Beacon Object File executing arbitrary PE inside a sacrificial process through partial implementation of process herpaderping technique. All credits goes to jxy-s for his original project available here: https://github.com/jxy-s/herpaderping .
The BOF takes as input a .exe filename on the remote machine and and a PE on the local machine and perform process herpaderping in order to execute the PE. It creates the file specified as first parameter. It uses pattern {'\x82', '\x7f', '\x76', '\x7c'} for overwriting the file content.
Executed on debian:
$ cd herpaderping
$ x86_64-w64-mingw32-gcc -c HerpaDerp.c -o herpaderp.x64.o
Tested in sliver.
Load extension in sliver client:
$ mkdir ~/.sliver-client/extensions/herpaderp
$ cp extension.json ~/.sliver-client/extensions/herpaderping
$ cp herpaderp.x64.o ~/.sliver-client/extensions/herpaderping
Start sliver client and try extension.
