DInjector repository is an accumulation of my code snippets for various shellcode injection techniques using fantastic D/Invoke API by @TheWover and @FuzzySecurity. Features: Fully ported to D/Invoke API Encrypted payloads which can be invoked from a URL or passed in base64 as an argument Built-in AMSI bypass PPID spoofing and block non-Microsoft DLLs (stolen from TikiTorch, write-up is here) Sandbox detection & evasion ℹ️ Based …
Tag Archives: DLL
ByeIntegrity UAC : Bypass UAC By Hijacking A DLL Located In The Native Image Cache
ByeIntegrity UAC is a tool used to bypass user account control (UAC) to gain elevated (Administrator) privileges to run any program at a high integrity level. Requirements Administrator account UAC notification level set to default or lower How It Works ByeIntegrity hijacks a DLL located in the Native Image Cache (NIC). The NIC is used …
DLLHSC : DLL Hijack SCanner A Tool To Assist With The Discovery
DLLHSC(DLL Hijack SCanner) is a tool to generate leads and automate the discovery of candidates for DLL Search Order Hijacking. Contents Of This Repository This repository hosts the Visual Studio project file for the tool (DLLHSC), the project file for the API hooking functionality (detour), the project file for the payload and last but not …
Continue reading “DLLHSC : DLL Hijack SCanner A Tool To Assist With The Discovery”
DLInjector-GUI : Faster DLL Injector for Processes
DLInjector for Graphical User Interface. Faster DLL Injector for processes. It targets the process name to identify the target. The process does not need to be open to define the target. DLInjector waits until the process executed. USAGE Its usage a very simple. Firstly, enter the target process name with exe (chrome.exe, explorer.exe). And enter …
Continue reading “DLInjector-GUI : Faster DLL Injector for Processes”
EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking
EvilDLL is a malicious DLL (Reverse Shell) generator for DLL hijacking. Features Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option (LHOST,LPORT) Example of DLL Hijacking included (Half-Life Launcher file) Tested on Win7 (7601), Windows 10 Requirements Mingw-w64 compiler: apt-get install mingw-w64 Ngrok Authtoken (for TCP Tunneling): Sign up at: https://ngrok.com/signup Your auth token …
Continue reading “EvilDLL – Malicious DLL (Reverse Shell) Generator For DLL Hijacking”
Lunar : A Lightweight Native DLL Mapping Library
Lunar is a lightweight native DLL mapping library that supports mapping directly from memory. Features Imports and delay imports are resolved Relocations are performed Image sections are mapped with the correct page protection Exception handlers are initialised A security cookie is generated and initialised DLL entry point and TLS callbacks are called Getting Started The …
Continue reading “Lunar : A Lightweight Native DLL Mapping Library”
DLLPasswordFilterImplant : DLL Password Filter Implant With Exfiltration Capabilities
DLLPasswordFilterImplant is a custom password filter DLL that allows the capture of a user’s credentials. Each password change event on a domain will trigger the registered DLL in order to exfiltrate the username and new password value prior successfully changing it in the Active Directory (AD). For more information about password filters consult the Microsoft …
Clrinject – Injects C# EXE or DLL Assembly Into every CLR Runtime and AppDomain Of Another Process
Clrinject injects C# EXE or DLL Assembly into any CLR runtime and AppDomain of another process. The injected assembly can then access static instances of the injectee process’s classes and therefore affect it’s internal state. Also ReadDocker Tor Hidden Service Nginx – Easily Setup A Hidden Service Inside The Tor Network Clrinject Usage clrinject-cli.exe -p …