Saturday, November 22, 2008

Code Injector


Hello,
Two weeks ago i wrote an injector that demonstrates code injection technique.
in the beginning the injector purpose was to backdoor the SQL server process,
i made some changes for make it more flexible.
Code Injector will be presented at korean annual information security convention by Raviv Raz during his demonstration of how web attacks lead to total compromise of the internal LAN via the corporate website.

So what we got here?
The CodeInjector used the same technique as DLL Injection that was showed in the previous post.but this time we won’t release the written bytes because now they are part of the target process and been executing.




Links:
Code Injector - executable
Code Injector - source




Usage:
CodeInjector -pn (process name) -s (shellcode)




Video:

No comments: