Skip to content

zimnyaa/nim-lazy-bof

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.gitattributes
.gitattributes
 
 
COFFLoader.x64.dll
COFFLoader.x64.dll
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.nim
main.nim
 
 
whoami.o
whoami.o
 
 

Repository files navigation

nim-lazy-bof

Nim port of sliver's BOF loading approach (discussed at https://tishina.in/execution/bof-lazy-loading). Embeds the COFFLoader dll, loads it with memlib, builds the argument bytearray and defines a callback, and fires LoadAndRun (courtesy to the team behind sliver).

This PoC loads and runs whoami.o from Situational-Awareness-BOF collection without any arguments.

build

nimble install winim memlib ptr_math
nim c main.c

credits

khchen (memlib/winim), trustedsec (COFFLoader/SA-BOF), sliver(LoadAndRun)

About

Nim port of sliver's BOF loading approach

Topics

nim execution red-team bof coff-loader reflective-loading

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

1 watching

Forks

0 forks
Report repository

Contributors

Languages