Support Upload.
TeachMeJavaTonight opened this issue · 4 comments
If we can use upload to transfer files to the memfile folder, it would be great when used in conjunction with the -local parameter of Inline-Execute-PE! I'm not sure if I understand correctly.
I noticed in the readme that bupload_raw is required, and I was happy to have succeeded. However, when uploading files larger than 1MB, Beacon crashed. So I switched to a file of about 90k and uploaded it successfully. And using memlist, I successfully found the existence of the file. But when working with inline-execute-pe --local, the following situation occurred.
After observation, inline-execute-pe can indeed read files in redteam, but there is a problem when mapping pe into memory.
https://github.com/Octoberfest7/Inline-Execute-PE/blob/481a8901df5d7518dc548bdbd7b5b537b91f9641/Inline-Execute-PE/peload.c#L92
Due to the complexity of your project, I hope to receive your assistance.
I'm not sure I understand your point here. Inline-Execute-PE used without the local flag sends the PE over the network and loads it into memory within the beacon for use; the same as if you were to upload it into beacon memory using memfiles, and then try and load it using inline-execute-PE with the local flag. You aren't achieving anything that isn't already possibly by design with inline-execute-pe alone
I'm very sorry that I didn't read the description of the inline-execute-pe function carefully. Now I know that PE runs in its own thread, which is great. Previously, I mistakenly thought that PE would run in conhost.exe, so I had this misunderstanding and feel really sorry about it. Thumbs up again for your project! I will close this comment.