PEASS-ng icon indicating copy to clipboard operation
PEASS-ng copied to clipboard

Published 20 hours ago verified publisher icon peass-ng

winpeas crashes when run using PsExec and log option is specified

Open Doctor-Venom opened this issue 2 years ago • 1 comments

Issue description

running winPEASany.exe with PSEXEC and specifying the "log" option makes winpeas crash

Steps to reproduce the issue

The following works:

  1. "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe"""
  2. "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe -lolbas"""

But the following does not work:

  1. "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe log"""
  2. "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe log="c:/temp/out.txt""""
  3. "PsExec64.exe" -l -accepteula -nobanner ""winPEASany.exe -lolbas log""" the error returned by PsExec is "winPEASany.exe exited with error code 0." *Note that running winpeas without PsExec with the same arguments works normally.

If winpeas, did you use a clean or obfuscated winpeas, and for which architecture?

tried both clean and obfuscated winPEASany

Is there any AV / Threat protection in the system?

No

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

windows 10

Doctor-Venom avatar Jan 05 '22 20:01 Doctor-Venom

I have also tried another way (using powershell) to do the same, and got the same problem:

This works:

$pass = ConvertTo-SecureString 's3curedolboebP@ss69' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('pwnedfAGG',$pass)
Start-Process -FilePath "winPEASany.exe" -ArgumentList "-lolbas" -Credential $cred -WorkingDirectory "C:\"

But this does not:

$pass = ConvertTo-SecureString 's3curedolboebP@ss69' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('pwnedfAGG',$pass)
Start-Process -FilePath "winPEASany.exe" -ArgumentList "-lolbas log" -Credential $cred -WorkingDirectory "C:\"

and this one:

$pass = ConvertTo-SecureString 's3curedolboebP@ss69' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('pwnedfAGG',$pass)
Start-Process -FilePath "winPEASany.exe" -ArgumentList "-lolbas log='C:\Users\CO_TES~1\AppData\Local\Temp'" -Credential $cred -WorkingDirectory "C:\"

Doctor-Venom avatar Jan 06 '22 11:01 Doctor-Venom