Skip to content

Latest commit

 

History

History
14 lines (10 loc) · 1.02 KB

README.md

File metadata and controls

14 lines (10 loc) · 1.02 KB

BOFs

A collection of utilities for Cobalt Strike's Beacon Object Files to make our life easier.

Name Description Usage
send_shellcode_via_pipe A BOF that allows the operator to send a shellcode or any byte content via a named pipe. send_shellcode_via_pipe <pipe> <file>
cat As the name implies, finally allows you to get the content of a text file from Cobalt Strike. Supports remote shares. cat <file>
wts_enum_remote_processes Enumerate remote processes using WTS APIs, also useful to check if you have access to a system wts_enum_remote_processes <host>
unhook A BOF that uses direct syscalls to remove the hooks from a user-specified module. Compatible only with 64 bit beacons. unhook <module>, unhook ntdll.dll

NOTE: Side effects could include: nose bleed, unrecoverable and immediate death of your beacons.

A particular thanks to @ajpc500 for inspiration and from which I might or might not borrowed some code.