Giter VIP home page Giter VIP logo

interactive-execute-shellcode's Introduction

C GitHub Microsoft Windows Linux

Note: This project is purely academic, use at your own risk. I do not support or condone the illegal use of this software or any form of unauthorized attacks.

๐Ÿ›ก๏ธ interactive_execute_shellcode ๐Ÿš€

๐Ÿ›ก๏ธ How to make shellcode injection interactive? ๐Ÿš€

This method involves injecting a small piece of code ("shellcode") into a spawned process and then using named pipes to read the standard output (stdout) of that process.

Named pipes are a feature of the operating system that allows two processes to communicate with each other. In this case, we create a named pipe in the memory allocated for the shellcode, and then read the stdout of the process through this pipe.

๐Ÿ›ก๏ธ The Project ๐Ÿ“ฝ๏ธ

This project was developed to out of the original usage in sliver of execute-shellcode in interactive mode, which I was missing out in Cobalt Strike, thus I wanted to create a BOF to perform a shellcode injection and getting output (for instance, using donut to make a shellcode and injection to another process).

๐Ÿ›ก๏ธ Features ๐Ÿ‘พ

  • Injects shellcode into a specified process.
  • Supports multiple techniques for shellcode injection.

๐Ÿ›ก๏ธ Building the binaries ๐Ÿ—‘๏ธ

WARNING: DO NOT RUN interactive_execute_shellcode IN YOUR PERSONAL MACHINE, EXECUTE ONLY IN A TEST ENVIRONMENT!

First, download the project:

git clone https://github.com/maorsabag/interactive_execute_shellcode
cd interactive_execute_shellcode/interactive-execute-shellcode-BOF
chmod +x build.sh
./build.sh

๐Ÿ›ก๏ธ Loading the .cna into Cobalt Strike

After building the binaries, you can load the .cna script into Cobalt Strike. Here's how:

  1. Open Cobalt Strike, go to the Script Manager under the View menu.
  2. Click on Load, navigate to the location of your .cna file.
  3. Select the .cna file and click Open.

Now, the .cna script is loaded into Cobalt Strike and ready to use.

# Navigate to the directory containing the .cna file
cd path/to/your/cna/file

# Load the .cna file into Cobalt Strike
# This is done manually through the Cobalt Strike GUI

๐Ÿ›ก๏ธ Using the Beacon Object File (BOF) with interactive_execute_shellcode

Here's how to use it:

# Usage
interactive_execute_shellcode [options]

# Options (specified in any order)
--process <process>            # Specify a process to use for the BOF
--technique <technique>        # Specify which technique to use in the BOF
--shellcode <shellcode file>   # Specify the shellcode file to use

# Example
interactive_execute_shellcode --process notepad.exe --technique NtCreateThreadEx --shellcode shellcode.bin

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.