-
Notifications
You must be signed in to change notification settings - Fork 22
Expand file tree
/
Copy pathinline-execute-ex.cna
More file actions
69 lines (59 loc) · 2.1 KB
/
inline-execute-ex.cna
File metadata and controls
69 lines (59 loc) · 2.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# $1 - the id for the Beacon
# $2 - bytes of the BOF file
# $3 - the entry function to call
# $4 - argument to pass to the BOF file
sub beacon_inline_execute_ex {
$x64_path = getFileProper(script_resource("."), "x64", "Release", "bof.x64.o");
$x86_path = getFileProper(script_resource("."), "Release", "bof.x86.o");
$barch = barch($1);
println("Beacon Arch: " . $barch);
# figure out the arch of this session and get a handle to the loader
if ($barch eq "x64") { # 64-bit
$handle = openf($x64_path);
println("BOF Loader Path: " . $x64_path);
} else { # 32-bit
$handle = openf($x86_path);
println("BOF Loader Path: " . $x86_path);
}
# read the BOF loader
$bof_loader = readb($handle, -1);
closef($handle);
# pack the bof itself, the entry function name for the bof, and the args for that bof
$packed = bof_pack($1, "bzz", $2, $3, $4);
println("Entry function: ". $3);
println("BOF Size: " . strlen($bof));
println("Args: " . $4);
# announce what we're doing -- Enable if you want to force BOFs to create a task
# btask($1, "Running InlineExecuteEx.");
# actually run the BOF
beacon_inline_execute($1, $bof_loader, "go", $packed);
}
# $1 - the id for the Beacon
# $2 - a string containing the BOF file
# $3 - the entry point to call
# $4 - argument to pass to the BOF file
alias inline-execute-ex {
# read the BOF we actually want to run
$bof_path = getFileProper($2);
$handle = openf($bof_path);
$bof = readb($handle, -1);
closef($handle);
beacon_inline_execute_ex($1, $bof, $3, $4);
}
# --------------------
# Register the postex-kit command
# --------------------
beacon_command_group(
"inline_execute_ex",
"BOF+",
"[EXPERIMENTAL] BOF Loader."
);
beacon_command_register(
"inline-execute-ex",
"[EXPERIMENTAL] We heard you like BOFs. So I put a BOF in your BOF.",
"# 1 - a string containing the BOF file\n".
"# 2 - the entry point to call\n".
"# 3 - arguments to pass to the BOF file\n\n".
"Usage: inline-execute-ex 'bof.o' 'go' 'hello world!'",
"inline_execute_ex"
);