ClipboardWindow-Inject (Cobalt Strike BOF)
Beacon Object File (BOF) that injects beacon shellcode into remote process, avoiding the usage of common monitored APIs.
Using the CLIPBRDWNDCLASS injection technique (similar to Propagate) learned from Hexacorn.
API Calls
NtCreateSection()->NtMapViewOfSection()[local process]->
NtMapViewOfSection()[remote process]->SetProp()->PostMessage()
Support Arch
x64
Usage
1.List processes with clipboard window
ClipboardWindow-Inject list
2.Inject beacon shellcode into target process
ClipboardWindow-Inject <pid> <listener>
Compile
Windows: with x64 Native Tools Command Prompt for VS
nmake -f Makefile.msvc build
Linux/macOS: with x64 MinGW
x86_64-w64-mingw32-gcc -c ClipboardWindow-Inject.c -o ClipboardWindow-Inject.x64.o
To Do List
- x86 support