Cyber security

No-Consolation – Executing Unmanaged PEs Inline And Without Console Allocation

This is a Beacon Object File (BOF) that executes unmanaged PEs inline and retrieves their output without allocating a console (i.e. spawning conhost.exe).

Features

  • Supports 64 and 32 bits
  • Supports EXEs and DLLs
  • Does not create new processes

Usage

Summary: Run an unmanaged EXE/DLL inside Beacon's memory.

Usage: noconsolation [--local] [--timeout 60] [-k] [--method funcname] [-w] [--no-output] [--alloc-console] [--close-handles] [--free-libraries] /path/to/binary.exe arg1 arg2
    --local, -l                           Optional. The binary should be loaded from the target Windows machine
    --timeout NUM_SECONDS, -t NUM_SECONDS Optional. The number of seconds you wish to wait for the PE to complete running. Default 60 seconds. Set to 0 to disable
    -k                                    Optional. Overwrite the PE headers
    --method EXPORT_NAME, -m EXPORT_NAME  Optional. Method or function name to execute in case of DLL. If not provided, DllMain will be executed
    -w                                    Optional. Command line is passed to unmanaged DLL function in UNICODE format. (default is ANSI)
    --no-output, -no                      Optional. Do not try to obtain the output
    --alloc-console, -ac                  Optional. Allocate a console. This will spawn a new process
    --close-handles, -ch                  Optional. Close Pipe handles once finished. If PowerShell was already ran, this will break the output for PowerShell in the future
    --free-libraries, -fl                 Optional. Free all loaded DLLs
    /path/to/binary.exe                   Required. Full path to the windows EXE/DLL you wish you run inside Beacon
    ARG1 ARG2                             Optional. Parameters for the PE. Must be provided after the path

    Example: noconsolation --local C:\windows\system32\windowspowershell\v1.0\powershell.exe $ExecutionContext.SessionState.LanguageMode
    Example: noconsolation /tmp/mimikatz.exe privilege::debug token::elevate exit
    Example: noconsolation --local C:\windows\system32\cmd.exe /c ipconfig
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtoolsNo-Consolation
1 year ago

Recent Posts

garak, LLM Vulnerability Scanner : The Comprehensive Tool For Assessing Language Model Security

garak checks if an LLM can be made to fail in a way we don't…

22 hours ago

Vermilion : Mastering Linux Post-Exploitation For Red Team Success

Vermilion is a simple and lightweight CLI tool designed for rapid collection, and optional exfiltration…

22 hours ago

AD-CS-Forest-Exploiter : Mastering Security Through PowerShell For AD CS Misconfiguration

ADCFFS is a PowerShell script that can be used to exploit the AD CS container…

22 hours ago

Usage Of Tartufo – A Comprehensive Guide To Securing Your Git Repositories

Tartufo will, by default, scan the entire history of a git repository for any text…

22 hours ago

Loco : A Rails-Inspired Framework For Rust Developers

Loco is strongly inspired by Rails. If you know Rails and Rust, you'll feel at…

2 days ago

Monolith : The Ultimate Tool For Storing Entire Web Pages As Single HTML Files

A data hoarder’s dream come true: bundle any web page into a single HTML file.…

2 days ago