Class: Rex::Post::Meterpreter::Extensions::Bofloader::Bofloader

Inherits:
Rex::Post::Meterpreter::Extension show all
Defined in:
lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb

Overview

Beacon object file (BOF) loader

Instance Attribute Summary

Attributes inherited from Rex::Post::Meterpreter::Extension

#client, #name

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Bofloader

Typical extension initialization routine.



136
137
138
139
140
141
142
143
144
145
146
147
 
# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 136

def initialize(client)
  super(client, 'bofloader')

  client.register_extension_aliases(
    [
      {
        'name' => 'bofloader',
        'ext' => self
      },
    ]
  )
end

Class Method Details

.extension_idObject 



129
130
131
 
# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 129

def self.extension_id
  EXTENSION_ID_BOFLOADER
end

Instance Method Details

#execute(bof_data, args_format: nil, args: nil, entry: 'go') ⇒ Object 



149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
 
# File 'lib/rex/post/meterpreter/extensions/bofloader/bofloader.rb', line 149

def execute(bof_data, args_format: nil, args: nil, entry: 'go')
  request = Packet.create_request(COMMAND_ID_BOFLOADER_EXECUTE)

  # Pack up beacon object file data and arguments into one single binary blob
  # Hardcode the entrypoint to "go" (CobaltStrike approved)
  bof = BofPack.new
  packed_args = bof.bof_pack(args_format, args)

  # Send the meterpreter TLV packet and get the output back
  request.add_tlv(TLV_TYPE_BOFLOADER_EXECUTE_BUFFER, bof_data)
  request.add_tlv(TLV_TYPE_BOFLOADER_EXECUTE_BUFFER_ENTRY, entry)
  request.add_tlv(TLV_TYPE_BOFLOADER_EXECUTE_ARGUMENTS, packed_args)
  response = client.send_request(request)
  return response.get_tlv_value(TLV_TYPE_BOFLOADER_EXECUTE_RESULT)
end