Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Arguments do not get passed
See original GitHub issueWhen running a base64 encoded file via command line, arguments are not appropriately passed to the execution of the command of some binaries.
I have used net.exe just fine, however Mimikatz and CheekyBlinders both do not get arguments passed appropriately.
RunPE Version: Latest
OS: Windows 10
Build: OS Version: 10.0.19045 N/A Build 19045
Example running Mimikatz (latest):
[…snippet…]
As you can see, the execution of the PE works, however the arguments passed are not passed on to the PE.
I am using our C2 to wrap this functionality and passing the arguments, however they do not get executed.
I have also tried the CheekyBlinders (https://github.com/br-sn/CheekyBlinder) PE file, which results in the same issue of arguments not being passed to the PE binary.
You can see executing directly from the file works in both cases
Mimikatz:
[…snippet…]
Notice the highlighted area, where Mimikatz is being passed the Argument 0 instead of just coffee and exit
CheekyBlinders:
[…snippet…]
Note CheekyBlinders doesn’t even execute correctly, however this may because again of the argv[0] being passed instead of argv[1]
Issue Analytics
- State:
- Created 9 months ago
- Comments:25 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@m0rv4i I can confirm that the behavior is same in our C2 (Not publicly available) as it is in CLI form.
@benpturner can you provide a build exe that you are using? I just want to make sure it’s not a compiling issue on my side.