Skip to content

Commit 7a513a7

Browse files
S4ntiagoPS4ntiagoP
committed
update noconsolation python module
1 parent 660cbfa commit 7a513a7

File tree

3 files changed

+5
-0
lines changed

3 files changed

+5
-0
lines changed

NoConsolation/bin/NoConsolation.x64.o

8.1 KB
Binary file not shown.

NoConsolation/bin/NoConsolation.x86.o

2.76 KB
Binary file not shown.

NoConsolation/no-consolation.py

+5
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ def noconsolation_parse_params( demon, params ):
3535
path_set = False
3636
path = ''
3737
pebytes = b''
38+
link_to_peb = False
3839

3940
if num_params < 1:
4041
demon.ConsoleWrite( demon.CONSOLE_ERROR, "Invalid number of arguments" )
@@ -87,6 +88,8 @@ def noconsolation_parse_params( demon, params ):
8788
demon.ConsoleWrite( demon.CONSOLE_ERROR, "missing --unload-pe value" )
8889
return None, None
8990
unload_pe = params[i + 1]
91+
elif param == '--link-to-peb' or param == '-ltp':
92+
link_to_peb = True
9093
elif os.path.exists( param ) or is_windows_path( param ):
9194
path_set = True
9295
path = param
@@ -112,6 +115,7 @@ def noconsolation_parse_params( demon, params ):
112115
demon.ConsoleWrite( demon.CONSOLE_INFO, " --dont-save, -ds Optional. Do not save this binary in memory" )
113116
demon.ConsoleWrite( demon.CONSOLE_INFO, " --list-pes, -lpe Optional. List all PEs that have been loaded in memory" )
114117
demon.ConsoleWrite( demon.CONSOLE_INFO, " --unload-pe PE_NAME, -upe PE_NAME Optional. Unload from memory a PE" )
118+
demon.ConsoleWrite( demon.CONSOLE_INFO, " --link-to-peb, -ltp Optional. Load the PE into the PEB" )
115119
demon.ConsoleWrite( demon.CONSOLE_INFO, " /path/to/binary.exe Required. Full path to the windows EXE/DLL you wish you run inside Beacon. If already loaded, you can simply specify the binary name." )
116120
demon.ConsoleWrite( demon.CONSOLE_INFO, " ARG1 ARG2 Optional. Parameters for the PE. Must be provided after the path" )
117121
demon.ConsoleWrite( demon.CONSOLE_INFO, "" )
@@ -191,6 +195,7 @@ def noconsolation_parse_params( demon, params ):
191195
packer.addstr(unload_pe)
192196
packer.addstr("<unknown user>")
193197
packer.addstr(datetime.now().strftime('%H:%M:%S %Y-%m-%d'))
198+
packer.addbool(link_to_peb)
194199

195200
return packer.getbuffer(), pename
196201

0 commit comments

Comments
 (0)