Closed Retrospected closed 4 months ago
DragoQCC
commented
4 months ago Hey, thanks for taking the time to create this PR. I'm working on Apollo for the next few weeks and will be testing this and your other PR for WebSockets this week; hopefully, I will get them added this week/early next week, assuming everything tests correctly.
B2d82tc6
commented
4 months ago Hey, I am having issues using execute_boff.
I compiled and registered runof.dll as mentioned in the documentation for the 2024Q1-Dev branch.
Then I have registered the individual BOF files before I attempt to execute them using register_coff and/or register_file.
I have tried multiple Situational Awareness BOFs like the one below:
execute_coff -Coff whoami.x64.o -Function go -Timeout 30 -Arguments []
Receiving this error for every attempt:
Exception: Object reference not set to an instance of an object. Location: at Tasks.execute_coff.Start()
Including more info in case it is relevant:
[STDOUT]:
The following args aren't being used because they don't belong to the Default parameter group:
{}
[STDERR]:I know this has not been added to the main branch yet and maybe there is something I am missing or not understanding.
Any assistance would be helpful, thanks.
Added the COFF (BOF) loader RunOF created by the people at @nettitude to the agent. It supports arguments and works, like the original project, with common BOF's that are available for CobaltStrike. Tested with the ones of CS-Situational-Awareness-BOF.
Register the object file like you would for PE and .NET assemblies using
register_fileorregister_coff. It supports arguments via the TypedArguments feature of Mythic. Arguments can be passed in the following ways: