PEASS-ng
PEASS-ng copied to clipboard
winpeas crashes when run using PsExec and log option is specified
Issue description
running winPEASany.exe with PSEXEC and specifying the "log" option makes winpeas crash
Steps to reproduce the issue
The following works:
- "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe"""
- "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe -lolbas"""
But the following does not work:
- "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe log"""
- "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe log="c:/temp/out.txt""""
- "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe -lolbas log""" the error returned by PsExec is "winPEASany.exe exited with error code 0." *Note that running winpeas without PsExec with the same arguments works normally.
If winpeas, did you use a clean or obfuscated winpeas, and for which architecture?
tried both clean and obfuscated winPEASany
Is there any AV / Threat protection in the system?
No
Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)
windows 10
I have also tried another way (using powershell) to do the same, and got the same problem:
This works:
$pass = ConvertTo-SecureString 's3curedolboebP@ss69' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('pwnedfAGG',$pass)
Start-Process -FilePath "winPEASany.exe" -ArgumentList "-lolbas" -Credential $cred -WorkingDirectory "C:\"
But this does not:
$pass = ConvertTo-SecureString 's3curedolboebP@ss69' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('pwnedfAGG',$pass)
Start-Process -FilePath "winPEASany.exe" -ArgumentList "-lolbas log" -Credential $cred -WorkingDirectory "C:\"
and this one:
$pass = ConvertTo-SecureString 's3curedolboebP@ss69' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('pwnedfAGG',$pass)
Start-Process -FilePath "winPEASany.exe" -ArgumentList "-lolbas log='C:\Users\CO_TES~1\AppData\Local\Temp'" -Credential $cred -WorkingDirectory "C:\"