-
-
Notifications
You must be signed in to change notification settings - Fork 947
BOF support
infosec guy edited this page Mar 25, 2023
·
1 revision
The Havoc agent supports in-memory execution of object files, commonly known as Beacon Object Files or BOFs.
From python, you can pack data as you normally do in Cobalt Strike. You can find several examples of how to do this in this repository.
Also, you can run an object file and obtain the result with a callback, like so:
def my_callback(demonID, worked, output):
print('hi there! I am the python callback of the "locale" BOF')
print(f'demonID: {demonID}')
print(f'did the BOF run ok?: {worked}')
if worked:
print('here you have the output :)')
print(output)
print('bye!')
def locale( demonID, *param ):
TaskID : str = None
demon : Demon = None
demon = Demon( demonID )
return demon.InlineExecuteGetOutput( my_callback, "go", "ObjectFiles/locale.x64.o", b'' )