add com_probe BOF

Author: atomiczsec

env_assessment/com_probe/Makefile

@@ -0,0 +1,36 @@
+override CC_X64 := x86_64-w64-mingw32-gcc
+STRIP_X64 ?= strip
+
+# Force x64 always available, x86 always disabled (Linux CI)
+COMPILER_X64_AVAILABLE := yes
+COMPILER_X86_AVAILABLE := no
+
+# Standard BOF compilation flags (optimized, position-independent)
+CFLAGS := -Os -std=c99 \
+	-fno-stack-protector -fno-stack-check -mno-stack-arg-probe \
+	-fno-builtin -fno-builtin-memset -fno-builtin-memcpy -fno-builtin-memmove \
+	-ffunction-sections -fdata-sections -nostdlib \
+	-fno-asynchronous-unwind-tables -fno-unwind-tables -fno-ident \
+	-Wall -Wextra -Wno-unused-parameter -Wno-unused-variable \
+	-fno-leading-underscore -fno-ms-extensions
+
+
+SRC = $(wildcard *.c)
+HEADERS = $(wildcard *.h)
+
+OBJS_X64 = $(patsubst %.c, %.x64.o, $(SRC))
+
+all: $(OBJS_X64)
+
+# Object files depend on source AND all headers
+%.x64.o: %.c $(HEADERS)
+	@echo "Building x64: $@"
+	$(CC_X64) $(CFLAGS) -c -o $@ $<
+	@if command -v $(STRIP_X64) >/dev/null 2>&1; then \
+		$(STRIP_X64) --strip-unneeded $@ 2>/dev/null || true; \
+	fi
+
+
+clean:
+	rm -f *.o *.x64.o *.x86.o
+

env_assessment/com_probe/README.md

@@ -0,0 +1,27 @@
+# com_probe BOF
+
+Probe whether a COM object can be instantiated from a given CLSID. Tries in-process activation first (`CLSCTX_INPROC_SERVER`), falls back to local server (`CLSCTX_LOCAL_SERVER`). Objects are released after.
+
+## Usage
+
+```
+com_probe <CLSID> [IID]
+```
+
+- `CLSID` — GUID string, e.g. `{AEB5B82E-51E7-41EA-9A0B-3D2C8BEDE7B4}`
+- `IID` — optional interface ID (defaults to `IID_IUnknown`)
+
+## Example Output
+
+```
+[i] Probing CLSID: {AEB5B82E-51E7-41EA-9A0B-3D2C8BEDE7B4} with IID: IID_IUnknown (default)
+[i] Attempting CLSCTX_INPROC_SERVER activation...
+[+] In-proc activation succeeded (HRESULT: S_OK (0x00000000))
+[i] Object released cleanly after in-proc activation
+```
+
+```
+[i] Probing CLSID: {00000000-0000-0000-0000-000000000000} with IID: IID_IUnknown (default)
+[-] In-proc activation failed (HRESULT: CLASS_E_CLASSNOTAVAILABLE (0x80040154))
+[-] Local server activation failed (HRESULT: CLASS_E_CLASSNOTAVAILABLE (0x80040154))
+```

env_assessment/com_probe/beacon.h

@@ -0,0 +1,78 @@
+/*
+ * Beacon Object Files (BOF)
+ * -------------------------
+ * A Beacon Object File is a light-weight post exploitation tool that runs
+ * with Beacon's inline-execute command.
+ *
+ * Additional BOF resources are available here:
+ *   - https://github.com/Cobalt-Strike/bof_template
+ *
+ * Cobalt Strike 4.x
+ * ChangeLog:
+ *    1/25/2022: updated for 4.5
+ */
+
+#ifndef DECLSPEC_IMPORT
+#ifdef _WIN32
+#define DECLSPEC_IMPORT __declspec(dllimport)
+#else
+#define DECLSPEC_IMPORT
+#endif
+#endif
+
+/* data API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} datap;
+
+DECLSPEC_IMPORT void    BeaconDataParse(datap * parser, char * buffer, int size);
+DECLSPEC_IMPORT char *  BeaconDataPtr(datap * parser, int size);
+DECLSPEC_IMPORT int     BeaconDataInt(datap * parser);
+DECLSPEC_IMPORT short   BeaconDataShort(datap * parser);
+DECLSPEC_IMPORT int     BeaconDataLength(datap * parser);
+DECLSPEC_IMPORT char *  BeaconDataExtract(datap * parser, int * size);
+
+/* format API */
+typedef struct {
+	char * original; /* the original buffer [so we can free it] */
+	char * buffer;   /* current pointer into our buffer */
+	int    length;   /* remaining length of data */
+	int    size;     /* total size of this buffer */
+} formatp;
+
+DECLSPEC_IMPORT void    BeaconFormatAlloc(formatp * format, int maxsz);
+DECLSPEC_IMPORT void    BeaconFormatReset(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatAppend(formatp * format, char * text, int len);
+DECLSPEC_IMPORT void    BeaconFormatPrintf(formatp * format, char * fmt, ...);
+DECLSPEC_IMPORT char *  BeaconFormatToString(formatp * format, int * size);
+DECLSPEC_IMPORT void    BeaconFormatFree(formatp * format);
+DECLSPEC_IMPORT void    BeaconFormatInt(formatp * format, int value);
+
+/* Output Functions */
+#define CALLBACK_OUTPUT      0x0
+#define CALLBACK_OUTPUT_OEM  0x1e
+#define CALLBACK_OUTPUT_UTF8 0x20
+#define CALLBACK_ERROR       0x0d
+
+DECLSPEC_IMPORT void   BeaconOutput(int type, char * data, int len);
+DECLSPEC_IMPORT void   BeaconPrintf(int type, char * fmt, ...);
+
+
+/* Token Functions */
+DECLSPEC_IMPORT BOOL   BeaconUseToken(HANDLE token);
+DECLSPEC_IMPORT void   BeaconRevertToken();
+DECLSPEC_IMPORT BOOL   BeaconIsAdmin();
+
+/* Spawn+Inject Functions */
+DECLSPEC_IMPORT void   BeaconGetSpawnTo(BOOL x86, char * buffer, int length);
+DECLSPEC_IMPORT void   BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT void   BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len);
+DECLSPEC_IMPORT BOOL   BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo);
+DECLSPEC_IMPORT void   BeaconCleanupProcess(PROCESS_INFORMATION * pInfo);
+
+/* Utility Functions */
+DECLSPEC_IMPORT BOOL   toWideChar(char * src, wchar_t * dst, int max);
+