Empire icon indicating copy to clipboard operation
Empire copied to clipboard

Published 20 hours ago verified publisher icon BC-SECURITY

[BUG] Invoke-ReflectivePEInjection unable to run python-PE's

Open githubkuyaya opened this issue 4 years ago • 2 comments

Empire Version

  • 3.5.2

OS Information (Linux flavor, Python version)

  • OS: Microsoft Windows [Version 10.0.18363.1139]
  • Python:

Describe the bug

Invoke-ReflectivePEInjection is not able to run python-PE's

To Reproduce

  1. Create a simple Hello World python program. I used pyinstaller -F to compile it. It should work when you run it normally.
  2. . ./Invoke-ReflectivePEInjection
  3. Invoke-ReflectivePEInjection -PEPath .\HelloWorld.exe
  4. Now, the following error should occur: [4972] Cannot open self C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe or archive C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.pkg

Expected behavior

The python program should be started normally

Screenshots

pe

Additional context

No additional context

githubkuyaya avatar Oct 25 '20 10:10 githubkuyaya

Just so we know what to test later this week. Can you update this to include the version of Empire and Windows (including build)? Thanks.

Cx01N avatar Oct 30 '20 18:10 Cx01N

Done :).

githubkuyaya avatar Nov 01 '20 11:11 githubkuyaya