diff options
| author | Matt Graeber <mattgraeber@gmail.com> | 2015-12-16 14:48:09 -0800 |
|---|---|---|
| committer | Matt Graeber <mattgraeber@gmail.com> | 2015-12-16 14:48:09 -0800 |
| commit | 1cdad586c841b34c4681cd30bf2b7a10151e2d21 (patch) | |
| tree | c62ff8be7caba158b2483b149cbde40c0a88e575 /CodeExecution | |
| parent | f5d9b2527584912c87699f52fa639cf9d0fab42f (diff) | |
| download | PowerSploit-1cdad586c841b34c4681cd30bf2b7a10151e2d21.tar.gz PowerSploit-1cdad586c841b34c4681cd30bf2b7a10151e2d21.zip | |
Added a slight delay to Invoke-DllInjection validation
In some cases, the loaded module would show up as loaded after the check
occurred.
Diffstat (limited to 'CodeExecution')
| -rw-r--r-- | CodeExecution/Invoke-DllInjection.ps1 | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/CodeExecution/Invoke-DllInjection.ps1 b/CodeExecution/Invoke-DllInjection.ps1 index f862f92..369d606 100644 --- a/CodeExecution/Invoke-DllInjection.ps1 +++ b/CodeExecution/Invoke-DllInjection.ps1 @@ -313,9 +313,11 @@ http://www.exploit-monday.com # Close process handle
$CloseHandle.Invoke($hProcess) | Out-Null
+ Start-Sleep -Seconds 2
+
# Extract just the filename from the provided path to the dll.
- $FileName = Split-Path $Dll -Leaf
- $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.Contains($FileName) }
+ $FileName = (Split-Path $Dll -Leaf).ToLower()
+ $DllInfo = (Get-Process -Id $ProcessID).Modules | ? { $_.FileName.ToLower().Contains($FileName) }
if (!$DllInfo)
{
|