You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug inject self will kill the Notion agent if the injection happens but no session spawns. If you inject meterpreter shellcode but no multi/handler is up to catch it, for example.
To Reproduce
Host shellcode
Do not run a multi/handler
Perform self injection
Expected behavior
The agent should handle this and exit from the CreateThread injection routine alive.
The text was updated successfully, but these errors were encountered:
HuskyHacks
changed the title
[Bug] CreateThread kill the Notion agent if there's no handler to catch the shellcode shell
[Bug] CreateThread kills the Notion agent if there's no handler to catch the shellcode shell
Mar 6, 2022
Reproduced under different conditions: I made some Cobalt Strike shellcode, tried to overwrite it, but ended up saving 0 bytes to a file by accident. When the self-injection happened, the agent "decoded" the 0 bytes, mapped the 0 bytes into memory, executed the thread, and died hard. Noted
Possible solution for this iteration: check to make sure there are more than 0 bytes during the shellcode download
I just had a eureka moment and I think this might happen because msfvenom generated shellcode defaults to ExitFunc=process. I will test this with ExitFunc=thread and see if that alters the behavior.
The second bug I mentioned (agent dies because of size 0 buffer of shellcode) is still something we need to handle.
I noticed that the script in the wiki uses Exitfunc=thread as an argument and it still kills the agent in the event of an unsuccessful self injection (this time it was a mismatch of B64 iterations given during decode) so that smashes my hypothesis to bits.
Describe the bug
inject self
will kill the Notion agent if the injection happens but no session spawns. If you inject meterpreter shellcode but no multi/handler is up to catch it, for example.To Reproduce
Host shellcode
Do not run a multi/handler
Perform self injection
Expected behavior
The agent should handle this and exit from the CreateThread injection routine alive.
The text was updated successfully, but these errors were encountered: