Home Explore Help
Sign In
zhensolid
/
OperatorsKit
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
OperatorsKit
/
KIT
/
EnumRWX
/
enumrwx.cna

enumrwx.cna 852 B
Permalink History Raw

123456789101112131415161718192021222324252627282930 
  1. # author REDMED-X
    2. 

  2. 

  3. beacon_command_register(
    4. 

  4.     "enumrwx", "Enumerate RWX memory regions in a target process.",
    5. 

  5.     "INFO:\nFind processes that already have memory allocated for read/write/execute (like most .NET processes)\n\nOPTIONS:\n[pid]: target process to enumerate\n\n" .
    6. 

  6.     "USAGE:\nenumrwx <pid>\n\n");
    7. 

  7. 

  8. alias enumrwx {
    9. 

  9.     $bid = $1;
    10. 

  10.     $pid = $2;
    11. 

  11. 

  12.     if ($pid eq "") {
    13. 

  13.         berror($bid, "Please make sure that the PID of the target process is specified.");
    14. 

  14.         return;
    15. 

  15.     }
    16. 

  16. 

  17.     # Read in the right BOF file
    18. 

  18.     $handle = openf(script_resource("enumrwx.o"));
    19. 

  19.     $data   = readb($handle, -1);
    20. 

  20.     closef($handle);
    21. 

  21. 

  22.     # Pack our arguments
    23. 

  23.     $arg_data  = bof_pack($bid, "i", $pid);
    24. 

  24. 

  25.     blog($bid, "Tasked to verify if the target process has RWX memory regions..");
    26. 

  26. 

  27.     beacon_inline_execute($bid, $data, "go", $arg_data);
    28. 

  28. }
    29. 

  29. 

  30.