This fixes the URI bug submitted by @enigma0x3. Thank you for the PR as well! A legacy switch is added in case anyone is relying on this script and an older meterpreter handler.
Proxy support is added to grab the default proxy by way of a switch.
The default user-agent is grabbed from the registry instead of being a static string.
I tested this on a Windows 7 SP1 (both x86 and 64-bit) and Windows 8.1 (64-bit) with an older handler and an updated one.
Fixed a bug where calling GetProcAddress by ordinal instead of procedure
name failed.
Fixed a bug where reflectively loading an EXE will cause the entry
function (main()) to be called twice instead of once as expected.
Added a ForceASLR flag to force ASLR to be used even if the PE file
doesn't officially support ASLR.
Some minor other changes.
Calling CreateRemoteThread on lsass.
Bug fix: Invoke-DllInjection was checking the processor architecture
when it should have been validating the OS architecture. This would
cause Invoke-DllInjection to fail on a 32-bit OS with a 64-bit
processor.
Prior to this fix, DllMain with the ProessDetach flag was not called
when unloading the reflectively loaded DLL. This was causing very weird
crashes in the Invoke-NinjaCopy script which is built on this script.
This should fix the crash.
Another awesome addition from Joe Bialek. Invoke-ReflectivePEInjection
is a vast improvement over Invoke-ReflectiveDllInjection. It adds the
following features:
* Now supports loading exe files in memory
* Supports reflective dll injection into a remote process
* Additional sample Visual Studio solutions
Adding Invoke-ReflectiveDllInjection. PowerSploit now has reflective DLL
loading capabilities!!! Thanks to Joe Bialek @JosephBialek for writing
this awesome code!
* I unfortunately needed to change the names of Inject-Shellcode and
Inject-Dll to Invoke-Shellcode and Invoke-DllInjection in order to
confirm to proper verb naming.
Matt Graeber
Chris Campbell
clymb3r
bitform