Import upstream version 1.5.31+git20221214.0.17e102e
Kali Janitor
1 year, 5 months ago
279 | 279 |
extArgs = strings.TrimSpace(extArgs)
|
280 | 280 |
entryPoint := aliasManifest.Entrypoint
|
281 | 281 |
processArgsStr := ctx.Flags.String("process-arguments")
|
|
282 |
// Special case for payloads with pass to Donut (.NET assemblies and sideloaded payloads):
|
|
283 |
// The Donut loader has a hard limit of 256 characters for the command line arguments, so
|
|
284 |
// we're alerting the user that the arguments will be truncated.
|
282 | 285 |
if len(extArgs) > 256 && (aliasManifest.IsAssembly || !aliasManifest.IsReflective) {
|
283 | |
con.PrintWarnf(" Arguments are limited to 256 characters when using the default fork/exec model for .NET assemblies and non-reflective PE files.\nConsider using the --in-process flag to execute .NET assemblies in-process and work around this limitation.\n")
|
|
286 |
msgStr := ""
|
|
287 |
// The --in-process flag only exists for .NET assemblies (aliasManifest.IsAssembly == true).
|
|
288 |
// Groupping the two conditions together could crash the client since ctx.Flags.Type panics
|
|
289 |
// if the flag is not registered.
|
|
290 |
if aliasManifest.IsAssembly {
|
|
291 |
if !ctx.Flags.Bool("in-process") {
|
|
292 |
msgStr = " Arguments are limited to 256 characters when using the default fork/exec model for .NET assemblies.\nConsider using the --in-process flag to execute .NET assemblies in-process and work around this limitation.\n"
|
|
293 |
}
|
|
294 |
} else if !aliasManifest.IsReflective {
|
|
295 |
msgStr = " Arguments are limited to 256 characters when using the default fork/exec model for non-reflective PE payloads.\n"
|
|
296 |
}
|
|
297 |
con.PrintWarnf(msgStr)
|
284 | 298 |
confirm := false
|
285 | 299 |
prompt := &survey.Confirm{Message: "Do you want to continue?"}
|
286 | 300 |
survey.AskOne(prompt, &confirm, nil)
|
59 | 59 |
process := ctx.Flags.String("process")
|
60 | 60 |
processArgsStr := ctx.Flags.String("process-arguments")
|
61 | 61 |
processArgs := strings.Split(processArgsStr, " ")
|
|
62 |
inProcess := ctx.Flags.Bool("in-process")
|
62 | 63 |
|
63 | 64 |
runtime := ctx.Flags.String("runtime")
|
64 | 65 |
etwBypass := ctx.Flags.Bool("etw-bypass")
|
|
66 | 67 |
|
67 | 68 |
assemblyArgsStr := strings.Join(assemblyArgs, " ")
|
68 | 69 |
assemblyArgsStr = strings.TrimSpace(assemblyArgsStr)
|
69 | |
if len(assemblyArgsStr) > 256 {
|
|
70 |
if len(assemblyArgsStr) > 256 && !inProcess {
|
70 | 71 |
con.PrintWarnf(" Injected .NET assembly arguments are limited to 256 characters when using the default fork/exec model.\nConsider using the --in-process flag to execute the .NET assembly in-process and work around this limitation.\n")
|
71 | 72 |
confirm := false
|
72 | 73 |
prompt := &survey.Confirm{Message: "Do you want to continue?"}
|
|
93 | 94 |
Runtime: runtime,
|
94 | 95 |
EtwBypass: etwBypass,
|
95 | 96 |
AmsiBypass: amsiBypass,
|
96 | |
InProcess: ctx.Flags.Bool("in-process"),
|
|
97 |
InProcess: inProcess,
|
97 | 98 |
})
|
98 | 99 |
ctrl <- true
|
99 | 100 |
<-ctrl
|