z0noxz / powerstager

A payload stager using PowerShell
MIT License
183 stars 48 forks source link

Win10 Creators build - Powershell crashing #5

Open St3v3a opened 7 years ago

St3v3a commented 7 years ago

Tried to run on latest W10 build but did not appear to work. So have tried running .ps1 locally as Admin and causes Powershell to crash..

Tried W32 & w64

z0noxz commented 7 years ago

This might be due to different things. Have you tried the exact same .ps1 on other systems with success? If you are using meterpreter (or rather the msf stager injection), what payload are you staging from the msf console i.e. "/windows/x64/meterpeter/reverse_tcp"? What build number of W10 are you trying on? If you have used a private/gray IP in the payload, and nothing that could compromise your privacy or identity, could you paste the .ps1 here? Are you using the last source of PowerStager, as I recently made an uploaded of a fix for addresses containing zeroes (https://github.com/z0noxz/powerstager/commit/865b5dc9f6384482228416e8da6f17414d8d7534)?

Bry-fi commented 7 years ago

Can say I am having the same issue. Ever since the creator update powerstager will not create a session with meterpreter.

z0noxz commented 7 years ago

I now have the latest build of Windows 10 in my lab. I initially had the same issue, but later got it to work. I think it's some of the PowerShell obfuscation that is the reason behind this issue. I'm currently working on a new release of PowerStager that I hopefully will commit to this repo very soon, with a new obfuscation engine (that also is optional) that might solve this issue.

z0noxz commented 7 years ago

A new version is released. Could you try and see if the new one works for you? @steveatco @Bry-fi