its-a-feature
commented
3 months ago When you re-installed the branch, did you create a new agent and use that one? or are you still using the same agent as the first attempt?
Closed B2d82tc6 closed 2 months ago
its-a-feature
commented
3 months ago When you re-installed the branch, did you create a new agent and use that one? or are you still using the same agent as the first attempt?
its-a-feature
commented
3 months ago Can you also confirm that your .o files match the architecture of Apollo and your target host?
B2d82tc6
commented
3 months ago I created a new agent after the re-install.
The target Windows host is 64-bit.
The kali instance running the Mythic server is x86_64.
I have attempted both x64.o and x.86.o files for the commands "dir," "tasklist" and "netuptime" and receive the same errors for all.
B2d82tc6
commented
2 months ago Not really sure the fix, but x64.o commands started working after updating to newest 2024Q1-Dev branch from 28 April and creating a new beacon again.
Hey, I am having issues using execute_boff. I compiled and registered runof.dll as mentioned in the documentation for the 2024Q1-Dev branch. Then I have registered the individual BOF files before I attempt to execute them using register_coff and/or register_file. I have tried multiple Situational Awareness BOFs like the one below:
execute_coff -Coff whoami.x64.o -Function go -Timeout 30 -Arguments []
Receiving this error for every attempt:
Exception: Object reference not set to an instance of an object. Location: at Tasks.execute_coff.Start()
Including more info in case it is relevant:
[STDOUT]: The following args aren't being used because they don't belong to the Default parameter group: {}
[STDERR]:
Conducting against a Windows 10 VM.
After runoff was added to the branch code I re-downloaded the branch and tried register_coff then execute_coff again getting different results:
Exception: System.Exception: Unable to process function relocation type IMAGE_REL_AMD64_REL32_2 - please file a bug report. at RUNOF.Internals.BofRunner..ctor(ParsedArgs parsed_args) at RUNOF.Program.Main(String[] args) Location: at RunOf.Internals.BofRunner..ctor(ParsedArgs parsed_args) at RUNOF.Program.Main(String[] args)
I know this has not been added to the main branch yet and maybe there is something I am missing or not understanding. Any assistance would be helpful, thanks.