We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The text was updated successfully, but these errors were encountered:
Sorry, something went wrong.
这东西有bug,是这样的
算了 不改了,以后用CS跟随在系统为x64 都使用x64的shellcode ,不使用x86的beacon shellcode ,因为在系统为x64的情况下x86 beacon 会有一些反射dll功能
大佬请问下这个可以设置中文吗?
No branches or pull requests
起因突然发现使用Hashdump 在x86 进程下无法使用
报了一个an x86 process (can't inject x64 content) 错误, 难道x86进程使用的是x64位反射dll?
答案是确实是这样的, 主要原因还是出在BeaconEntry中的is64()方法, 这个方法判断是当前主机是否是x64的
可以看到当前进程arch是x86, is64确为true
所以解决方法显而易见, 传入inject方法的arch直接用arch()获取
我发现还影响Mimikatz execute-assembly powerpick , 如上修复即可
有趣的是portscan确用的arch()获取, 应该不是同一个开发写的
现在在x86进程上没有报错了, 但是确无法dump hash, 这可能是hashdump x86反射dll问题吧........
The text was updated successfully, but these errors were encountered: