New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

inovke-mimikatz.ps1 no longer works on 'any' patched Windows hosts -(e.g. win8,win2012,ect.) #304

Open
mobychien opened this Issue Sep 28, 2018 · 5 comments

Comments

Projects
None yet
4 participants
@mobychien
Copy link

mobychien commented Sep 28, 2018

invoke-mimikatz works on unpatched Windows 2012 R2 server.
Once, the same server has been patched to the latest patch level, invoke-mimikatz failed to execute with the following errors:
Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : AmbiguousMatchException
+ PSComputerName : my-tstwin12r2
You cannot call a method on a null-valued expression.
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
+ PSComputerName : my-tstwin12r2
Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
+ CategoryInfo : NotSpecified: (:) [], MethodException
+ FullyQualifiedErrorId : MethodCountCouldNotFindBest
+ PSComputerName : my-tstwin12r2
..............................................................
VirtualAlloc failed to allocate memory for PE. If PE is not ASLR compatible, try running the script in a new PowerShell process
(the new PowerShell process will have a different memory layout, so the address the PE wants might be free).
At line:2569 char:3

  •     Invoke-Command -ScriptBlock $RemoteScriptBlock -ArgumentList  ...
    
  •     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : OperationStopped: (VirtualAlloc fa...might be free).:String) [], RuntimeException
    • FullyQualifiedErrorId : VirtualAlloc failed to allocate memory for PE. If PE is not ASLR compatible, try running the scri
      pt in a new PowerShell process (the new PowerShell process will have a different memory layout, so the address the PE wants
      might be free).
@phra

This comment has been minimized.

Copy link

phra commented Nov 16, 2018

👍

any news?

phra added a commit to phra/PowerSploit that referenced this issue Jan 2, 2019

@jun0s

This comment has been minimized.

Copy link

jun0s commented Jan 8, 2019

Thank you @phra the solution works for me 👍 ..... same issue with invoke-ninjacopy, same solution and any Reflective PE Injection related.

@emanuelecesari

This comment has been minimized.

Copy link

emanuelecesari commented Jan 9, 2019

Thank you @phra the solution works for me 👍 ..... same issue with invoke-ninjacopy, same solution and any Reflective PE Injection related.

How did you solve it?
I am still getting that error

@jun0s

This comment has been minimized.

Copy link

jun0s commented Jan 9, 2019

he fix it in this repo... phra@4c7a201 and i make the local changes for invoke-ninjacopy.

@phra

This comment has been minimized.

Copy link

phra commented Jan 9, 2019

there is a PR: #314

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment