Comments (4)
HuskyHacks
commented on July 18, 2024
Have annotated this in https://github.com/mttaggart/OffensiveNotion/wiki/6.-Agent-Interaction#windows-inject-self but will continue to work on resolving the underlying issue
from offensivenotion.
HuskyHacks
commented on July 18, 2024
Reproduced under different conditions: I made some Cobalt Strike shellcode, tried to overwrite it, but ended up saving 0 bytes to a file by accident. When the self-injection happened, the agent "decoded" the 0 bytes, mapped the 0 bytes into memory, executed the thread, and died hard. Noted
Possible solution for this iteration: check to make sure there are more than 0 bytes during the shellcode download
from offensivenotion.
HuskyHacks
commented on July 18, 2024
I just had a eureka moment and I think this might happen because msfvenom generated shellcode defaults to ExitFunc=process. I will test this with ExitFunc=thread and see if that alters the behavior.
The second bug I mentioned (agent dies because of size 0 buffer of shellcode) is still something we need to handle.
from offensivenotion.
HuskyHacks
commented on July 18, 2024
I noticed that the script in the wiki uses Exitfunc=thread as an argument and it still kills the agent in the event of an unsuccessful self injection (this time it was a mismatch of B64 iterations given during decode) so that smashes my hypothesis to bits.
from offensivenotion.
Related Issues (20)
- [Documentation/Wiki] Collab Shoutout Section 🤘 HOT 1
- [Refactor] Migrate Windows functions to the windows crate HOT 1
- [New Feature] `maketoken`/`rev2self` HOT 1
- [Release] Damascus 1.2.0 HOT 2
- [New Feature] `exfil` HOT 1
- [Docs/Wiki] Contribution Guide HOT 3
- [Bug] `main.py` does not check for or confirm the `LAUNCH_APP` config option. HOT 1
- [New Feature] `getsystem` HOT 1
- [New Feature] Upload via Cloud Storage HOT 2
- [New Feature] COFF loader HOT 1
- Modularize Notion Interaction
- `Channel` Trait for other LOTS channels
- `ChannelConfig`
- `notion_out!` -> `command_out!` HOT 1
- inject shellcode error HOT 5
- Will selfdestruct affect persist? HOT 1
- OPSEC Offensive Notion HOT 1
- GitHub Channel
- [Bug]Hello, windows proxy generation failed, the following is the error message, can you help solve it HOT 3
- Agent-Listener Communication HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from offensivenotion.