Giters

nettitude / PoshC2

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] - enable-rotation in implant issue

ptf569 opened this issue · comments

commented

Description

When trying to enable the communications rotation feature the implant returns an error.

Execution Environment:

All of this must be filled in

Data Value
Full Posh version (all the text between the === at the top of the Implant Handler) PoshC2 Zip (2a8a045 2024-01-15 13:32:27)
OS & version Ubuntu 22.04.3 LTS
Using Docker/containerisation? No

Implant Info

  • What implant does the problem occur on?: Sharp_v4_x64_Shellcode.bin
  • How was the implant created? Execution through both a custom Shellcode runner and a custom exe

Defensive Technologies

  • Is the target environment running any particular defensive products? Build in Windows Defender

To Reproduce

Steps to reproduce the behaviour:

  1. Establish beacon
  2. In Posh Console, select implant
  3. type command enable rotation
  4. when prompted for Domain or URL in array format: enter "https://domain1.com","https://domain2.com","https://domain3.com"
  5. when prompted for Domain front URL in array format: enter: "domain1.com","domain2.com","domain3.com"
  6. error returned by implant:
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Config.Manager, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Core, Version=2.273.923.9, Culture=neutral, PublicKeyToken=null
Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

   at Core.Common.Comms.GetDropperAssembly()
   at Core.Common.Comms.GetDropperAssembly()
   at Core.Common.Comms.GetTaskId()
   at Core.Common.Comms.Exec(String output, Byte[] outputBytes, String taskId)
   at Core.Common.Comms.DFUpdate(String commaSeperatedHostHeaders)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Core.Program.Run(List`1 args)
   at Core.Program.Main(String[] args)'

Expected behaviour

Expect the beacon to start rotating communication via the given domains

commented

Nah