Bilal
Bilal
Hey @XiaoliChan, unfortunately I don’t have a specific reference for this as it’s a bit messy and gathered from multiple sources. However, this tool 'Active@ Disk Editor' has been really...
Thanks @NeffIsBack, for decoding the code, it uses only base64, you can decode it directly yourself using Cyberchef from here https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true,false)Decode_text('UTF-16LE%20(1200)')&oenc=65001 What the code does is creating a function that...
@mpgn i don't think so as the main function that is being executed in the DC is "CreateFile" to read at specific offset, unless it has some weird edge case....
@Dfte, it is a good idea to do that, i tried to do it yesterday thought it will be quick. but since the module requires the `connection` class in order...
@Dfte i don't think they are stored there, but if you find a way to get the offset from there i think it would be good to have it. But...
@mpgn yea that is helpful, i will try to check some examples from Netexec and do the same.
@mpgn i've added it
Can your please share the --debug output.
@mpgn Also try changing the executing method `--exec-method smbexec` or to another one.
I have updated the pull to sync with the main repo, making it work again. As for @mpgn , I was unable to reproduce the issue so far.