Python inline shellcode injector that could be used to run BOFs by leveraging BOF2shellcode
Python can be used to run Cobalt Strike's BOFs by using previous work from Trustedsec and FalconForce, one can pick a BOF and use BOF2Shellcode to embed the shellcode in a python injector.
-
clone bof2shellcode
-
grab an x64 BOF
-
create the shellcode blob containing the converted BOF and COFFloader:
python3 ./BOF2shellcode/bof2shellcode.py -i ./bofs/tasklist.x64.o -o ./scodes/tasklist.x64.bin
- make tasklist.x64.bin easily pastable:
msfvenom -p generic/custom PAYLOADFILE=tasklist.x64.bin -f python > sc_tasklist.txt
- paste she shellcode in the injector and update the code accordingly