Home

Awesome

ClipboardWindow-Inject (Cobalt Strike BOF)

Beacon Object File (BOF) that injects beacon shellcode into remote process, avoiding the usage of common monitored APIs.

Using the CLIPBRDWNDCLASS injection technique (similar to Propagate) learned from Hexacorn.

API Calls
NtCreateSection()->NtMapViewOfSection()[local process]->
NtMapViewOfSection()[remote process]->SetProp()->PostMessage()

Support Arch

x64

Usage

1.List processes with clipboard window

ClipboardWindow-Inject list

2.Inject beacon shellcode into target process

ClipboardWindow-Inject <pid> <listener>

Compile

Windows: with x64 Native Tools Command Prompt for VS

nmake -f Makefile.msvc build

Linux/macOS: with x64 MinGW

x86_64-w64-mingw32-gcc -c ClipboardWindow-Inject.c -o ClipboardWindow-Inject.x64.o

To Do List

References

Clipboard window injection technique
Cobalt Strike Beacon Object Files
ROP