Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error on executable payload not handle correclty #1897

Closed
RomuDeuxfois opened this issue Nov 20, 2024 · 0 comments · Fixed by #1933 or OpenBAS-Platform/implant#21
Closed

Error on executable payload not handle correclty #1897

RomuDeuxfois opened this issue Nov 20, 2024 · 0 comments · Fixed by #1933 or OpenBAS-Platform/implant#21
Assignees
@damgouj
Labels
bug use for describing something not working as expected solved The issue has been solved
Milestone
Release 1.9.1

Comments

@RomuDeuxfois
Copy link
Member

Description

When I launch an executable file and there are an error in the execution, the inject status is: INJECT EXECUTED.

My payload:

$url = "https://redcanary.com/wp-content/uploads/Atomic-Red-Team-Logo.png"
$imgLocation = "$env:TEMP\T1491.001-newWallpaper.png"
$orgWallpaper = "C:\Users\RomualdLemesle\Pictures\joker-batman-the-dark-knight-heath-ledger-wallpaper-preview.jpg"
$orgWallpaper | Out-File -FilePath "$env:TEMP\T1491.001-OrginalWallpaperLocation"
$updateWallpapercode = @'
using System.Runtime.InteropServices;
namespace Win32{

    public class Wallpaper{
        [DllImport("user32.dll", CharSet=CharSet.Auto)]
         static extern int SystemParametersInfo (int uAction , int uParam , string lpvParam , int fuWinIni) ;
         
         public static void SetWallpaper(string thePath){
            SystemParametersInfo(20,0,thePath,3);
        }
    }
}
'@

$wc = New-Object System.Net.WebClient
try {
    $wc.DownloadFile($url, $imgLocation)

    # Vérifier et ajouter le type si nécessaire
    if (-not ("Win32.Wallpaper" -as [type])) {
        Add-Type -TypeDefinition $updateWallpapercode
    }

    [Win32.Wallpaper]::SetWallpaper($imgLocation)
}
catch [System.Net.WebException] {
    Write-Host("Cannot download $url")

    if (-not ("Win32.Wallpaper" -as [type])) {
        Add-Type -TypeDefinition $updateWallpapercode
    }

    [Win32.Wallpaper]::SetWallpaper($imgLocation)
}
finally {
    $wc.Dispose()
}

The result in UI:
Image

The log:

{"timestamp":"2024-11-20T11:07:31.992308Z","level":"INFO","fields":{"message":"Starting OpenBAS implant 1.8.1 production","log.target":"openbas_implant","log.module_path":"openbas_implant","log.file":"src\\main.rs","log.line":152},"target":"openbas_implant"}
{"timestamp":"2024-11-20T11:07:32.098651Z","level":"INFO","fields":{"message":"file execution execution: \"wallpaper.ps1\"","log.target":"openbas_implant::handle::handle_file","log.module_path":"openbas_implant::handle::handle_file","log.file":"src\\handle\\handle_file.rs","log.line":18},"target":"openbas_implant::handle::handle_file"}
{"timestamp":"2024-11-20T11:07:33.359553Z","level":"INFO","fields":{"message":"file execution execution stdout: \"\"","log.target":"openbas_implant::handle::handle_execution","log.module_path":"openbas_implant::handle::handle_execution","log.file":"src\\handle\\handle_execution.rs","log.line":18},"target":"openbas_implant::handle::handle_execution"}
{"timestamp":"2024-11-20T11:07:33.359573Z","level":"INFO","fields":{"message":"file execution execution stderr: \"\"","log.target":"openbas_implant::handle::handle_execution","log.module_path":"openbas_implant::handle::handle_execution","log.file":"src\\handle\\handle_execution.rs","log.line":19},"target":"openbas_implant::handle::handle_execution"}
@RomuDeuxfois RomuDeuxfois added bug use for describing something not working as expected needs triage use to identify issue needing triage from Filigran Product team labels Nov 20, 2024
@EllynBsc EllynBsc removed the needs triage use to identify issue needing triage from Filigran Product team label Nov 20, 2024
@EllynBsc EllynBsc added this to the Bugs backlog milestone Nov 20, 2024
@damgouj damgouj self-assigned this Nov 21, 2024
This was referenced Nov 27, 2024
Merged
Merged
@damgouj damgouj linked a pull request Nov 27, 2024 that will close this issue
[implant] Handle errors for payloads OpenBAS-Platform/implant#21
Merged
5 tasks
damgouj added a commit that referenced this issue Dec 3, 2024
@damgouj
[backend] Handle errors for payloads (#1897)
d0b1c67
@RomuDeuxfois RomuDeuxfois added the solved The issue has been solved label Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@damgouj damgouj

Labels
bug use for describing something not working as expected solved The issue has been solved
Projects
None yet
Milestone
Release 1.9.1
3 participants
@EllynBsc @RomuDeuxfois @damgouj