frkngksl/NiCOFF frkngksl/NiCOFF

  • Stars
    star
    145
  • Rank 246,064 (Top 5 %)
  • Language
    Nim
  • Created almost 2 years ago
  • Updated 11 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
frkngksl/NiCOFF
github

frkngksl

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

COFF and BOF Loader written in Nim

NiCOFF

Basically, NiCOFF is a COFF and BOF file loader written in Nim. NiCOFF reads a BOF or COFF file, parses and executes it in the memory. Whole project is based on Yasser's and Kevin's COFF Loader projects. Both the loader and beacon functions in these projects were rewritten in Nim.

Compilation

You can directly compile the source code with the following command:

nim c -d:release -o:NiCOFF.exe Main.nim

In case you get the error "cannot open file", you should also install required dependencies:

nimble install ptr_math winim

Usage

NiCOFF can take up to three arguments which are BOF or COFF file path, started function entry (you may want to change function pointer), and optional BOF arguments (you can check Kevin's script).

PS C:\Users\test\Desktop\NiCOFF\bin> .\NiCOFF.exe .\ipconfig.x64.o go
 ______  _  ______ _____  _______ _______
|  ___ \(_)/ _____) ___ \(_______|_______)
| |   | |_| /    | |   | |_____   _____
| |   | | | |    | |   | |  ___) |  ___)
| |   | | | \____| |___| | |     | |
|_|   |_|_|\______)_____/|_|     |_|

                @R0h1rr1m

[+] File is read!
[+] Sections are copied!
  [+] Relocations for section: .text
  [+] Relocations for section: .data
  [+] Relocations for section: .bss
  [+] Relocations for section: .xdata
  [+] Relocations for section: .pdata
  [+] Relocations for section: .rdata
  [+] Relocations for section: /4
[+] Relocations are done!
[+] Trying to find the entry: go
[+] go entry found!
[+] Executing...
[+] COFF File is Executed!
[+] Output Below:

References

More Repositories

1

Huan

Encrypted PE Loader Generator
C
502
star
2

Shoggoth

Shoggoth: Asmjit Based Polymorphic Encryptor
C++
323
star
3

ParallelNimcalls

Nim version of MDSec's Parallel Syscall PoC
Nim
119
star
4

Celeborn

Userland API Unhooker Project
C
104
star
5

HintInject

A PoC project for embedding shellcode to Hint/Name Table
C++
103
star
6

NimicStack

NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
Nim
84
star
7

FixedInvokeMimikatz

Fixed version of PowerSploit implemented Invoke-Mimikatz
PowerShell
6
star
8

BurpUploader

Burp Extension that implements upload file content feature
Python
5
star
9

LoRa-AODV-Routing

LoRa AODV Routing Protocol implementation modifying FLoRa framework. It works on Omnet++
C++
5
star
10

frkngksl.github.io

My Academic Website
HTML
3
star
11

UnlinkDLL

DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
Nim
2
star