|
| 1 | +/* |
| 2 | + * Beacon Object Files (BOF) |
| 3 | + * ------------------------- |
| 4 | + * A Beacon Object File is a light-weight post exploitation tool that runs |
| 5 | + * with Beacon's inline-execute command. |
| 6 | + * |
| 7 | + * Cobalt Strike 4.1. |
| 8 | + */ |
| 9 | + |
| 10 | +/* data API */ |
| 11 | +typedef struct { |
| 12 | + char * original; /* the original buffer [so we can free it] */ |
| 13 | + char * buffer; /* current pointer into our buffer */ |
| 14 | + int length; /* remaining length of data */ |
| 15 | + int size; /* total size of this buffer */ |
| 16 | +} datap; |
| 17 | + |
| 18 | +DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); |
| 19 | +DECLSPEC_IMPORT int BeaconDataInt(datap * parser); |
| 20 | +DECLSPEC_IMPORT short BeaconDataShort(datap * parser); |
| 21 | +DECLSPEC_IMPORT int BeaconDataLength(datap * parser); |
| 22 | +DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); |
| 23 | + |
| 24 | +/* format API */ |
| 25 | +typedef struct { |
| 26 | + char * original; /* the original buffer [so we can free it] */ |
| 27 | + char * buffer; /* current pointer into our buffer */ |
| 28 | + int length; /* remaining length of data */ |
| 29 | + int size; /* total size of this buffer */ |
| 30 | +} formatp; |
| 31 | + |
| 32 | +DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); |
| 33 | +DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); |
| 34 | +DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); |
| 35 | +DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); |
| 36 | +DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); |
| 37 | +DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); |
| 38 | +DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); |
| 39 | + |
| 40 | +/* Output Functions */ |
| 41 | +#define CALLBACK_OUTPUT 0x0 |
| 42 | +#define CALLBACK_OUTPUT_OEM 0x1e |
| 43 | +#define CALLBACK_ERROR 0x0d |
| 44 | +#define CALLBACK_OUTPUT_UTF8 0x20 |
| 45 | + |
| 46 | +DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); |
| 47 | +DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); |
| 48 | + |
| 49 | +/* Token Functions */ |
| 50 | +DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); |
| 51 | +DECLSPEC_IMPORT void BeaconRevertToken(); |
| 52 | +DECLSPEC_IMPORT BOOL BeaconIsAdmin(); |
| 53 | + |
| 54 | +/* Spawn+Inject Functions */ |
| 55 | +DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); |
| 56 | +DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); |
| 57 | +DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); |
| 58 | +DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); |
| 59 | + |
| 60 | +/* Utility Functions */ |
| 61 | +DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); |
0 commit comments