Tylous
commented
1 year ago Hello @abeni-92 I need more information. Can you tell me what OS you are running, the full command you executed, and does this happen with different types (.exe .dll)
Closed abeni-92 closed 1 year ago
Tylous
commented
1 year ago Hello @abeni-92 I need more information. Can you tell me what OS you are running, the full command you executed, and does this happen with different types (.exe .dll)
abeni-92
commented
1 year ago The OS i'm using is Windows 10, the command I tried is: .\scarecrow -domain microsoft.com -I payload -Loader dll. The payload is generated by cobaltstrike.I only tried with .exe file
Tylous
commented
1 year ago @abeni-92 do you mean you used an .exe file as the input? If so that won't work because it needs raw shellcode.
abeni-92
commented
1 year ago okay, Thankyou!
On Thu, May 18, 2023 at 7:45 PM Tylous @.***> wrote:
@abeni-92 https://github.com/abeni-92 do you mean you used an .exe file as the input? If so that won't work because it needs raw shellcode.
— Reply to this email directly, view it on GitHub https://github.com/optiv/ScareCrow/issues/74#issuecomment-1553329876, or unsubscribe https://github.com/notifications/unsubscribe-auth/A4FPEL5NQNNW2K7DMIVP7KDXGZGY7ANCNFSM6AAAAAAXYASIOQ . You are receiving this because you were mentioned.Message ID: @.***>
[!] Missing Garble... Downloading it now exec: no command: [] Encrypting Shellcode Using ELZMA Encryption [+] Shellcode Encrypted [+] Patched ETW Enabled [+] Patched AMSI Enabled [+] Sleep Timer set for 2828 milliseconds [] Creating an Embedded Resource File [+] Created Embedded Resource File With Outlook's Properties [] Compiling Payload exec: no command: [+] Payload Compiled [] Signing Outlook.exe With a Fake Cert 2023/05/06 13:20:47 cmd.Run() failed with exit status 0xc0000135