Inicio Explorar Axuda
Iniciar sesión
zhensolid
/
OperatorsKit
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 1a8d62c87d
Ramas Etiquetas
OperatorsKit
/
KIT
/
FindRWX
unknown bf580750a5 update %!s(int64=2) %!d(string=hai) anos
..
README.md 127205db02 Update README.md %!s(int64=2) %!d(string=hai) anos
beacon.h db89d9b285 first commit %!s(int64=2) %!d(string=hai) anos
bofcompile.bat db89d9b285 first commit %!s(int64=2) %!d(string=hai) anos
findrwx.c db89d9b285 first commit %!s(int64=2) %!d(string=hai) anos
findrwx.cna db89d9b285 first commit %!s(int64=2) %!d(string=hai) anos
findrwx.h db89d9b285 first commit %!s(int64=2) %!d(string=hai) anos
findrwx.o bf580750a5 update %!s(int64=2) %!d(string=hai) anos

README.md

FindRWX

Find processes that already have memory allocated for read/write/execute (like most .NET processes).

Options

  • <pid>: specify target process ID to enumerate.

Usage

  • findrwx <pid>

Compile

  • 1. Make sure Visual Studio is installed and supports C/C++.
  • 2. Open the x64 Native Tools Command Prompt for VS <2019/2022> terminal.
  • 3. Run the bofcompile.bat script to compile the object file.
  • 4. In Cobalt strike, use the script manager to load the .cna script to import the tool.