henkru / cs-token-vault Goto Github PK

Hi Henkru,

This looks like a great BOF and I wondered would you be able to assist me in using it please? I use a custom Havoc agent in C# and have implemented Nettitude's RunOF C# project within it to run bofs:

https://github.com/nettitude/RunOF

As you can see as part of that you need to specify each part of the cna manually so I have been trying to decipher your cna to run the BOF. As you can see the vault creation worked fine but then to steal something I struggled mainly due to what I think you have in regards 'vault address low' and high.

I wasn't sure what is required here and have tried both. Any tips on what string (assuming possible) might allow me to trigger your BOF please? Normally BOFs are quite simple so I can figure it out but this one is trickier. Thanks a lot

Edit: Maybe in hindsight this is too tricky a BOF to do this. It looks like I must be able to recreate this packing:

$1,
'"'.$pid_fmt.'"',
2,
'long('. ($vaultid & 0xFFFFFFFFL) . ')',
($vaultid >> 32),
size(@PIDS)
),
@PIDS

which might be a command like this but I am not sure passing strings as the vault-id would work in the code expecting longs:

-i:2 -z:iiis -s:2 -z:000001CA0E3F1D20 -z:000001CA0E3F1D20 -i:1 -s:1848

Having theses conversions in the cna may make it impossible so feel free to close this if that's the case......