Skip to content

[BUG] - enable-rotation in implant issue #289

New issue
New issue
Open
Open
[BUG] - enable-rotation in implant issue#289
Labels
bugSomething isn't working
@ptf569

Description

@ptf569
ptf569
opened on Jan 17, 2024

Description

When trying to enable the communications rotation feature the implant returns an error.

Execution Environment:

All of this must be filled in

Data Value
Full Posh version (all the text between the === at the top of the Implant Handler) PoshC2 Zip (2a8a045 2024-01-15 13:32:27)
OS & version Ubuntu 22.04.3 LTS
Using Docker/containerisation? No

Implant Info

  • What implant does the problem occur on?: Sharp_v4_x64_Shellcode.bin
  • How was the implant created? Execution through both a custom Shellcode runner and a custom exe

Defensive Technologies

  • Is the target environment running any particular defensive products? Build in Windows Defender

To Reproduce

Steps to reproduce the behaviour:

  1. Establish beacon
  2. In Posh Console, select implant
  3. type command enable rotation
  4. when prompted for Domain or URL in array format: enter "https://domain1.com","https://domain2.com","https://domain3.com"
  5. when prompted for Domain front URL in array format: enter: "domain1.com","domain2.com","domain3.com"
  6. error returned by implant:
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Config.Manager, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Core, Version=2.273.923.9, Culture=neutral, PublicKeyToken=null
Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

   at Core.Common.Comms.GetDropperAssembly()
   at Core.Common.Comms.GetDropperAssembly()
   at Core.Common.Comms.GetTaskId()
   at Core.Common.Comms.Exec(String output, Byte[] outputBytes, String taskId)
   at Core.Common.Comms.DFUpdate(String commaSeperatedHostHeaders)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Core.Program.Run(List`1 args)
   at Core.Program.Main(String[] args)'

Expected behaviour

Expect the beacon to start rotating communication via the given domains

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions