ThreadBoat : Program Uses Thread Execution Hijacking to Inject Native Shellcode into a Standard Win32 Application

ThreadBoat program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. I developed this small project to continue my experiences of different code injection methods.

With Thread Hijacking, it allows the hijacker.exe program to susepend a thread within the target.exe program allowing us to write shellcode to a thread.

ThreadBoat Usage

int main()
{
System sys;
Interceptor incp;
Exception exp;
sys.returnVersionState();
if (sys.returnPrivilegeEscalationState())
{
std::cout << “Token Privileges Adjusted\n”;
}
if (DWORD m_procId = incp.FindWin32ProcessId((PCHAR)m_win32ProcessName))
{
incp.ExecuteWin32Shellcode(m_procId);
}
system(“PAUSE”);
return 0;
}

Also Read – Re-composer : Randomly Changes Win32/64 PE Files For ‘Safer’ Uploading To Malware & Sandbox Sites

Environment

  • Windows Vista+
  • Visual C++

Libs

  • Winapi
    • user32.dll
    • kernel32.dll
  • ntdll.dll
R K

Recent Posts

Configure a Static IP Address on Ubuntu 18.04: Netplan Guide

Setting a static IP address on your server is a smart move. It ensures your…

4 hours ago

Install Xrdp on Ubuntu 18.04: Remote Desktop Setup Guide

Xrdp is an open-source implementation of the Microsoft Remote Desktop Protocol (RDP). It lets you access…

5 hours ago

Add and Delete Users on Ubuntu 18.04: A Practical Guide

Managing user accounts is one of the most basic system administration tasks on any Linux…

5 hours ago

Install Wine on Ubuntu 18.04: Run Windows Apps on Linux

Wine (short for "Wine Is Not an Emulator") is a compatibility layer that lets you run…

5 hours ago

Install KVM on Ubuntu 18.04: Setup, Network, and Create VMs

KVM (Kernel-based Virtual Machine) is an open-source virtualization technology built into the Linux kernel. It lets…

5 hours ago

Upgrade to Ubuntu 20.04 LTS: Prepare, Update, and Confirm

Ubuntu 20.04 LTS (code name Focal Fossa) was released on April 23, 2020. It is a…

1 day ago