-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathASRenum-BOF.cna
More file actions
39 lines (32 loc) · 828 Bytes
/
ASRenum-BOF.cna
File metadata and controls
39 lines (32 loc) · 828 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
alias ASRenum {
if ( barch($1) eq "x86" )
{
$handle = openf(script_resource("ASRenum-BOF.x86.o"));
$bof = readb($handle, -1);
closef($handle);
if (!-isadmin $1)
{
berror($1, "This beacon is not in an elevated context.");
return;
}
beacon_inline_execute($1, $data, "go");
}
else if ( barch($1) eq "x64" )
{
$handle = openf(script_resource("ASRenum-BOF.x64.o"));
$bof = readb($handle, -1);
closef($handle);
if (!-isadmin $1)
{
berror($1, "This beacon is not in an elevated context.");
return;
}
beacon_inline_execute($1, $bof, "go");
}
else
{
berror($1, "The architecture of the process supplied does not match expectations");
return;
}
}
beacon_command_register("ASRenum", "ASR rules and exceptions", "Synopsis: Identify ASR rules and exceptions");