BOFCode

BOF files and CNA scripts for Cobalt Strike

Description

This repository contains multiple BOFs and theit accompanying .cna scripts for Cobalt Strike, which are useful during Red Team engagements.

Command	Description
createproc	BOF that attempts to spawn a new process on the target system using CreateProcessA.
elevate_pid	Privilege escalation via token impersonation in Windows BOF
envdump	BOF to list environment variables available to the current process
getcmdline	BOF to extract the full command-line arguments used to launch a specific process by its name (e.g., notepad.exe), from another process’s memory.
servicelookup	BOF that checks whether a given Windows service account exists locally or remotely by resolving its Security Identifier (SID) using LookupAccountNameA. It can also optionally impersonate a user using LogonUserA before performing the lookup.

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
README.md		README.md
all.cna		all.cna
beacon.h		beacon.h
elevate_pid.cna		elevate_pid.cna
elevate_pid.x64.o		elevate_pid.x64.o
elevate_pid.x86.o		elevate_pid.x86.o
elevate_pid_bof.c		elevate_pid_bof.c
env.c		env.c
env.cna		env.cna
env.x64.o		env.x64.o
env.x86.o		env.x86.o
getcmdline.c		getcmdline.c
getcmdline.cna		getcmdline.cna
getcmdline.x64.o		getcmdline.x64.o
getcmdline.x86.o		getcmdline.x86.o
process.c		process.c
process.x64.o		process.x64.o
process.x86.o		process.x86.o
service_lookup.c		service_lookup.c
service_lookup.cna		service_lookup.cna
service_lookup.x64.o		service_lookup.x64.o
service_lookup.x86.o		service_lookup.x86.o