boku7 / BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
MIT License
1.26k stars 244 forks source link

Executables "fail to start correctly" #25

Closed jkuensting-r7 closed 1 year ago

jkuensting-r7 commented 1 year ago

Used this fantastic project in the past without issues, but when I attempted to use it again on my current engagement, I just cannot get the generated executables to run no matter what I try.

Screenshot 2023-05-31 at 4 35 36 PM

Cobalt Strike is fully current at 4.8 and I'm using the most recent version of Bokuloader. I'm also (I believe) abiding by all the recommendations in the README. I've included my malleable C2 (based on the jQuery one listed in the README and scrubbed of incriminating data):

jquery-c2.4.7.txt

I also tried it with no malleable C2 loaded at all and got the same issue. I'm quite sure I'm doing something wrong, but I wanted to see if there was a known issue (perhaps with recent changes in Cobalt Strike).

Any help appreciated! Thanks very much for your time.

jkuensting-r7 commented 1 year ago

Forgot to mention: executables are being run on fully-updated Windows 10 x64 with no AV or EDR installed.

boku7 commented 1 year ago

Hey, thank you! The loader is using the 100k setting, it's greater than 5k. You have to modify the arsenal kit, or just export beacon as raw and load it with your own loader. Lmk how it goes

boku7 commented 1 year ago

No response, closing for now