FireStage1 works only with nohide

[Spycial]

When i try to use FireStage1 the powershell just disappears randomly but with nohide it works?? EDIT: I think the problem is that because when the window gets resized it disappears 100% so the payload cannot type anymore there.

[Swiftb0y]

P4wnP1 prepends a stager that moves the powershell window off the screen so it can type the long payload with anybody noticing instantly by just looking at the screen. Even though the windows isn't visible anymore, it should still be focused. It probably fails either because the window looses focus for some reason and the keystrokes just "disappear", or because some security measure (eg AV) notices that the window was moved off screen and terminates the process... I'm just speculating though. Are you sure that the injection actually fails without nohide?

[ghost]

so yeah you can just use nexmon additions, you'll find it on github

On Sat, Feb 2, 2019 at 8:35 PM Swiftb0y [email protected] wrote:

P4wnP1 prepends a stager that moves the powershell window off the screen so it can type the long payload with anybody noticing instantly by just looking at the screen. Even though the windows isn't visible anymore, it should still be focused. It probably fails either because the window looses focus for some reason and the keystrokes just "disappear", or because some security measure (eg AV) notices that the window was moved off screen and terminates the process... I'm just speculating though. Are you sure that the injection actually fails without nohide?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mame82/P4wnP1/issues/284#issuecomment-459988369, or mute the thread https://github.com/notifications/unsubscribe-auth/AsuZxqdGAzzLOliDfcKAORzg-9JGdN_uks5vJdp_gaJpZM4adsIL .

[r41nm4k3r]

I am facing the same problem. I run the Firestage1 with nohide parameter and it works just fine. How do i use the nexmon additions?