Closed B2d82tc6 closed 2 months ago
When you re-installed the branch, did you create a new agent and use that one? or are you still using the same agent as the first attempt?
Can you also confirm that your .o files match the architecture of Apollo and your target host?
I created a new agent after the re-install.
The target Windows host is 64-bit.
The kali instance running the Mythic server is x86_64.
I have attempted both x64.o and x.86.o files for the commands "dir," "tasklist" and "netuptime" and receive the same errors for all.
Not really sure the fix, but x64.o commands started working after updating to newest 2024Q1-Dev branch from 28 April and creating a new beacon again.
Hey, I am having issues using execute_boff. I compiled and registered runof.dll as mentioned in the documentation for the 2024Q1-Dev branch. Then I have registered the individual BOF files before I attempt to execute them using register_coff and/or register_file. I have tried multiple Situational Awareness BOFs like the one below:
execute_coff -Coff whoami.x64.o -Function go -Timeout 30 -Arguments []
Receiving this error for every attempt:
Exception: Object reference not set to an instance of an object. Location: at Tasks.execute_coff.Start()
Including more info in case it is relevant:
[STDOUT]: The following args aren't being used because they don't belong to the Default parameter group: {}
[STDERR]:
Conducting against a Windows 10 VM.
After runoff was added to the branch code I re-downloaded the branch and tried register_coff then execute_coff again getting different results:
Exception: System.Exception: Unable to process function relocation type IMAGE_REL_AMD64_REL32_2 - please file a bug report. at RUNOF.Internals.BofRunner..ctor(ParsedArgs parsed_args) at RUNOF.Program.Main(String[] args) Location: at RunOf.Internals.BofRunner..ctor(ParsedArgs parsed_args) at RUNOF.Program.Main(String[] args)
I know this has not been added to the main branch yet and maybe there is something I am missing or not understanding. Any assistance would be helpful, thanks.