AdrianVollmer/PowerHub

issue with Run-EXE

zflemingg1 opened this issue · 2 comments

Hi,

I am having issues with the example provided for run-exe with a meterpreter exe. I get an error about DEP compatibility and then it closes the powershell window. Am I doing something wrong?

PowerShellMafia/PowerSploit#362 not sure if this is similar

Maybe it's also related to this: EmpireProject/Empire#415

Run-Exe is just a wrapper for Invoke-ReflectivePEInjection after all. We could also expose the -ForceASLR flag, maybe that will help. No promises though.

However, if your goal is to run Meterpreter and your target system has access to web services on your machine, I'd recommend checking out the web_delivery module of Metasploit. Very easy to use, very powerful. I used to use this in combination with PowerHub's Clip-Exec feature before web_delivery caught up with their AMSI bypass.

Actually the flag -ForceASLR is already applied by default.

You don't say exactly, but the error is actually a warning from what I can tell. The exact phrasing is "WARNING: PE is not compatible with DEP, might cause issues", right? Since it's only a warning, I'm not sure this is an issue. The window closing can be a sign that the anti virus interfering. Or it could be meterpreter closing the window and the exe us actually run correctly. Either way, it could be lots of things going on.

Since I believe this is an issue of PowerSploit, I'm closing this.