DISCLAIMER
February 4, 2024 · View on GitHub
The BOF is currently only compatible with the latest version of TrustedSec's COFFLoader. Please read their blog for the details.
ShadowRDP
This repository contains two applications. One is a beacon object file, which is used to retrieve the authentication string, also known as the invitation. The other is a graphical user interface program that can be run on the operator's system behind a SOCKS proxy to connect to the remote desktop session.
BOF Usage
shadowrdp <HOSTNAME> [<control>|<view>] <SESSIONID> [<NTLM>|<KERBEROS>]