BishopFox
Crazy behaviour
Compile from sources current version of Sliver P.S. Yes, I'm aware of the warnings, I was just trying to point out the current behavior in the source code.
IT'S CRAZY or i am really doing something wrong:
for example using sharpsh armory - insert hell Unicode and C# symbols
With another way mimikatz did not work - just push svchost path as prompt (try everything mimikatz -- "coffee" OR mimikatz -- coffee too):
What's up with deleting entire lines instead of individual characters using CLI? That's ridiculously inconvenient!
Armory modules only produce output when run with the --in-process flag; otherwise, there is absolutely no result.
I believe this might have to do with the fact that strings in Go are not null-escaped. This causes the strings to continue untill a null character is found.
A fix would require all strings sent to BOFs and Extensions to be explicitly null-escaped.
We're in a transition with extensions. The whole extension manifest has been revamped for 1.6, but most of the extensions in the armory are not compatible with that yet (to avoid breaking things for people using releases versions). The new extension model uses the same BOF argument parser/packer than the BOFs use, which imposes the extensions authors to add that logic to their extensions.
For the assembly, it seems there was an issue while loading it, per the HRESULT you got (maps to System.Reflection.TargetInvocationException from a quick Google search). Not sure what happened here, could be a bug in the lib we're using, or could be a security product partially blocking the load.
Getting this same behaviour with sharpsh.
Changing arguments order seems to work!?
