jackson5sec
commented
5 years ago Above build-env compiles x64. looks like testing is failing on calc x64 shellcode from msfvenom though. will investigate more
Closed jackson5sec closed 5 years ago
jackson5sec
commented
5 years ago Above build-env compiles x64. looks like testing is failing on calc x64 shellcode from msfvenom though. will investigate more
rokups
commented
5 years ago ntdll.h used in process_hollowing.cpp can be unforgiving when mixed with other windows headers. I suspect issue comes from the fact that debug.h is included in that cpp file as well. Try commenting include and any LOG_* macros out and see if it helps. Ill see to massaging ntdll.h so it does not complain.
jackson5sec
commented
5 years ago All good, got it to build without errors however, I cant get it to inject shellcode with vr.py. When you tested did you compile as x86?
rokups
commented
5 years ago I tested only x64. Will try x86 tomorrow. Sure shellcode arch matches?
On February 17, 2019 21:42:41 jackson5 notifications@github.com wrote:
All good, got it to build without errors however, I cant get it to inject shellcode with vr.py. When you tested did you compile as x86?— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
jackson5sec
commented
5 years ago yeah, tried x64 windows/x64/exec with calc.exe and meterpreter x64
rokups
commented
5 years ago Payload should be x86 if you built vr as x86
On February 17, 2019 22:19:46 jackson5 notifications@github.com wrote:
yeah, tried x64 windows/x64/exec with calc.exe and meterpreter x64— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
jackson5sec
commented
5 years ago ya thats what i meant x64 shellcode with x64 build
edit:
I think it just started working... Is there a delay for icmp payloads? I saw the 15min query delay for imgur didnt realize there was one for icmp?
I'm an idiot. Changed the 15min delay to seconds. works fine now. lol ignore me
rokups
commented
5 years ago Actually it is me who is idiot here heh. I made a mistake in coroutine scheduler code. As a result loop was made to sleep 15min (imgur coroutine) while there was another coroutine which wished to sleep only for 1s (icmp thread). I addressed the issue and now it is once again possible to have long sleep on imgur coroutine while not loosing icmp functionality.
Thanks for pointing this out!
Compiler error: error: redefinition of 'struct _PROCESSOR_NUMBER' in #include from process_hollowing.cpp
Build ENV: Clion IDE on Win7x64 Mingw toolchain from msys2 (fully updated)
Have you ran into this issue? Wondering if i need to downgrade to an older toolchain for CLion to use
edit: fixed it. was an issue with my msys2 installation
For anyone else that has issues you can install your build-env using chocolatey From an admin powershell prompt: iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) cinst ruby # install ruby cinst msys2 --params "/NoUpdate" # install msys2 without system update Update-SessionEnvironment # refresh environment vars ridk install 2 3 # use ruby's ridk to update the system and install development toolchain choco install clion-ide