Compile Error: b'' #7
Comments
|
this is also true of PoshC2 shellcode. See below.
It's possible this has to do with the size of the shellcode. Is there a defined upper limit? Can it be overcome? |
|
I'm very confident this is due to the sizing issue seen here. I will test it on my end. If either of you (@mrothbart @dlimanov ) could send your shellcode that is throwing this exception, I would greatly appreciate it. |
|
I'm using a default Covenant shellcode payload. Let me know what's the best way to send it to you. |
|
Same with default PoshC2 shellcode. I linked the repo in my comment so you can generate it yourself and use the excellent framework. I am of course happy to send it to you as well. What's the best way to send it over? |
|
@mrothbart try: https://github.com/cribdragg3r/Alaris/tree/builder_patch You will have to I'm guessing it's too large. And there seem to be ways to bypass that via a custom data struct which, I will build into Alaris (Hopefully this week) to mitigate this issue. |
|
|
|
Same here: python.exe builder.py -s c:\temp\GruntHTTP.bin -p pass123 -o c:\temp |
|
Okay, that's expected behavior. I will review the MSDN docs tonight and see if there isn't a easy way around this by breaking up the string. |
|
@mrothbart @dlimanov This "Should" fix it, mind having a go to test on your system? https://github.com/cribdragg3r/Alaris/tree/builder_patch |
|
|
|
You're on the |
|
|
|
|
|
Sorry for the screens, its just a much more effective way of getting over the info. I think the posh shellcode is quite a bit larger than 17k... |
|
I'm not having the same issues on my end which, is odd. I thought for sure when I hit the max string size of 65,535 bytes I would get the same exception but I'm not. Could you check the |
|
Mine is 222596 for some reason. If this shellcode works for you, then there is a local issue that we need to pin down. |
|
If you like I can upload my loader.cpp tomorrow as well. |
|
New builder_batch worked for me, was able to generate a binary from a 43kb shellcode. |
|
Yeah that doesn't hit the 65k limit like the posh shellcode does. |
Getting the below error on Win10 x64 with latest Python 3.9.2:
python builder.py -s c:\temp\shellcode.bin -p {redacted} -o c:\temp\shellcode.exe
�[36m[i] Key, IV Generation:�[32m Successful�[39m
�[36m [+] Key:�[35m 76a4bdc4d17ef05116bd8c122841aef093e75eb701ff68628ceece84ce37e547�[39m
�[36m [+] IV:�[35m 871b56e90419ec41c0e01fd6bd93a589�[39m
�[36m [+] Salt:�[35m b35a686992959641a2668b9d731c567d�[39m
�[36m[i] Encrypt Shellcode:�[32m Successful�[39m
�[36m[i] Variable Swap:�[32m Successful�[39m
Compile Error: b''
The text was updated successfully, but these errors were encountered: