Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not working using execute-assembly #9

Closed
sdcampbell opened this issue Oct 1, 2021 · 1 comment
Closed

Not working using execute-assembly #9

sdcampbell opened this issue Oct 1, 2021 · 1 comment

Comments

@sdcampbell
Copy link

I don't believe this is an issue with SweetPotato, I think it may be caused by the fact that I obfuscated SweetPotato to bypass Defender, or it could be something in the system's configuration. I'm trying to understand why running the SweetPotato privesc using execute-assembly with Cobalt Strike or Sliver fails, but if I run it in an interactive session it succeeds? I did obfuscate some function names and recompiled to bypass Defender but I would think that if it works in an interactive session then it would work in a C2 with execute-assembly. Is it possible that my efforts to bypass Defender changed something in the code that I need to fix before it will work using execute-assembly? Thanks in advance.

@sdcampbell
Copy link
Author

I figured it out. I needed to use double backslashes in the path to the command to run. (Sliver C2)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant