The commit adds list_extensions/register_extension/call_extension to work with extensions. This is a simple wrapper for the three respective RPC calls. Does not implement BOF logic, the user will need to pack arguments for COFFLoader's LoadAndRun export manually like so:
interact = await client.interact_session(sessions[0].ID)
extensions = await interact.list_extensions()
if "coff-loader" not in extensions.Names:
with open("COFFLoader.x64.dll", 'rb') as f:
coffloaderdata = f.read()
await interact.register_extension("coff-loader", coffloaderdata, sessions[0].OS, None)
with open("probe.x64.o", 'rb') as f:
bofdata = f.read()
bofparams = BeaconPack()
bofparams.addstr("1.1.1.1")
bofparams.addint(80)
bofbuffer = bofparams.getbuffer() # 1.1.1.1:80
coffloader_params = BeaconPack()
coffloader_params.addstr("go")
coffloader_params.addstr(bofdata)
coffloader_params.addstr(bofbuffer)
coffloader_buffer = coffloader_params.getbuffer()
call_result = await interact.call_extension("coff-loader", "LoadAndRun", coffloader_buffer)
The commit adds
list_extensions/register_extension/call_extensionto work with extensions. This is a simple wrapper for the three respective RPC calls. Does not implement BOF logic, the user will need to pack arguments for COFFLoader's LoadAndRun export manually like so: