Skip to content

X14F7/WinAPI-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
README.md
README.md
 
 
dllinject.cpp
dllinject.cpp
 
 
evildll.cpp
evildll.cpp
 
 
procinject.cpp
procinject.cpp
 
 
tokensteal.cpp
tokensteal.cpp
 
 

Repository files navigation

WinAPI

A collection of scripts to learn and understand Defense Evasion with couple of techniques. These techniques aren't perfect and WILL be detected by AVs!(Educational only)

Contents

  • procinject.cpp
    A script which injects its code into a running Process.

  • dllinject.cpp
    A script which injects a DLL into a running Process via LoadLibraryA.

  • evildll.cpp
    PoC script which is used with dllinject.cpp as the DLL. (Before using you will need to compile this file into an DLL via g++. For troubleshooting see down below at Prerequisites

  • tokensteal.cpp
    A script which steals a token and impersonates an user with it.

Prerequisites

Note: Linux users typically have g++ pre-installed via apt install g++. This guide is for Windows users.

Windows: Install MinGW-w64 (via Chocolatey)

1.Download from the official chocolatey site at https://chocolatey.org

  1. Type this into your powershell/cmd: choco install mingw

  2. Refresh your shell with refreshenv

  3. Verify installation with g++ --version

For compiling use this command: g++ -shared -o evildll.dll evildll.cpp -static-libgcc -static-libstdc++

About

Collection of techniques, using WinAPI for injecting code into a running Process or using a DLL for Defense Evasion

Topics

windows toolkit winapi dll-injection post-exploitation exploit-code uac-bypass windows-internals process-injection windows-security lateral-movement token-stealing

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages