Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Related tags

MiscellaneousInlineWhispers2
Overview

InlineWhispers2

Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2

Based on https://github.com/outflanknl/InlineWhispers and https://github.com/helpsystems/nanodump work

How do I set this up?

git clone https://github.com/Sh0ckFR/InlineWhispers2 && cd InlineWhispers2
git clone https://github.com/jthuraisamy/SysWhispers2
cd SysWhispers2/ && python3 syswhispers.py --preset all -o syscalls_all && cd ..
python3 InlineWhispers2.py

How to use syscalls in your Cobalt-Strike BOF?

Import syscalls.c syscalls.h, syscalls-asm.h in your project and include syscalls.c to start to use syscalls

Now you can use all syscalls that you need:

#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>

#include "beacon.h"

#include "syscalls.c"

int go(char* args, int length) {
	datap  parser;
	BeaconDataParse(&parser, args, length);

	int pid = BeaconDataInt(&parser);

	BeaconPrintf(CALLBACK_OUTPUT, "	- Opening process: %d.", pid);

	HANDLE hProcess = NULL;
	OBJECT_ATTRIBUTES ObjectAttributes;
	InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL);

	CLIENT_ID uPid = { 0 };
	uPid.UniqueProcess = (HANDLE)(DWORD_PTR)pid;
	uPid.UniqueThread = (HANDLE)0;

	NTSTATUS status = NtOpenProcess(&hProcess, PROCESS_ALL_ACCESS, &ObjectAttributes, &uPid);
	if (hProcess == NULL || status != 0) {
		BeaconPrintf(CALLBACK_OUTPUT, "	[ERROR] Failed to get processhandle, status: 0x%lx", status);
		return 0;
	}
	BeaconPrintf(CALLBACK_OUTPUT, "	- Handle: %x", hProcess);

	NtClose(hProcess);

	return 0;
}

Limitations

Actually, you can't use NtCallEnclave, NtGetCachedSigningLevel, NtSetCachedSigningLevel, NtCreateSectionEx syscalls

Credits

  • @jthuraisamy for Syswhispers2
  • @outflanknl for the first version of InlineWhispers
  • @helpsystems for the nanodump exemple
  • @boku7 for his awesome work and his kindness
  • @HackingDave because he's the owner of a great DeLorean vroom vroom
  • The French Read The Fancy Manual community, the CyberThreatForce, and OsintFr (@sigsegv_event @CTFofficielFR and @OsintFr)
  • All infosec enthusiasts who share their knowledge without looking down on other enthusiasts
Owner
Red Teamer
GitHub Repository
Turn crypto miner on/off depending on powerwall charge level

Mining Crypto with Tesla Solar and Powerwalls This script turns a crypto miner on and off when the Tesla Powerwall level drops/rises above a certain t

Matt 1 Nov 09, 2021
Python Create Your Own Tool Series

Python Create Your Own Tool Series Hey there! This is an additional Github repository that contains the final product files for each video in my Youtu

Joe Helle 21 Dec 02, 2022
Web interface for browsing, search and filtering recent arxiv submissions

Web interface for browsing, search and filtering recent arxiv submissions

Andrej 4.8k Jan 08, 2023
Tools for teachers and students using nng (Natural Number Game)

nngtools Usage Place your nngsave.json to the directory in which you want to extract the level files. Place nngmap.json on the same directory. Run nng

Thanos Tsouanas 1 Dec 12, 2021
This Curve Editor, written by Jehee Lee in 2015

Splines Abstract This Curve Editor, written by Jehee Lee in 2015, is a freeware. You can use, modify, redistribute the code without restriction. This

Movement Research Lab 8 Mar 11, 2022
A prototype COG-based tile server for sparse Mars datasets

Mars tiler Mars Tiler is a prototype web application that serves tiles from cloud-optimized GeoTIFFs, with an emphasis on supporting planetary dataset

Daven Quinn 3 Mar 23, 2022
A performant state estimator for power system

A state estimator for power system. Turbocharged with sparse matrix support, JIT, SIMD and improved ordering.

9 Dec 12, 2022
Python with the scientific stack, compiled to WebAssembly.

Pyodide may be used in any context where you want to run Python inside a web browser.

9.5k Jan 09, 2023
Python 3 script for installing kali tools on your linux machine

Python 3 script for installing kali tools on your linux machine

gh0st 2 Apr 20, 2022
This is a small Panel applet for the Budgie Desktop to display the battery charge of a connected Bluetooth device.

BudgieBluetoothBattery This is a small Panel applet for the Budgie Desktop to display the battery charge of a connected Bluetooth device. It uses the

Konstantin Köhring 7 Dec 05, 2022
BMI-Calculator: Program to Calculate Body Mass Index (BMI)

The Body Mass Index (BMI) or Quetelet index is a value derived from the mass (weight) and height of an individual, male or female.

PyLaboratory 0 Feb 07, 2022
Location of public benchmarking; primarily final results

CSL_public_benchmark This repo is intended to provide a periodically-updated, public view into genome sequencing benchmarks managed by HudsonAlpha's C

HudsonAlpha Institute for Biotechnology 15 Jun 13, 2022
Design-by-contract in Python3 with informative violation messages and inheritance

icontract icontract provides design-by-contract to Python3 with informative violation messages and inheritance. It also gives a base for a flourishing

275 Jan 02, 2023
Python-Course-V1 - This Repo contains a series of Python Jupyter Notebooks and assignments

This Repo contains a series of Python Jupyter Notebooks and assignments. The assignments are taken from Python Crash Course book by Eric Matthes.

2 Nov 15, 2022
A simple package for interacting with the 9kw.eu anti-captcha service.

Welcome to captcha9kw’s documentation! captcha9kw is a smallish Python package for making use of the 9kw.eu services, including solving of interactive

2 Feb 26, 2022
Sudoku solver using backtracking

Sudoku solver Sudoku solver using backtracking Basically in sudoku, we want to be able to solve a sudoku puzzle given an input like this, which repres

Kylie 99 Jan 07, 2023
A joke conlang with minimal semantics

SyntaxLang Reserved Defined Words Word Function fo Terminates a noun phrase or verb phrase tu Converts an adjective block or sentence to a noun to Ter

Leo Treloar 1 Dec 07, 2021
Sailwind Mod Manager

Sailwind Mod Manager The Sailwind Mod Manager is an open source mod manager for the Sailwind community. It currently allows you to browse and download

Max 3 Jul 15, 2022
Python AVL Protocols Server for Codec 8 and Codec 8 Extended Protocols

pycodecs Package provides python AVL Protocols Server for Codec 8 and Codec 8 Extended Protocols This package will parse the AVL Data and log it in hu

Vardharajulu K N 2 Jun 21, 2022
Exactly what it sounds like, which is something rad

EyeWitnessTheFitness External recon got ya down? That scan prevention system preventing you from enumerating web pages? Well look no further, I have t

Ellis Springe 18 Dec 31, 2022