aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 16:44:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f05f677337d44adaeac713b411f107c3c637be7
Ares-mythic/documentation-payload/apollo/commands/execute_coff.md
Aryma 2f05f67733 first commit
2026-04-14 12:17:24 +07:00

1.4 KiB
Raw Blame History

+++ title = "execute_coff" chapter = false weight = 103 hidden = false +++

Summary

Execute a Beacon Object File (BOF) with the specified arguments. This object file must first be cached in the agent using the register_coff command before being executed. The RunOF.dll ia now automatically obtained from mythic if Apollo does not have it loaded in its file store already.

Arguments

execoff

Object File

The name of the object file to execute. This must match the file name used with register_file or register_coff.

Function

Function of the object file to call, usually 'go'.

TimeOut

Maximum time (in seconds) that the object file should run.

Arguments (optional)

Arguments to pass to the function, using the following format:

-s:123 or int16:123 -i:123 or int32:123 -z:hello or string:hello -Z:hello or wchar:hello -b:abc== or base64:abc==

Usage

execute_coff -Coff [coff_name] -Function [go] -Timeout [30] [-Arguments [arguments]]

Example

execute_coff -Coff dir.x64.o -Function go -Timeout 30 -Arguments wchar:C:\\

MITRE ATT&CK Mapping

  • T1027

Detailed Summary

The execute_coff command uses a Object File loader to execute object files within a new thread and returning output back to the agent using the implementation of Beacon functions.

Resources

Reference in New Issue View Git Blame Copy Permalink