What settings do I need for the Windows server environment

[duongdt21]

I did it on virtualized environment using the Poc you provided. However it always ends with "Stage0:0". Am I missing any step? When using process monitor I see my dll has been included but nothing happens. Thank you very much.

[aaminin]

try use x64 payload

[duongdt21]

yes i'm using windows server 2016 and x64 payload

[aaminin]

try disable defender

[duongdt21]

I also turned it off. When I print exception, it shows error: RPRN SessionError: code: 0x3 - ERROR_PATH_NOT_FOUND - The system cannot find the path specified.

[aaminin]

What path print script in pDriverPath section? Does this path exist on system?

[duongdt21]

pDriverPath found in my windows. While running poc my dll file was also written to System32/spool/drivers/x64/3.

[aaminin]

magic!
try use my dll-payload:

#include <windows.h>

int owned()
{
  WinExec("cmd.exe /c \"calc.exe\"",0);
   return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  owned();
  return 0;
}

Linux build:
x86_64-w64-mingw32-g++ -c -DBUILDING_EXAMPLE_DLL test.cpp
x86_64-w64-mingw32-g++ -shared -o test.dll test.o -Wl,--out-implib,test.a
find process:
calc.exe or win32calc.exe

[FuckAllWorld]

I also turned it off. When I print exception, it shows error: RPRN SessionError: code: 0x3 - ERROR_PATH_NOT_FOUND - The system cannot find the path specified.

RPRN SessionError: code: 0x3 - ERROR_PATH_NOT_FOUND,same problem,how to solve?

[duongdt21]

I used your Poc dll. However it still gives error :( Can I ask for the version of Windows you use test ?

[aaminin]

windows server 2016 and windows server 2019

[duongdt21]

Yes. I am also using windows 2019 10.0.17763.737 :((

[citronneur]

See #25