GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → MandConsultingGroup → ThreadBoat

MandConsultingGroup / ThreadBoat

Licence: MIT license
Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language

Labels

malwarehackingthreadingwin32apithreadhijack

Projects that are alternatives of or similar to ThreadBoat

Orca
Advanced Malware with multifeatures written in ASM/C/C++ , work on all windows versions ! (uncompleted)
Stars: ✭ 184 (+13.58%)
Mutual labels:  malware, win32api
Threadboat
Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application
Stars: ✭ 132 (-18.52%)
Mutual labels:  malware, threading
matrix
mirror of https://mypdns.org/my-privacy-dns/matrix as it is obviously no longer safe to do Girhub nor have we no longer any trust in them. See https://mypdns.org/my-privacy-dns/porn-records/-/issues/1347
Stars: ✭ 32 (-80.25%)
Mutual labels:  malware
Ayase
🥥 Control everything by keyboard. Built for hackers and the blind.
Stars: ✭ 53 (-67.28%)
Mutual labels:  win32api
The-MALWARE-Repo
A repository full of malware samples.
Stars: ✭ 380 (+134.57%)
Mutual labels:  malware
Python-Keylogger
Python Tutorial - || Advanced Keylogger || Code Walk-through || Hacking/Info-Sec ||
Stars: ✭ 55 (-66.05%)
Mutual labels:  malware
r2yara
r2yara - Module for Yara using radare2 information
Stars: ✭ 30 (-81.48%)
Mutual labels:  malware
react-native-bg-thread
react-native-bg-thread
Stars: ✭ 45 (-72.22%)
Mutual labels:  threading
thread-pool
A modern thread pool implementation based on C++20
Stars: ✭ 104 (-35.8%)
Mutual labels:  threading
memscrimper
Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"
Stars: ✭ 25 (-84.57%)
Mutual labels:  malware
Reverse-Engineering
A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.
Stars: ✭ 7,234 (+4365.43%)
Mutual labels:  malware
mantichora
A simple interface to Python multiprocessing and threading
Stars: ✭ 13 (-91.98%)
Mutual labels:  threading
Quiescis
Quescis is a powerful Remote Access Trojan for windows 💻 on C++
Stars: ✭ 56 (-65.43%)
Mutual labels:  malware
libquo
Dynamic execution environments for coupled, thread-heterogeneous MPI+X applications
Stars: ✭ 21 (-87.04%)
Mutual labels:  threading
ThreatPursuit-VM
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
Stars: ✭ 1,033 (+537.65%)
Mutual labels:  malware
training-materials
No description or website provided.
Stars: ✭ 47 (-70.99%)
Mutual labels:  malware
CodeProject
Common code for unity project develop.
Stars: ✭ 28 (-82.72%)
Mutual labels:  threading
cerberus research
Research tools for analysing Cerberus banking trojan.
Stars: ✭ 110 (-32.1%)
Mutual labels:  malware
malware-writeups
Personal research and publication on malware families
Stars: ✭ 104 (-35.8%)
Mutual labels:  malware
MoviesApp
A Movie Application uses TheMovie API, MVVM architecture and all jetpack components.
Stars: ✭ 100 (-38.27%)
Mutual labels:  threading
View All Similar Projects ➔

ThreadBoat

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application.

About

I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software penetration testing. With Thread hijacking, it allows the hijacker.exe program to susepend a thread within the target.exe program allowing us to write shellcode to that target thread, and later be executed (via; WriteProcessMemory(), SetThreadContext(), ResumeThread(), CreateThread()).

Example GIF (Credits To Endgame)

alt text

Usage

int main()
{
	System sys;
	Interceptor incp;
	Exception exp;

	sys.returnVersionState();
	if (sys.returnPrivilegeEscalationState())
	{
		std::cout << "Token Privileges Adjusted\n";
	}
	
	if (DWORD m_procId = incp.FindWin32ProcessId((PCHAR)m_win32ProcessName))
	{
		incp.ExecuteWin32Shellcode(m_procId);
	}

	system("PAUSE");
	return 0;
}

For Further Information On Thread Execution Hijacking

Click On The Link Below

https://capec.mitre.org/data/definitions/30.html

Environment

  • Windows Vista+
  • Visual C++

Libs

  • Winapi

    • user32.dll
    • kernel32.dll

  • ntdll.dll

Ethical Notice

This code was simply written to demonstrate an overlooked method to inject shellcode or a DLL into a Win32 program. This code is not to be used for malicous purposes. The author, Josh Schiavone, is not liable for misuse of this software. May God bless you all.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].