raw payload doesnt work? #32
Comments
|
Hi @dobin, thank you for your report! Unfortunately, I'm not able to reproduce this issue. On KUbuntu 23.10 (which should not be much different from Ubuntu) with Python 3.11.6 and Nim 2.0.2, I am able to compile the payload without issue:
Subsequently, all of the payloads seem to work:
For testing, I used Nimplant's Could you try executing with the |
|
Starting the exe, and then issuing the following command to inject into a notepad.exe: Results in no more beacons: When executing the command, a new notepad editor appeared. It seems the original one (pid 6636) crashed, and a new one was started? (pid 13236). Reproducible. Trying to load it with my experimental loader: no connection Re-compiled it with "nim-debug": Same result Windows version: Nimplant Config: (probably because of this? as its the only "different" thing) |
|
I use 1.3: |
|
Hi @dobin, thanks for the additional debugging steps. I am still not able to reproduce this issue unfortunately. Your config looks alright for testing, so my best guess would be that it relates to the Windows version of the target. Although I did test 22H2 intensively prior, recent testing has been performed on later builds of Windows 11. Do you see any possibility of trying to reproduce your issue on different Windows builds? Potentially that could help us pinpoint where and why this crash is occurring. |
Add self-deleting implant for Rust
OS and version: Ubuntu 23, Win10
Python version: 3.11.4
Nim version: 2.0.2
Using Docker: No
Issue Description
After "NimPlant.py compile all", the exe works, but the .bin doesnt. Tried using shellcode runner https://github.com/hasherezade/pe_to_shellcode/tree/master/runshc compiled as 64bit, and a private one using fibers.
Screenshots
Start shellcode, then exe:
Result: Only exe gets a connection
Debugger doesnt show the actual line:
The text was updated successfully, but these errors were encountered: