Sleep Timer set for 2520 milliseconds [] Creating an Embedded Resource File [+] Created Embedded Resource File With Outlook's Properties [] Compiling Payload [+] Payload Compiled [] Signing Outlook.exe With a Fake Cert 2022/12/10 17:29:48 cmd.Run() failed with exit status 255

vay3t commented 1 year ago

I think that's where the problem lies: https://github.com/optiv/ScareCrow/blob/main/limelighter/limelighter.go#L139-L153 What operating system do you use? and its architecture?

Tylous commented 1 year ago

No, this is an issue with the latest version of osslsigncode. You need to revert to this version as its the latest that works. 


    OpenSSL 1.1.1s  1 Nov 2022 (Library: OpenSSL 1.1.1s  1 Nov 2022)
    libcurl/7.79.1 SecureTransport (LibreSSL/3.3.5) zlib/1.2.11 nghttp2/1.45.1

Please send bug-reports to Michal.Trojnara@stunnel.org```
jphillips241 commented 1 year ago

hi @Tylous. I am having a similar issue as the above mentioned cmd.Run() failed with exit status 255 when trying to compile.

I am a little confused by your response above because you mentioned it being an issue with osslsigncode and to revert to 'this' version and you instead show the version of OpenSSL 1.1.1s.

So, I installed OpenSSL 1.1.1s and still have issues. For clarity can you list specifically which version of osslsigncode is needed?

Here is the output when I try to compile:

Screenshot 2023-06-06 at 11 18 12 AM

And here are my versions of osslsigncode and OpenSSL I have installed:

Screenshot 2023-06-06 at 11 19 33 AM

I have also installed various versions of osslsigncode including the most recent and have had no luck.

Sorry if I'm missing something obvious! Appreciate your time!