Home

Awesome

BOFs

A collection of utilities for Cobalt Strike's Beacon Object Files to make our life easier.

NameDescriptionUsage
send_shellcode_via_pipeA BOF that allows the operator to send a shellcode or any byte content via a named pipe.send_shellcode_via_pipe <pipe> <file>
catAs the name implies, finally allows you to get the content of a text file from Cobalt Strike. Supports remote shares.cat <file>
wts_enum_remote_processesEnumerate remote processes using WTS APIs, also useful to check if you have access to a systemwts_enum_remote_processes <host>
unhookA BOF that uses direct syscalls to remove the hooks from a user-specified module. Compatible only with 64 bit beacons.unhook <module>, unhook ntdll.dll

NOTE: Side effects could include: nose bleed, unrecoverable and immediate death of your beacons.

A particular thanks to @ajpc500 for inspiration and from which I might or might not borrowed some code.