-
Notifications
You must be signed in to change notification settings - Fork 658
-
Notifications
You must be signed in to change notification settings - Fork 658
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
covert feature isn't being covert?? #33
Comments
p.s. on my win10 laptop works perfectely, so must be something configured differently on this new win 10 installation. ( maybe its because developer options not turned on? although i have no clue ) |
That's weird. The two powershell CmdLets So rough guess: the powershell runspace hasn't finished loading the needed assemblies for As I'm not able to reproduce this could you please test increasing the delay between powershell console start and input start to 5 seconds with:
|
I'll try increment it now, however first test of 5 seconds didn't appear to make a difference. its almost a complete fresh install of windows 10 also, so this is likely the first power-shell script to be run on it. |
i jumped straight to a 10 and 20 second and didn't make a difference either? and neither worked covertly as intended. basic specs, brand new HP computer with an i7 processor so wouldn't have guessed its performance was stopping it, but obviously I've no idea either. Any other details machine or operating system that would be helpful? also i just opened a new powerhsell window, and typed but then when i typed it a second time in the same window it worked fine the second time??? |
i just manually typed the first command manually from the payload in a new powershell, failed as expected, however when i then typed it again a second time as long as i did in the same window it worked fine??? really strange, seems that on my computer i need to run some commands twice for them to work. no one else obviously has had a similar problem?? |
i now suspect may be the McAfee live safe silly antivirus that came with it, i'm currently uninstalling to see if it fix's, will report result either way. |
It seems like some modules are missing on start, what's the output of |
ok, resolved.!!!!!! appears that antivirus had stuffed up somehow loading modules. |
Hmm, this is a interesting use case, because McAfee seems to hinder execution of basic powershell commands. This payload isn't meant to be stopped by AV. Unfortunately I have no test environment available to dive into this |
Plugged into a new windows 10 machine,
payload is the covert HID and although sometimes works i.e. get a connection.
The covert feture isn't working, have a window on screen displayed also with the errors
please see pastebin for the errors / output of the window
http://www.pastebin.com/WfVAAzNH
anyone else seen this?
The text was updated successfully, but these errors were encountered: