This looks like you are having problem with powershell not amber :) Try to load meterpreter with psh payloads and check if powershell is functioning properly.

from amber.

Yes. I have checked the meterpreter with PSH payload and the powershell is functioning properly. Can you help to share the Windows machine and ransomware sample for reproducing the scenario?

from amber.

Sorry i can't share the ransomware sample because of moral reasons but you can find alot of open source ransomware on github try following ones;

https://github.com/Refreshers/Ransomware-C
https://github.com/Siegfried148/Ransomware-C
https://github.com/popescuadi/Ransomware
https://github.com/8noobs/rerosomware

If you give me more details about your problem such as what EXE file did you used i may help more.

from amber.

Hi, can you share your email address with so that I can send you the sample.

from amber.

[email protected]

from amber.

sent. thank you in advance!

from amber.

Ok now i know what is wrong :) Unfortunately currently Amber only supports EXE files that are compiled with common language compilers such as GCC, G++, VisualStudio , Clang it also works well with the Golang and Rust binaries but it does not support EXE files that are generated by python source :/ pyinstaller or py2exe does not generate regular EXE files, future updates on Amber will add support to C# binaries but the Delphi/Python typed EXE support is not in the picture right now :)

from amber.

I see. Thanks for pointing that out. May I know the sample below that you provided earlier, Do they work with Amber?

https://github.com/Refreshers/Ransomware-C
https://github.com/Siegfried148/Ransomware-C
https://github.com/popescuadi/Ransomware
https://github.com/8noobs/rerosomware

from amber.

Yes, these are C/C++ projects every C/C++ code that you can compile should work with amber.

from amber.

Thanks. Just to confirm, are we able to install amber on Kali?

I tried to install and run a quick test, i see ASLR not supported.

Version: 1.0.0

Source: github.com/egebalci/Amber

[] File: /root/Desktop/a.exe
[] Staged: true
[] Key Size: 7
[] IAT: false
[*] Verbose: true

[] Checking requirments...
[] Opening input file...
[] Analyzing PE file...
[-] ASLR not supported :(
[x] Using Fixed stub...
[] File Size: 380531 byte
[] Machine: 0x14C
[] Magic: 0x10B
[] Subsystem: 0x3
[] Image Base: 0x400000
[] Size Of Image: 0x5F000
[] Export Table: 0x400000
[] Import Table: 0x408000
[] Base Relocation Table: 0x400000
[] Import Address Table: 0x40815C
[] Assembling reflective payload...
[*] Mapping PE file...

from amber.

Sure you can install it on kali. ASLR support is about the EXE file that you are trying to pack. It means if your EXE file does not have ASLR support it might cause some errors when using --staged option but you can still pack it witout ASLR support.

from amber.

Yeah, you are right... everytime I execute the code on target machine, I see the powershell crash when the staged send. may I know what caused ASLR not supported? What command I should use to compile the source code?

from amber.

It depends on what compiler you are using. Visual Studio by default adds the relocation data inside EXE file if you are using visual studio you don't need to do any extra things. If you are using mingw or Clang you need to add -Wl,--dynamicbase,--export-all-symbols parameters while compiling.

from amber.