dissect.cobaltstrike.utils
This module contains generic helper functions used by dissect.cobaltstrike
.
Module Contents
Functions
|
XOR data with key |
|
Catches KeyboardInterrupt and BrokenPipeError (OSError 22 on Windows). |
|
|
|
|
|
Return an iterator yielding offset for found needle bytes in file fp. |
|
Compute the checksum8 value of text |
|
Return |
|
Return |
|
Generate a random (valid checksum8) stager URI. Defaults to x86 URIs unless x64 is |
Attributes
- dissect.cobaltstrike.utils.catch_sigpipe(func)[source]
Catches KeyboardInterrupt and BrokenPipeError (OSError 22 on Windows).
- dissect.cobaltstrike.utils.iter_find_needle(fp: BinaryIO, needle: bytes, start_offset: int = None, max_offset: int = 0) Iterator[int] [source]
Return an iterator yielding offset for found needle bytes in file fp.
Side effects: file handle position due to seeking.
- Parameters
fp – file like object
needle – needle to search for
start_offset – offset in file object to start searching from, if None it will search from current position
max_offset – how far we search for into the file, 0 for no limit
- Yields
offset where needle was found in file fp
- dissect.cobaltstrike.utils.is_stager_x86(uri: str) bool [source]
Return
True
if URI is a x86 stager URI, otherwiseFalse
- dissect.cobaltstrike.utils.is_stager_x64(uri: str) bool [source]
Return
True
if URI is a x64 stager URI, otherwiseFalse
- dissect.cobaltstrike.utils.random_stager_uri(x64: bool = False, length: int = 4) str [source]
Generate a random (valid checksum8) stager URI. Defaults to x86 URIs unless x64 is
True
.- Parameters
x64 – generate a x64 stager URI if
True
,False
for a x86 stager URI. (default:False
)length – length of URI to generate, exluding the “/” prefix. (default: 4)
- Returns
random stager URI