aryma/Ares-mythic
1
0
Fork 0
mirror of https://github.com/Aryma-f4/Ares-mythic.git synced 2026-06-12 21:44:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b88b3a218456c39e6473c906213df5b3d2b565c1
Ares-mythic/documentation-payload/ares/commands/execute_coff.md
Aryma 03d283cf49 refactor(payload): rename apollo to ares and update documentation 
This commit renames the Apollo payload type to Ares, moving all associated files and updating documentation accordingly. The change includes:
- Renaming directories from `apollo` to `ares`
- Updating documentation image references
- Maintaining the same code functionality while changing the payload name
- Adding new Ares-specific documentation files
- Removing old Apollo documentation files

The rename is done to reflect the new payload name while preserving all existing functionality.
2026-04-14 14:02:44 +07:00

54 lines
1.4 KiB
Markdown
Raw Blame History

+++
title = "execute_coff"
chapter = false
weight = 103
hidden = false
+++
## Summary
Execute a Beacon Object File (BOF) with the specified arguments. This object file must first be cached in the agent using the `register_coff` command before being executed.
The `RunOF.dll` ia now automatically obtained from mythic if Apollo does not have it loaded in its file store already.
### Arguments
![execoff](../images/execute_coff.png)
#### Object File
The name of the object file to execute. This must match the file name used with `register_file` or `register_coff`.
#### Function
Function of the object file to call, usually 'go'.
#### TimeOut
Maximum time (in seconds) that the object file should run.
#### Arguments (optional)
Arguments to pass to the function, using the following format:
-s:123 or int16:123
-i:123 or int32:123
-z:hello or string:hello
-Z:hello or wchar:hello
-b:abc== or base64:abc==
## Usage
```
execute_coff -Coff [coff_name] -Function [go] -Timeout [30] [-Arguments [arguments]]
```
Example
```
execute_coff -Coff dir.x64.o -Function go -Timeout 30 -Arguments wchar:C:\\
```
## MITRE ATT&CK Mapping
- T1027
## Detailed Summary
The `execute_coff` command uses a Object File loader to execute object files within a new thread and returning output back to the agent using the implementation of Beacon functions.
### Resources
- [RunOF](https://github.com/nettitude/RunOF)
Reference in New Issue View Git Blame Copy Permalink