timwhitez starred BOF2shellcode
2022-9-5 18:2:22 Author: github.com(查看原文) 阅读量:23 收藏

POC tool to convert a Cobalt Strike BOF into raw shellcode.

Introduction

This code was written as part of a blog tutorial on how to convert an existing C tool, in this case @trustedsec's COFFLoader into a raw shellcode.

It uses techniques based on @thefLink's C-To-Shellcode-Examples repository.

Usage

First run make to build the bofloader.bin file.

After that the bof2shellcode.py script can be used to convert a BOF into raw shellcode.

Usage Examples

Converting the tasklist BOF to shellcode and executing it:

% python3 bof2shellcode.py -i tasklist.x64.o -o tasklist.x64.bin
Writing tasklist.x64.bin

load_sc.exe tasklist.x64.bin | c:\msys64\usr\bin\head.exe
Name                              ProcessId  ParentProcessId  SessionId CommandLine
System Idle Process                       0                0          0 (NULL)
System                                    4                0          0 (NULL)
Registry                                 92                4          0 (NULL)
smss.exe                                348                4          0 (NULL)
csrss.exe                               464              456          0 (NULL)
wininit.exe                             536              456          0 (NULL)
csrss.exe                               544              528          1 (NULL)
winlogon.exe                            628              528          1 (NULL)
services.exe                            636              536          0 (NULL)

Notes

This is purely a POC, it is missing some implementations of Beacon related functions, for example BeaconPrintf has been replace by a simple printf call that writes to stdout.

Credits

Note that the code in this repository is heavily based on @trustedsec's COFFLoader and @thefLink's C-To-Shellcode-Examples repository.


文章来源: https://github.com/FalconForceTeam/BOF2shellcode
如有侵权请联系:admin#unsafe.sh