public/powerstager
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

Win10 Creators build - Powershell crashing #5

New Issue
Open
opened 2017-05-12 09:05:08 +02:00 by St3v3a · 4 comments
St3v3a commented 2017-05-12 09:05:08 +02:00 (Migrated from github.com)
Copy Link

Tried to run on latest W10 build but did not appear to work. So have tried running .ps1 locally as Admin and causes Powershell to crash..

Tried W32 & w64

Tried to run on latest W10 build but did not appear to work. So have tried running .ps1 locally as Admin and causes Powershell to crash.. Tried W32 & w64
z0noxz commented 2017-05-14 16:34:23 +02:00 (Migrated from github.com)
Copy Link

This might be due to different things. Have you tried the exact same .ps1 on other systems with success? If you are using meterpreter (or rather the msf stager injection), what payload are you staging from the msf console i.e. "/windows/x64/meterpeter/reverse_tcp"? What build number of W10 are you trying on? If you have used a private/gray IP in the payload, and nothing that could compromise your privacy or identity, could you paste the .ps1 here? Are you using the last source of PowerStager, as I recently made an uploaded of a fix for addresses containing zeroes (865b5dc9f6)?

This might be due to different things. Have you tried the exact same .ps1 on other systems with success? If you are using meterpreter (or rather the msf stager injection), what payload are you staging from the msf console i.e. "/windows/x64/meterpeter/reverse_tcp"? What build number of W10 are you trying on? If you have used a private/gray IP in the payload, and nothing that could compromise your privacy or identity, could you paste the .ps1 here? Are you using the last source of PowerStager, as I recently made an uploaded of a fix for addresses containing zeroes (https://github.com/z0noxz/powerstager/commit/865b5dc9f6384482228416e8da6f17414d8d7534)?
Bry-fi commented 2017-05-31 22:26:12 +02:00 (Migrated from github.com)
Copy Link

Can say I am having the same issue. Ever since the creator update powerstager will not create a session with meterpreter.

Can say I am having the same issue. Ever since the creator update powerstager will not create a session with meterpreter.
z0noxz commented 2017-06-04 12:55:16 +02:00 (Migrated from github.com)
Copy Link

I now have the latest build of Windows 10 in my lab. I initially had the same issue, but later got it to work. I think it's some of the PowerShell obfuscation that is the reason behind this issue. I'm currently working on a new release of PowerStager that I hopefully will commit to this repo very soon, with a new obfuscation engine (that also is optional) that might solve this issue.

I now have the latest build of Windows 10 in my lab. I initially had the same issue, but later got it to work. I think it's some of the PowerShell obfuscation that is the reason behind this issue. I'm currently working on a new release of PowerStager that I hopefully will commit to this repo very soon, with a new obfuscation engine (that also is optional) that might solve this issue.
z0noxz commented 2017-06-10 12:20:43 +02:00 (Migrated from github.com)
Copy Link

A new version is released. Could you try and see if the new one works for you? @steveatco @Bry-fi

A new version is released. Could you try and see if the new one works for you? @steveatco @Bry-fi
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
xnoxz
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: public/powerstager#5
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?