ThreadBoat : Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

0
102
https://blogger.googleusercontent.com/img/a/AVvXsEiZsODXPrG4zjrQlAjSAPMnYAgP-e5mf7wQJYl3_RXs5svQfdwfsapk2HV5vLw_8E2gq62BPym8rcbgKCfr3Gaf_ZTS0QuhboCvYROBc9xKE8_VufEgbHheIFoZ0qQmhddbVKe9YekdUidovOFy2zW-7FCq5ir7Dd2EYaTti8XiffdsvTJ3iPf6djIM=s728

ThreadBoat is a Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application.

About

I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software penetration testing. With Thread hijacking, it allows the hijacker.exe program to susepend a thread within the target.exe program allowing us to write shellcode to that target thread, and later be executed (via; WriteProcessMemory(), SetThreadContext(), ResumeThread(), CreateThread()).

Example GIF (Credits To Endgame)

Usage

int main()
{
System sys;
Interceptor incp;
Exception exp;
sys.returnVersionState();
if (sys.returnPrivilegeEscalationState())
{
std::cout << “Token Privileges Adjusted\n”;
}
if (DWORD m_procId = incp.FindWin32ProcessId((PCHAR)m_win32ProcessName))
{
incp.ExecuteWin32Shellcode(m_procId);
}
system(“PAUSE”);
return 0;
}

Environment

  • Windows Vista+sssss
  • Visual C++

Libs

  • Winapi
    • user32.dll
    • kernel32.dll
  • ntdll.dll

LEAVE A REPLY

Please enter your comment!
Please enter your name here