search

mgeeky / Stracciatella

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup
GNU General Public License v3.0
501 stars 65 forks source link

BOF.NET improvements #15

Open nurfed1 opened 2 years ago

nurfed1 commented 2 years ago

The original bofnet_stracciatella_script command uses bofnet_executeassembly, which is blocking. I think this means that if the script is bigger than 20000 bytes (and a named pipe will be used), the command will block (while waiting on the named pipe), at the same time, preventing the writepipe function from sending the actual script. This is causing deadlock? that breaks the beacon or at least prevents it from returning until a certain timeout period.

I renamed the bofnet_stracciatella_script to bofnet_executestracciatella_script, as the naming makes more sense. And added a warning that scripts > 20000 bytes are not supported.

Addtionally, I added new bofnet_stracciatella_script command that uses bofnet_jobassembly, and will be able to handle scripts > 20000 bytes

nurfed1 commented 1 year ago

Hi,

Any chance you could have a look at this?