Skip to content

Collection of Beacon Object Files (BOF) for Cobalt Strike

Notifications You must be signed in to change notification settings

crypt0p3g/bof-collection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

Various BOF collection

Name Description
ChromiumKeyDump BOF implementation of Chlonium tool to dump Chrome/Edge Masterkey and download Cookie/Login Data files
Sleeper BOF to call the SetThreadExecutionState function to prevent host from Sleeping

How to compile:

  • Visual Studio:
x86:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars32.bat"
cl.exe /c /GS- /TP BOF.cpp /FoBOF.o

x64:
"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
cl.exe /c /GS- /TP BOF.cpp /FoBOF.x64.o
  • MinGW:
x86: i686-w64-mingw32-gcc -c BOF.cpp -o BOF.o
x64: x86_64-w64-mingw32-gcc -c BOF.cpp -o BOF.x64.o

After compiling, place the object files (.o) into the bin folder and load the (.cna) files to Cobalt Strike.

ChromiumKeyDump

Usage:

chromiumkeydump [edge|chrome] [argument(required)] [ChromePath(optional)]
                Arguments       Description
                ---------       -----------
                masterkey       Dump Masterkey
                cookies         Download Chrome Cookies file
                logindata       Download Chrome Login Data file
                all             Dump Masterkey and download files
                
                ChromePath      Path to custom installation directory
                                !Set the path to where the [User Data] folder is located!

                                Example: D:\\Programs\\
                                         C:\\Users\\USER\\AppData\\Local

References:

https://github.com/rxwx/chlonium

Sleeper

Usage:

sleeper [argument(required)]
               Arguments      Description
               ---------      -----------
               off            Set the `ES_CONTINUOUS` flag and return to Default state
               on             Set the `ES_SYSTEM_REQUIRED` flag to prevent the Sleep
               force          Set the `ES_SYSTEM_REQUIRED|ES_AWAYMODE_REQUIRED` flags to prevent the Sleep, 
                              even if the Sleep button is pressed

References:

https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setthreadexecutionstate

About

Collection of Beacon Object Files (BOF) for Cobalt Strike

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published