DLL_Version_Enumeration_BOF
Last updated
Last updated
This is a Cobalt Strike
BOF
file (a mildly massaged port of existing PoC , meant to use ascertain information regarded imported DLLs
(via the ENTRY_RESOURCE
) within current process that your beacon associated with.
Given my current projects regarding DLLs
, this is yet another blindspot I wanted to address after seeing work.
I wanted to support both 32-bit
AND 64-bit
Beacon
sessions.
I wanted to have verbose or minified output, given an operator's desire
I wanted to keep the original design of intact; minimal API calls.
This is solved this by rolling our own from grok
ed or cribbed
implementations elsewhere.
In this case, you have two options:
Use the existing, compiled object file, located in the dist
directory (AKA proceed to major step two)
Compile from source via the Makefile
cd src
make clean
make
Load the Aggressor
file, in the Script Manager
, located in the dist
directory
From a given Beacon
:
We're still using the Win32
API and Dynamic Function Resolution
. This is for you to determine as far as "risk", though this is limited to a single comparison function (stricmp
).
You may attempt to incur a privileged action without sufficient requisite permissions. I can't keep you from burning your hand.
DLL
s associated with the processneedle