Remove the explicit size argument

[zeroSteiner]

BeaconDataExtract provides the size of the extracted data through the optional size parameter. Using that allows the parameter to be removed and also eliminates the possibility of a descrepancy where size != len(data).

This doesn't make much of a difference for Cobalt Strike users because the aggressor script handled the value automatically. For Metasploit users however, it removes the necessity to know the size in bytes of the .NET executable file. This makes it easier to use since the BOF arguments have to be explicitly packed.

See: https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/beacon-object-files_main.htm#BeaconDataExtract

Metasploit examples (because I don't have Cobalt Strike) Before Note the 10th parameter 4608 which is the size in bytes of HelloWorld1.exe.

meterpreter > execute_bof /home/smcintyre/Repositories/InlineExecute-Assembly/inlineExecuteAssembly/inlineExecute-Assemblyx64.o --format-string ziiiiizzzib "totesLegit" 0 0 0 0 1 "totesLegit" "totesLegit" "" 4608 file:/home/smcintyre/HelloWorld1.exe


Hello, World

[+] inlineExecute-Assembly Finished

meterpreter >

After Now there are only 10 parameters because the size doesn't need to be specified.

meterpreter > execute_bof /home/smcintyre/Repositories/InlineExecute-Assembly/src/inlineExecute-Assemblyx64.o --format-string ziiiiizzzb "totesLegit" 0 0 0 0 1 "totesLegit" "totesLegit" "" file:/home/smcintyre/HelloWorld1.exe


Hello, World

[+] inlineExecute-Assembly Finished

meterpreter >