You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a Cobalt StrikeBOF file, meant to use two arguments (path to begin, and a DLL filename of interest), that will traverse the SafeSearch order of DLL resolution
Optionally, this will also attempt to ascertain a HANDLE to the provided file (if found), and alert the operator of its mutability (WRITE access)
What problem are you trying to solve?
There are tools (mostly in .NET or otherwise) that do this job (traditionally Powershell-based), but I hadn't seen similar in C at the time of writing. I may just be terrible at dorking
How do I build this?
In this case, you have two options:
Use the existing, compiled object file, located in the dist directory (AKA proceed to major step two)
Compile from source via the Makefile
cd src
make clean
make
Load the Aggressor file, in the Script Manager, located in the dist directory
How do I modify this BOF to not attempt to get a HANDLE on the provided DLL filename, if found?
Within ./src/main.c, modify dfsStruct.bCheckCreateFileA and dfsStruct.bResultCreateFileA to FALSE.
Rebuild with the included build instructions
How do I use this?
From a given Beacon:
# For accessing the help menu prompt
hijack_hunter help# Example usage
hijack_hunter C:\Users\User\Desktop superLegit.dll
Any known downsides?
We're still using the Win32 API and Dynamic Function Resolution. This is for you to determine as far as "risk".
You may attempt to incur a privileged action without sufficient requisite permissions. I can't keep you from burning your hand.
