{"id":18107184,"url":"https://github.com/byt3n33dl3/passwordexecution","last_synced_at":"2025-07-17T22:34:50.791Z","repository":{"id":255490436,"uuid":"852244062","full_name":"byt3n33dl3/PasswordExecution","owner":"byt3n33dl3","description":"Advance Injection attacks for Password and Credentials execution in Graphic user Interface.","archived":false,"fork":false,"pushed_at":"2024-09-04T14:29:43.000Z","size":44697,"stargazers_count":8,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-06T02:48:49.963Z","etag":null,"topics":["injection-attacks","offensive-security","passwordcracking","passwordexecution","pentesting"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/byt3n33dl3.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-04T13:30:07.000Z","updated_at":"2025-02-05T16:16:21.000Z","dependencies_parsed_at":"2024-09-05T19:36:27.618Z","dependency_job_id":null,"html_url":"https://github.com/byt3n33dl3/PasswordExecution","commit_stats":null,"previous_names":["pxcs/passwordexecution","byt3n33dl3/passwordexecution"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FPasswordExecution","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FPasswordExecution/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FPasswordExecution/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3n33dl3%2FPasswordExecution/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/byt3n33dl3","download_url":"https://codeload.github.com/byt3n33dl3/PasswordExecution/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248788855,"owners_count":21161726,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["injection-attacks","offensive-security","passwordcracking","passwordexecution","pentesting"],"created_at":"2024-10-31T23:09:44.371Z","updated_at":"2025-04-13T21:51:35.493Z","avatar_url":"https://github.com/byt3n33dl3.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PasswordExecution\n\n```python\n    ____                                          ________                     __  _           \n   / __ \\____ ____________      ______  _________/ / ____/  _____  _______  __/ /_(_)___  ____ \n  / /_/ / __ `/ ___/ ___/ | /| / / __ \\/ ___/ __  / __/ | |/_/ _ \\/ ___/ / / / __/ / __ \\/ __ \\\n / ____/ /_/ (__  |__  )| |/ |/ / /_/ / /  / /_/ / /____\u003e  \u003c/  __/ /__/ /_/ / /_/ / /_/ / / / /\n/_/    \\__,_/____/____/ |__/|__/\\____/_/   \\__,_/_____/_/|_|\\___/\\___/\\__,_/\\__/_/\\____/_/ /_/ \n                                                                                                by pxcs ( Sulaiman )\n```\n\n## Injection techniques\nI created this repo during my journey in learning more about the various process injection techniques. I did reuse other’s code, but tried to improve on them or modify them to our need and better reading. The source should be indicated in the code.\nAll of them were created with Visual Studio 2017.\n\n## Simple Thread Injection\nProbably the simplest injection, it simply allocates memory in the new process, writes to it, and creates a remote thread. You can do that via 3 different APIs.\nUse\nRun: SimpleThreadInection.exe [process name] [option number]\noption 1 - CreateRemoteThread\noption 2 - NtCreateThreadEx\noption 3 - RtlCreateUserThread\n\n## Inject DLL - DLL injection\nThis is a POC for the DLL injection described here (and many other places):\n[ Notes ](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)\nUse\nRun: injectdll.exe [process name] [dll path] [option number]\noption 1 - CreateRemoteThread\noption 2 - NtCreateThreadEx\noption 3 - RtlCreateUserThread\n\n## APC Injection\nThis injection uses QueueUserAPC API to start a thread in the remote process after writing a shell code to its memory.\nUse: APCInjection [process name]\n\n## EarlyBird injection\nThis is a POC for the EarlyBird injection technique as named by Cyberbit, it’s a corner case of QueueUserAPC. More details here:\n[ Notes ](https://thehackernews.com/2018/04/early-bird-code-injection.html)\n\nUse:\n1. Put the shellcode of your choice to the source file (the included one will pop cmd.exe)\n2. Recompile\n3. Run: EarlyBird.exe [any x64 binary]\n\n## SetWindowsHook injection\nAlso described here:\n[ Notes ](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)\nUse: SetWindowsHookInjection.exe [window name] [dll path] [function name]\n\n## CtrlInject injection\nThis is a POC for the CtrlInjection found by enSilo:\n[ Notes ](https://blog.ensilo.com/ctrl-inject)\n\nUse:\n1. Put the shellcode of your choice to the source file (the included one will pop calc)\n2. Recompile\n3. Run: EarlyBird.exe [PID of x64 Console Application which has a non default HandlerList (e.g.: cmd.exe)]\n\t\t\n## Inject PE - PE injection\nThis is a POC for the PE injection described here (and many other places):\n[ Notes ](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)\nUse:\n1. Update the entryThread function as you want - that will be executed in the target\n2. Run: injectpe.exe [target process]\n\n## Process Hollowing\nThis is a POC for the Process Hollowing injection described here (and many other places):\n[ Notes ](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)\nWorks quite reliably in x86 and x64 as well, there are plenty of error checks to avoid failures.\nUse:\n1. Run: processhollowing.exe [target binary] [to be run binary]\n\n## Thread Execution Hijacking\nThis is a POC for the Thread Execution Hijacking described here (and many other places):\n[ Notes ](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)\nOpposite to other POCs available, this version will inject a shell code to the target process (and not a DLL name) and will get the target to Create a thread in itself.\nUse:\n1. Put your shell code into scx86 and scx64 accordingly.\n2. Run: threadexecutionhijack.exe [process name] \n\n## PROPagate\nThis one is described here:\n[Hexacorn](http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/)\nI decided to release this as malware uses this technique, and we need defense people to understand how this work:\n[ Notes ](https://www.fireeye.com/blog/threat-research/2018/06/rig-ek-delivering-monero-miner-via-propagate-injection-technique.html)\nThe x64 shell code will crash explorer.exe, but that will restart. I need to rewrite this code to work more generically and without a crash, but so far this is how it is. This POC is very dirty, there was a nicer one on GitHub but it’s no longer available.\n\n## 7 Window message based Injection\nThe following 7 POCs are based on the following posts. In the light of some recent research and to bring awareness I decided to release them.\n\n- [ Notes ](http://www.hexacorn.com/blog/2019/04/25/listplanting-yet-another-code-injection-trick/)\n\n- [ Notes ](http://www.hexacorn.com/blog/2019/04/24/treepoline-new-code-injection-technique/)\n\n- [ Notes ](http://www.hexacorn.com/blog/2019/04/24/3-new-code-injection-tricks/)\n\n- [ Notes ](http://www.hexacorn.com/blog/2019/04/23/wordwarper-new-code-injection-trick/)\n\n- [ Notes ](https://modexp.wordpress.com/2019/04/25/seven-window-injection-methods/)\n\n## PasswordExecution Mapping\n\n\u003e- AutoCorrectProc_Injection\n\n\u003e- EditStreamCallback_injection\n\n\u003e- EditWordBreakProc_Injection\n\n\u003e- HyphenateProc_Injection\n\n\u003e- IRichEditOleCallback_Injection\n\n\u003e- ListViewCompare_Injection\n\n\u003e- TreeViewCompare_Injection\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3n33dl3%2Fpasswordexecution","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbyt3n33dl3%2Fpasswordexecution","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3n33dl3%2Fpasswordexecution/lists"}