Comments (4)
Hi,
I have now reconstructed the DLL's and Shellcode so that it only has one entry point for each DLL to make this clearer. Also it now has scriptblock logging bypass for v4 and some transcript logging evasion, not full bypass.
from poshc2.
Hi,
So there is a very good reason for this and not one I personally know how to overcome. So you understand the two entry points which is great for when you run the DLL manually via RunDLL32 but when you either reflectively load or load the DLL into a running process it will call 'Process Attach' and not a dedicated entry point, therefore I needed to create two separate DLLs for those cases. I guess I can remove the VoidFunc2 and VoidFunc from each of the DLLs and only have one entry point for each to be easier but I thought for ease you can take one DLL and run it manually on a host with both versions.
Does that make sense?
from poshc2.
Thank you for the reply.
So if I understand correctly, one DLL (presumably the "v4" DLL) is designed to be reflectively loaded, and the other isn't, but they both retain the entry points?
It would be great if the documentation were updated with this info about the two DLLs.
I really like Posh and am writing a blog series using it as the implant in order to demonstrate Windows AD techniques. So I'm concerned about being accurate in what I document.
from poshc2.
I completely get that, i'll look at updating the documentation when I get chance. I might even remove the multiple entry points to avoid confusion when I'm next modifying that part of the code. Looking forward to seeing your blog series.
from poshc2.
Related Issues (20)
- [BUG] - Apache2 C2 Redirector POST requests HOT 1
- [BUG] - PwrStatusMonitoring is not working
- [BUG] - SharpSocks not currently working - libhostfxr.so could not be found HOT 2
- [BUG] - Package 'libicu63' has no installation candidate HOT 1
- [BUG] PoshC2 Init while creating Donut payload fails HOT 2
- [BUG] PY_SSIZE_T_CLEAN macro must be defined for '#' formats HOT 3
- [BUG] Python 3.10 Compatibility
- [BUG] macOS JXA/JS implant doesn't check in
- [FEATURE] Command output in Implant Handler Process
- [BUG]
- [BUG] download-file command via PBind-Sharp pivot is broken
- [FEATURE] OneDrive and Google Drive As C2
- [BUG]Implants only connecting via TLSv1 causing fatal negotation error. HOT 3
- Linux implant ("native_dropper") not proceed to stage 2
- Posh Server doesn't start because of missing python modules; e.g. yaml HOT 3
- [FEATURE] Tagging Beacons & More
- [BUG] HOT 2
- [BUG]
- [BUG] - python3: No module named pipenv
- [BUG] - enable-rotation in implant issue HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from poshc2.