Comments (24)
Hello,
Does this happen constantly or if you re-run the command will work fine? I just test your command out and seem to work, so more info would be helpful. Also the -I field only takes raw shellcode, not a binary.
_________ _________
/ _____/ ____ _____ _______ ____ \_ ___ \_______ ______ _ __
\_____ \_/ ___\\__ \\_ __ \_/ __ \/ \ \/\_ __ \/ _ \ \/ \/ /
/ \ \___ / __ \| | \/\ ___/\ \____| | \( <_> ) /
/_______ /\___ >____ /__| \___ >\______ /|__| \____/ \/\_/
\/ \/ \/ \/ \/
(@Tyl0us)
“Fear, you must understand is more than a mere obstacle.
Fear is a TEACHER. the first one you ever had.”
[*] Encrypting Shellcode Using AES Encryption
[+] Shellcode Encrypted
[*] Creating an Embedded Resource File
[+] Created Embedded Resource File With libcrypto's Properties
[*] Compiling Payload
[+] Payload Compiled
[*] Signing libcrypto.dll With a Fake Cert
[+] Signed File Created
[*] Creating Loader
[+] Loader Compiled
from scarecrow.
I tried running the same command several times again, this time making sure to input raw shellcode. However, the result was the same every time I tried it. Can I help in any other way?
from scarecrow.
did you download the sourcecode.zip in releases or use a gitclone? if you used the sourcecode.zip try a git clone.
from scarecrow.
Interesting. I used the source code from your 2.3 release when I had these errors. Now that I cloned main I no longer get the errors! It seems there is something wrong with the 2.3 release. Thanks for suggesting the cloning! I can now start the testing of your tool which I very much look forward to!
from scarecrow.
No problem that’s what I was thinking the issue. Looks like I’ll have to re-release it.
from scarecrow.
Have the same issues using both clone and sourcode.zip
from scarecrow.
Seems odd if it’s both… please paste the exact command and output thank you
from scarecrow.
Hello, thanks for ScareCrow)
I have the same problem.
I used:
sudo ./ScareCrow -I GfxValDisplayLog.bin -valid my_cert.cer -password ***** -domain www.microsoft.com
and get error 255.
I used "git clone"
/ / ____ _____ _______ ____ _ ___ __ ______ _ __
_____ _/ \ \ __ _/ __ / \ /_ __ / _ \ / / /
/ \ ___ / __ | | /\ /\ _| | ( <> ) /
/______ /___ >____ /| _ >______ /|| __/ /_/
/ / / / /
(@Tyl0us)
“Fear, you must understand is more than a mere obstacle.
Fear is a TEACHER. the first one you ever had.”
[] Encrypting Shellcode Using AES Encryption
[+] Shellcode Encrypted
[] Creating an Embedded Resource File
[+] Created Embedded Resource File With Outlook's Properties
[] Compiling Payload
[+] Payload Compiled
[] Signing Outlook.exe With a Valid Cert my_cert.cer
2021/09/30 17:54:12 cmd.Run() failed with exit status 255
from scarecrow.
hey @Lexati you need to use a .pfx. You can convert your .cer into a .pfx
from scarecrow.
@Tylous Ok, i converted into pfx, but also i got same error (255)
~/Documents/ScareCrow$ **./ScareCrow -I GfxValDisplayLog.bin -domain www.microsoft.com -valid bob_pfx.pfx -password *******
/ / ____ _____ _______ ____ _ ___ __ ______ _ __
_____ _/ \ \ __ _/ __ / \ /_ __ / _ \ / / /
/ \ ___ / __ | | /\ /\ _| | ( <> ) /
/______ /___ >____ /| _ >______ /|| __/ /_/
/ / / / /
(@Tyl0us)
“Fear, you must understand is more than a mere obstacle.
Fear is a TEACHER. the first one you ever had.”
[] Encrypting Shellcode Using AES Encryption
[+] Shellcode Encrypted
[] Creating an Embedded Resource File
[+] Created Embedded Resource File With Excel's Properties
[] Compiling Payload
[+] Payload Compiled
[] Signing Excel.exe With a Valid Cert bob_pfx.pfx
2021/10/05 17:45:00 cmd.Run() failed with exit status 255
from scarecrow.
@Tylous I think, that i have a problem because my VM host around the proxy.
Tell my please how i can use a proxy?
I tested:
**https_proxy=http://33.33.33.33:4444 ./ScareCrow -I GfxValDisplayLog.bin -domain www.microsoft.com -valid bob_pfx.pfx -password *********
but it didn't work....
from scarecrow.
Using -domain flag with the -valid flag together won't work. If you are using a valid cert use just the -valid and -password flag. If your -domain flag and there is a proxy then that's a different issue. Proxy stuff like proxychains doesn't work well with go because go doesn't libc. I would suggest compiling the executable somewhere and transferring it over.
from scarecrow.
@Tylous Ok, but whithout "-domain" a get new error =((
p.s in last version also this problem
from scarecrow.
Sorry for the delay, I see the problem its an issue the the argument checks if you disable
if opt.domain == "" {
log.Fatal("Error: Please provide a domain in order to generate a code signing certificate")
}
At line 154 and recompile it this it wont be a problem. I will releasing a new version tomorrow that address this issue.
from scarecrow.
Fixed in patch 3.0
from scarecrow.
@Tylous Hello, I disable this string and also get error 255. But:
I put my pfx file in all dir, which random generate in progress create payload.. One of dir is Powerpnt.
And then random create payload for Powerpnt, i get succsess work
I learning your code and i think, that problem in file limelighter.go
In function SignExecutable. Possible the path to the file "pfx "may be incorrectly specified during execution
Early, I had the pfx file in the root ScareCrow.
I don't develop on go, but it seems to me that this may be the problem, please check =)))
Thanks very much)
from scarecrow.
So based on your picture it worked. You wouldn't have the message "Signed File Created" Or "Binary Compiled' if it failed. If you are still having this issue can you please try with the latest version and post the exact output (you can blur any sensitive data in the photo I just need to see the full picture)
from scarecrow.
@Tylous Hello, i download new version and get new error))
from scarecrow.
So you need to update your version of go. Check out https://golang.org/
from scarecrow.
@Tylous If you see on screen, you can see that i used command "go version". My version 1.17,I specifically updated before write a report.
from scarecrow.
I am sorry I miss understanding your image then. As you can see with the image below it works just fine for me and I am on 1.17.1.
Can you try 1.17.1 and see if you're still getting that issue.
from scarecrow.
@Lexati I had the same problem, I guess you just replaced the go and gofmt binaries, that's not enough.
I fixed the problem this way:
type go
In my case the output was : /usr/local/go/bin/go
I downloaded the new version and replaced the full directory:
curl -L https://golang.org/dl/go1.17.2.linux-amd64.tar.gz --output golang.tar.gz
rm -rf /usr/local/go/
tar -xvf golang.tar.gz
cp -R go/ /usr/local/go/
from scarecrow.
Is this still an issue? I haven't been able to recreate this. The only time this would occur is if the older version of go is still present.
from scarecrow.
su root
./ScareCrow_3.01_linux_amd64 -I 1.bin -domain www.google.com
Can be solved cmd.Run() failed with exit status 255
from scarecrow.
Related Issues (20)
- Windows 10 bug HOT 3
- Windows defender new sandbox HOT 3
- Newest version v4.1 not working with msfvenom payload HOT 7
- Binary loader build HOT 5
- New Feature Request - ProxyAware
- '.exp' files are not the compiled Go files HOT 3
- panic: Call to VirtualProtect failed!!!!! HOT 4
- Delivery HTA with Loaders Control or Wscript not working HOT 12
- cmd.Run() failed with exit status 0xffffffff HOT 5
- Output to the user is incorrect when using the -O <file> option HOT 1
- runtime.cgocall() Issue HOT 2
- Is this project still working? experiencing issues loading several shellcodes HOT 11
- Output Types HOT 2
- Windows executables not in PATH HOT 8
- ProcessInjection crashes HOT 5
- Doc, docx, rtf HOT 1
- cmd.Run() failed with exit status 0xc0000135 HOT 4
- Still having issues with cmd.Run() failed with exit status 255 HOT 1
- Add Go Lib Requirement
- Errors running ScareCrow. Exit status 128 and exit status 255 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scarecrow.