Skip to content

nixpal/ProcInjectSyscall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
defcon.jpg
defcon.jpg
 
 
shellcode.c
shellcode.c
 
 
shellcode_raw.txt
shellcode_raw.txt
 
 
shellcode_tester.c
shellcode_tester.c
 
 

Repository files navigation

Process Injection using Windows SYSCALLS

Presented at D3FC0N 30

Author: Tarek Ahmed @Nixpal

dBi

INFO

  • All SYSCALL numbers used in the shellcode are for the latest 3 Windows 10 builds. They all use the same SYSCALL numbers.
  • The C file is used to execute the complete shellcode by injecting meterpreter into a process called CrypTool.exe
  • If you want a different process, please change the string accordingly in the inline assembly.
  • The complete sandwiched shellcode is separated in three chunks to make it easy for you to modify the meterpreter part.
  • If your meterpreter code is larger than mine, you need to modify the jmp instruction e9 86 01 00 00 jmp 0x194
  • So if your meterpreter size is larger or smaller, change the opcodes to match whether 0x195, 0x193, 0x196 or whatever the beginning of the shellcode.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages