Suggestion:Implement a way to return the output and prevent termination of parent

[Zer0-Tolerance]

When executed in memory using .Net reflection using a similar technique
as this : https://jimshaver.net/2018/07/25/safetykatz-over-net/#more-661 I encountered the following issue:

1. I can't seem to find a way to get the output from the calling program (btw it's the same issue for other GhostPack tools).
2. Once Safetykatz has finished its execution it also terminates the parent process (probably due to the usage of the PELoading technique)

Does it make sense ? Any idea ?

[aconite33]

I've encountered this issue as well. If you're following https://p16.praetorian.com/blog/running-a-.net-assembly-in-memory-with-meterpreter write up, and you try to execute from Meterpreter, it ends up killing your metasploit process. Not sure if there is a safe way around loading .NET without touching disk.