From 4930313e4130505c359da14ad9c0b7203a26e9cf Mon Sep 17 00:00:00 2001 From: root Date: Tue, 14 Feb 2017 05:48:42 -0500 Subject: [PATCH 1/3] Added [string] to fix --- Exfiltration/Get-TimedScreenshot.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Exfiltration/Get-TimedScreenshot.ps1 b/Exfiltration/Get-TimedScreenshot.ps1 index 89eceb04..02a52a91 100644 --- a/Exfiltration/Get-TimedScreenshot.ps1 +++ b/Exfiltration/Get-TimedScreenshot.ps1 @@ -55,7 +55,7 @@ https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Get-Timed $VideoController = Get-WmiObject -Query 'SELECT VideoModeDescription FROM Win32_VideoController' - if ($VideoController.VideoModeDescription -and $VideoController.VideoModeDescription -match '(?^\d+) x (?\d+) x .*$') { + if ($VideoController.VideoModeDescription -and [String] $VideoController.VideoModeDescription -match '(?^\d+) x (?\d+) x .*$') { $Width = [Int] $Matches['ScreenWidth'] $Height = [Int] $Matches['ScreenHeight'] } else { From 5c465a5bfe713d41ec5d383ddeb5b2765a2dd4e2 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 14 Feb 2017 18:34:55 -0500 Subject: [PATCH 2/3] Fixed DllCharacteristicsType to int conversio on Windows Windows 10.0.14393 --- Exfiltration/Invoke-CredentialInjection.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 Exfiltration/Invoke-CredentialInjection.ps1 diff --git a/Exfiltration/Invoke-CredentialInjection.ps1 b/Exfiltration/Invoke-CredentialInjection.ps1 old mode 100644 new mode 100755 index d6f3c4cf..0d1b8ae0 --- a/Exfiltration/Invoke-CredentialInjection.ps1 +++ b/Exfiltration/Invoke-CredentialInjection.ps1 @@ -2416,12 +2416,12 @@ function Invoke-CredentialInjection $PEInfo = Get-PEBasicInfo -PEBytes $PEBytes -Win32Types $Win32Types $OriginalImageBase = $PEInfo.OriginalImageBase $NXCompatible = $true - if (($PEInfo.DllCharacteristics -band $Win32Constants.IMAGE_DLLCHARACTERISTICS_NX_COMPAT) -ne $Win32Constants.IMAGE_DLLCHARACTERISTICS_NX_COMPAT) + if (([int]$PEInfo.DllCharacteristics -band $Win32Constants.IMAGE_DLLCHARACTERISTICS_NX_COMPAT) -ne $Win32Constants.IMAGE_DLLCHARACTERISTICS_NX_COMPAT) { Write-Warning "PE is not compatible with DEP, might cause issues" -WarningAction Continue $NXCompatible = $false } - + Write-Verbose "if: done" #Verify that the PE and the current process are the same bits (32bit or 64bit) $Process64Bit = $true @@ -2474,7 +2474,7 @@ function Invoke-CredentialInjection Write-Verbose "Allocating memory for the PE and write its headers to memory" [IntPtr]$LoadAddr = [IntPtr]::Zero - if (($PEInfo.DllCharacteristics -band $Win32Constants.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) -ne $Win32Constants.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) + if (([int]$PEInfo.DllCharacteristics -band $Win32Constants.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) -ne $Win32Constants.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) { Write-Warning "PE file being reflectively loaded is not ASLR compatible. If the loading fails, try restarting PowerShell and trying again" -WarningAction Continue [IntPtr]$LoadAddr = $OriginalImageBase From 7885f28028d5a6642eb09e3b372ea574298f2c97 Mon Sep 17 00:00:00 2001 From: okazymyrov Date: Tue, 14 Feb 2017 18:40:34 -0500 Subject: [PATCH 3/3] Deleted an extra Write-Verbose --- Exfiltration/Invoke-CredentialInjection.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Exfiltration/Invoke-CredentialInjection.ps1 b/Exfiltration/Invoke-CredentialInjection.ps1 index 0d1b8ae0..c7b0b045 100755 --- a/Exfiltration/Invoke-CredentialInjection.ps1 +++ b/Exfiltration/Invoke-CredentialInjection.ps1 @@ -2421,7 +2421,6 @@ function Invoke-CredentialInjection Write-Warning "PE is not compatible with DEP, might cause issues" -WarningAction Continue $NXCompatible = $false } - Write-Verbose "if: done" #Verify that the PE and the current process are the same bits (32bit or 64bit) $Process64Bit = $true