GithubHelp home page GithubHelp logo

gavz / cobaltstrikereflectiveloader Goto Github PK

View Code? Open in Web Editor NEW

This project forked from boku7/bokuloader

0.0 0.0 0.0 1.31 MB

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

C 99.92% Shell 0.08%

cobaltstrikereflectiveloader's Introduction

Cobalt Strike User-Defined Reflective Loader

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

Versions

  • Different version of this User-Defined Reflective Loader project can be found in the versions folder
Version File Description
0.1 ReflectiveLoader-v0_1.c This is the original reflective loader created for this project. It includes the notes within the C file. This initial version was created with research and learning in mind. Little obfuscation and evasion techniques are used in this version.

Initial Project Goals

  • Learn how Reflective Loader works.
  • Write a Reflective Loader in Assembly.
  • Compatible with Cobalt Strike.
  • Cross compile from macOS/Linux.
  • Implement Inline-Assembly into a C project.

Future Project Goals

  • Use the initial project as a template for more advanced evasion techniques leveraging the flexibility of Assembly.
  • Implement Cobalt Strike options such as no RWX, stompPE, module stomping, changing the MZ header, etc.
  • Write a decent Aggressor script.
  • Support x86.
  • Have different versions of reflective loader to choose from.
  • Implement HellsGate/HalosGate for the initial calls that reflective loader uses (pNtFlushInstructionCache, VirtualAlloc, GetProcAddress, LoadLibraryA, etc).
  • Optimize the assembly code.
  • Hash/obfuscate strings.
  • Some kind of template language overlay that can modify/randomize the registers/methods.

Usage

  1. Start your Cobalt Strike Team Server with or without a profile
#### This profile stuff below is optional, but this is the profile I tested this Reflective Loader with ####
# Install Go on Kali if you need it
sudo apt install golang-go -y
# Creating a Team Server Cobalt Strike profile with SourcePoint
## Clone the SourcePoint project
git clone https://github.com/Tylous/SourcePoint.git
## Build SourcePoint Go project
cd SourcePoint
go build SourcePoint.go
## Run it with some cool flags (look at the help menu for more info)
### This is the settings I have tested UD Reflective Loader with
./SourcePoint -PE_Clone 18 -PostEX_Name 13 -Sleep 3 -Profile 4 -Outfile myprofile.profile -Host <TeamServer> -Injector NtMapViewOfSection
## Start Team Server
cd ../
sudo ./teamserver  <TeamServer> 'T3@Ms3Rv3Rp@$$w0RD' SourcePoint/myprofile.profile
  1. Go to your Cobalt Strike GUI and import the rdll_loader.cna Agressor script
  2. Generate your x64 payload (Attacks -> Packages -> Windows Executable (S))
  • Does not support x86 option. The x86 bin is the original Reflective Loader object file.
  1. Use the Script Console to make sure that the beacon created successfully with this User-Defined Reflective Loader
  • If successful, the output in the Script Console will look like this:

Build (Only tested from macOS at the moment)

  1. Run the compile-x64.sh shell script after installling required dependencies
# Install brew on macOS if you need it (https://brew.sh/)
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install Ming using Brew
brew install mingw-w64
# Clone this Reflective DLL project from this github repo
git clone https://github.com/boku7/CobaltStrikeReflectiveLoader.git
# Compile the ReflectiveLoader Object file
cd CobaltStrikeReflectiveLoader/
cat compile-x64.sh
x86_64-w64-mingw32-gcc -c ReflectiveLoader.c -o ./bin/ReflectiveLoader.x64.o -shared -masm=intel
bash compile-x64.sh
  1. Follow "Usage" instructions

Credits / References

Reflective Loader

Cobalt Strike User Defined Reflective Loader

Great Resource for learning Intel ASM

Implementing ASM in C Code with GCC

Cobalt Strike C2 Profile Generator

cobaltstrikereflectiveloader's People

Contributors

boku7 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.