Thursday, February 2, 2023
spot_img
HomeToolsInject-Assembly:-- Inject .NET Assemblies Into An Existing Process.

Inject-Assembly:– Inject .NET Assemblies Into An Existing Process.

For Cobalt Strike, this tool is an alternative to the usual fork and run method. Any process, including the current Beacon, can be injected with the loader. Long-running assemblies, similar to execute-assembly, will continue to run and transmit output back to the Beacon.

Inject-assembly is made up of two parts:

BOF initializer: A short programme that injects the assembly loader with any inputs supplied into a remote process. It does the injection using BeaconInjectProcess, which means that this behaviour can be changed in a Malleable C2 profile or with process injection BOFs (as of version 4.5).

The majority of the project is the PIC assembly loader. The loader will load and execute the specified assembly after initialising the.NET runtime. When the target process is finished, the loader will create a new AppDomain so that the loaded assembly can be completely discharged.

A named pipe is used to communicate between the remote process and Beacon. The Aggressor script creates a pipe name, which is subsequently passed to the BOF Initializer.

 

Features to Look For

  • Environment Patches
  • To prevent the remote process from departing, use Exit().
  • MZ bytes, e lfanew, DOS Header, Rich Text, PE Header).NET assembly header stomping
  • SourcePoint is used to generate random pipe names.
  • Even if the assembly is loaded into the current process, the Beacon will not be blocked.

 

Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purposes.

 

Download Link: https://github.com/kyleavery/inject-assembly

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -spot_img

Most Popular

Recent Comments

亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us