Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to read from 'subprocess' pipe when using base64 blob #18

Closed
Cx01N opened this issue Jul 27, 2023 · 0 comments
Closed

Unable to read from 'subprocess' pipe when using base64 blob #18

Cx01N opened this issue Jul 27, 2023 · 0 comments

Comments

@Cx01N
Copy link

Cx01N commented Jul 27, 2023

Hey guys. Appreciate the work you have done with this and RunOF and we are trying to get RunPE integrated into Empire next.
I ran into a strange issue both locally and through the C2 where it reports back that [-] Unable to read from 'subprocess' pipe. This error happens when I run Mimikatz locally with the file directly, which also seems strange. I tested a few examples: CheekyBlinders.exe (with the updates from #11), Mimikatz, and ATPMiniDump.exe.

image

This is what it looks like if I pass in our Task function, which is using Covenant's Roslyn compiler with a modified version of your project (needed public functions).

    using System;
    using System.IO;
    using System.Linq;
    using System.Reflection;
    using RunPE;
    
    public static class Task
    {
        public static Stream OutputStream { get; set; }
        public static string Execute(string Command = "")
        {
            TextWriter realStdOut = Console.Out;
            TextWriter realStdErr = Console.Error;
            StreamWriter stdOutWriter = new StreamWriter(OutputStream);
            StreamWriter stdErrWriter = new StreamWriter(OutputStream);
            stdOutWriter.AutoFlush = true;
            stdErrWriter.AutoFlush = true;
            Console.SetOut(stdOutWriter);
            Console.SetError(stdErrWriter);
            var assembly = Assembly.GetExecutingAssembly();
            var resourceName = "executable.txt";
            string[] names = assembly.GetManifestResourceNames();
            StreamReader reader = new StreamReader(assembly.GetManifestResourceStream(resourceName));
            string executable = reader.ReadToEnd();
            
            string string_args = "---b " + executable + " " + Command;
            string[] args = string_args.Split(' ');
            RunPE.Program.Main(args);
            
            Console.Out.Flush();
            Console.Error.Flush();
            Console.SetOut(realStdOut);
            Console.SetError(realStdErr);
  
            OutputStream.Close();
            return "";
        }
    }

When I run directly through the application, I can get RunPE to work with ATPMiniDump and CheekyBlinder.
image

And it runs with Mimikatz, but it gives that subprocess pipe error.
image

I'm sure it's something stupid on my part, so I would greatly appreciate any suggestions.
@Cx01N Cx01N closed this as completed Sep 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Cx01N