Interactive mode support #79
Conversation
It allows to execute Rubeus in an interactive mode. It is useful to avoid the command line process auditing functionality. It switches to interactive mode only when no command line arguments have been input as mimikatz does. It is also useful if you want to use it with loaders which inject the process into memory such as PEzor. Although Donut already allows hardcoding arguments, it is not efficient generating a binary for each command. This condition (&& args[0] != "") is just to make it work properly with PEzor. I don't know why but the loader adds an empty first argument. It has no impact on the normal behavior.
|
So based on how many people often use it, they expect the usage output to come up when no arguments are passed. Would having Rubeus.exe interactive be a reasonable compromise to allow this menu to pop up? If so I can land this and make that tweak. If it's a hard requirement to have no arguments passed to initiate this behavior then unfortunately I'm not comfortable with landing it. |
|
Hi! it's quite reasonable to not want to change a functionality that people are used to, but that's exactly the purpose of this new feature. There is also one more problem, if you try to run that mode in a non-interactive shell like a reverse shell without ConPTY the shell dies (just like when you run mimikatz and you forget that by default it goes into interactive mode xD). Maybe I could implement a check for that case. Anyway, the usage menu pops up when the command entered is not in the list. Maybe the However, there are alternatives to modify the current development as less as possible and keep the new interactive mode: Use a boolean variable by default set to false to enable or disable this feature. If the binary is compiled with that variable set to false Rubeus will work as it does now, and if it's set to true it will work as I propose. So people who are not interested or don't know about that new feature don't have to do anything. I could implement a A third option could be the use of an environment variable, just checking if it's set regardless of its value. It leaves no trace in the process auditing logs but it's not strongly recommended (I would have to research how to monitor the setting of environment variables), although changing the name of the variable is easy and everyone could have their own. I discard the use of a command to enter in interactive mode as it breaks the purpose of leaving no trace by using arguments. Let me know what you think. |
It allows to execute Rubeus in an interactive mode. It is useful to avoid the command line process auditing functionality.
It switches to interactive mode only when no command line arguments have been input as mimikatz does.
It is also useful if you want to use it with loaders which inject the process into memory such as PEzor. Although Donut already allows hardcoding arguments, it is not efficient generating a binary for each command.
This condition
(&& args[0] != "")is just to make it work properly with PEzor. I don't know why but the loader adds an empty first argument. It has no impact on the normal behavior.