RTO
5ef08764bc
new tool update
|
2 år sedan | |
|---|---|---|
| .. | ||
| README.md | 2 år sedan | |
| beacon.h | 2 år sedan | |
| bofcompile.bat | 2 år sedan | |
| injectpoolparty.c | 2 år sedan | |
| injectpoolparty.cna | 2 år sedan | |
| injectpoolparty.h | 2 år sedan | |
| injectpoolparty.o | 2 år sedan | |
README.md
InjectPoolParty
Inject listener shellcode in a specified process and execute it via Windows Thread Pools. The following execution variants are supported: TP_TIMER (variant 8) | TP_DIRECT (variant 7) | TP_WORK (variant 2).
The following beacon shellcode configuration is injected: x64, process, indirect. This can be changed in the .cna script.
Arguments
<variant>: Windows Thread Pool execution variant:TP_TIMER|TP_DIRECT|TP_WORK(susceptible to slow execution time).<pid>: Process ID of the target process.<listener>: Beacon listener name.
Usage
injectpoolparty <variant> <pid> <listener>
Example
injectpoolparty TP_TIMER 1234 Shorthaul-HTTPS
Compile
- 1. Make sure Visual Studio is installed and supports C/C++.
- 2. Open the
x64 Native Tools Command Prompt for VS <2019/2022>terminal. - 3. Run the
bofcompile.batscript to compile the object file. - 4. In Cobalt strike, use the script manager to load the .cna script to import the tool.
Acknowledgements
A round of virtual applause to SafeBreach-Labs! This tool is heavily based on the foundational insights and innovative approaches demonstrated in their Windows Thread Pools research project.