Відео

A standard logitech wireless keyboard lmfao ;p

You should close the handles once you finish using them as they are used to pass from one WinAPI function to another, and obviously for better resource management and security too, Leaving open handles can cause security issues where an attacker can easily exploit it

You mean the NOP instruction size x90 * 32 one? Like how did I know that it will be multiplied by 32 times?

Sorry? Can you elaborate more on this mate?

Yes you do

so, no way for non admin users

I am pretty sure that the payload will get easily detected, You need to try multiple techniques and analyze how the AV/EDR is detecting a payload (for eg on signatures or in memory detection via hooks or something like that).

@@ActiveXSploit for a tool like Hoaxshell some said that it still works if we obfuscate the powershell script . Is this the obfuscation tool for the Hoaxshell payload?

I have a video on coding a process injection shellcode, you may check that out

😄😄😄

I am planning to release a bigger and better course on Udemy which covers everything from basics. And talking about this series on UA-cam, I mostly will be uploading one more video which will be the last.

@@ActiveXSploit thanks because I need that learning very important for me you can also make vedios in Hindi and English both it'll be approachable by others as well

you gotta escalate your privileges to SYSTEM level first, after which you can easily run any application on the system as SYSTEM

@@ActiveXSploit how do you escalate your privileges to SYSTEM :(

@@BDCAT_TranTrongHuy you gotta learn privilege escalation techniques for that, there is a good course by TCM on that, for both windows and linux, you should check that out

🙏❤️

Just a common username, it will search all the social media platforms matching with the username you've provided

This literally is remote process injection mate, I'm injecting the shellcode in a remote process running on Target

@@ActiveXSploit No, when a process is running in the same PC it's local and the other process is running in the same machine. "Remote" refers to a process running in a different PC, i.e. over the network, such in the case of RCE

Mate, both things are entirely different, remote process injection is injecting into a different process running on the target system, whereas local process injection is injecting the shellcode itself in the local process which is running. If you don't believe me you should check this out www.ired.team/offensive-security/code-injection-process-injection/process-injection

I apologize for that mate, I've fixed the font size issue in the videos uploaded after this one

Thnx,I will subscribe for appritiation@@ActiveXSploit

Yeah the injection process only works once, it isn't persistent, though you can make it persistent. But, you gotta code it in such a way that it can find PIDS on the basis of the process name, as PID of every process changes on reboot.

I don't really remember mate but pretty sure it must be set around 1080p i guess

Nope, you do require local admin privileges initially, because that privilege as the SeDebugPrivilege enabled, so you can escalate to SYSTEM user via this

(I know it's cpp but i just noticed LMAO

Thank you so much! 😁

Make the cmd.exe string a long byte integer, by adding a L in front of it like this L"cmd.exe"

@@ActiveXSploit Hi. Even without the L, the code can compile with warnings. I added a debug line at bottom of CreateProcess and it seems the CreateProcess can run but on netcat just shuts down. Also when adding the L to “cmd.exe” like L”cmd.exe”. The code cannot compile. I get const wchar_t* cannot convert to LPSTR. While the original code can compile with warnings and can run, but netcat doesn’t establish a connection to command prompt

Strange, are you sure the IP and the port provided in the code are correct? And make sure for the same on the netcat side, make sure you're listening on the correct port, also program compiles with no error right? Do you see it crashing when CreateProcess executes?

@@ActiveXSploit hi. Ip and port are all correct because I got connection on my netcat. I think the program can run with the warning after compiling it. But netcat does not get cmd.exe connection even after the CreateProcess function is ran. Netcat just exits after I press enter I added a print line after the CreateProcess and the print line suggests that CreateProcess ran. I’m not exactly sure what is happening. I did your other process injection video which injects a shell code into an open process with PID and that works well so I assume netcat has nothing to do with problem. I did (LPSTR) “cmd.exe” and the program can compile with no errors even though there is a red line at the (LPSTR). I also did an error check if (!CreateProcess(…)) { printf(“[-] Create Process Failure/n”); return 1; } And it did not get any errors. This is weird. I compile it with: g++ -o reverse_shell reverse_shell.cpp -lws2_32

@@ActiveXSploit I made a simple program to try and run some commands and the CreateProcess can run the commands so I think there is some problem with connecting to netcat but idk I’m just starting out in malware development. Thanks for these videos you have btw their a hidden gem 😊

Yes, there are. It probably is detecting the API Call via hooking, you can try to bypass the API hooking process via direct syscalls

Yes that works too mate, sorry for my mistake over there, you can use status code 1 to indicate a failure else 0 to indicate a success exit

Yeah windows defender can easily detect it, but to make it a bit more stealthy you can utilise other techniques such as process injection. Even that will get detected in today's date but there's a technique called direct syscalls and indirect syscalls. Either of which can be utilised to bypass the hooking used by the AV/EDT

You can add the -b switch to remove bad chars while generating shellcode using metasploit and specify the bad chars you don't want in the shellcode

Good for you mate, I'll explain what I can in my way and in a more clear method, Thanks for your advice :)

You can even code the reverse shell for windows on linux but I would suggest using windows only, You can install Visual Studio Build tools for it and code the reverse shell. Also, You can use netcat for windows to listen for incoming connections if you don't want to use kali linux

Look, Process Injection has it's own advantages, A normal reverse shell payload will work, but, this is more stealthy and difficult to identify (obviously not in 2023 lol) EDR/AV can easily detect process injection attempts via API Hooking but it can be bypassed too! Moreover, there are other better injection techniques than this, this is the most basic one

Yes, Now imagine if you inject into a program which performs legitimate TCP connections too, It is difficult for a person to identify the malicious TCP connection which was established due to process injection right? Also, in real world scenario, you won't know the target's notepad.exe process PID (or any other process) so for that, you can write additional code to get the PID of a process by it's name

@@ActiveXSploit I see, thank you so much for clarifying. I've actually added a WriteProcess script to open a notepad and grab the PID of that and then had your code inject into that. Although its obvious but just wanted a proof of concept