Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jsmoreira02/process_injection

Injection of malicious code into legitimate Windows processes for evasion and simple malware to gain unauthorized access, using the Windows API. Serves as proof of concept or intrusion detection exercises.
https://github.com/jsmoreira02/process_injection

cybersecurity-awareness cybsersecurity hacking malware-development payload process-injection windows windows-api

Last synced: about 9 hours ago
JSON representation

Host: GitHub
URL: https://github.com/jsmoreira02/process_injection
Owner: Jsmoreira02
Created: 2023-11-07T17:10:15.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-09-12T17:31:25.000Z (2 months ago)
Last Synced: 2024-09-14T07:08:19.159Z (2 months ago)
Topics: cybersecurity-awareness, cybsersecurity, hacking, malware-development, payload, process-injection, windows, windows-api
Language: C++
Homepage:
Size: 199 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Simple Windows malware | Process injection

Simple payload for hacking Windows and process injection. Using the windows API for the C programming language.

* **Windows API:** https://learn.microsoft.com/pt-br/windows/win32/apiindex/windows-api-list

### **Process injection**

![ezgif com-video-to-gif](https://github.com/Jsmoreira02/Wind0wsM4lware_/assets/103542430/090ca836-8c52-4feb-ba99-911b6dbabd90)

Process injection is an evasive attack method, that hackers use to gain access to the system by executing their malicious code in the address space of a legitimate process, hiding the malware and often not generating any suspicion about an attacker on the system, as the malicious code becomes difficult to detect. Process injections also evade detection by any antivirus, application control, or endpoint detection and response systems running on the network, because the infected processes are viewed as legitimate.

Hackers usually use less suspicious or more important system processes such as: svchost.exe, rundll32.exe or even explorer.exe.

* **Explorer_injection.exe:** Performs a shell connection on the reverse target computer at the execution address of the explorer.exe process.

* **How to find the PID of a running windows process:**

![Screenshot_20231107_182320](https://github.com/Jsmoreira02/Wind0wsM4lware_/assets/103542430/1d9ab09e-04ac-45e2-8894-dfca0117868f)

```bash
tasklist | findstr
```
=> CMD syntax: `Process_injection.exe `

# Compiling | Install

* **Installation:**
```bash
git clone https://github.com/Jsmoreira02/Wind0wsM4lware_.git
cd Wind0wsM4lware_
make
```

* **Compiling just one of the files with "Makefile":** `make Process_injection` `make Win_malware` `make explorer_injection`

* **Compiling the code (Windows):** `g++ code.c -o code` or `make (In case mingw-w64 is installed)`

# MinGW-w64 Instalation:

**Debian/Ubuntu OS:**
```bash
sudo apt install mingw-w64-x86-64 (64-bits)
or
sudo apt install mingw-w64 (32-bits)
```

**Fedora**:
```bash
sudo dnf install mingw64-gcc-c++
```

**Arch Linux**:
```bash
sudo pacman -S mingw-w64-gcc
```

=> More Info: https://www.mingw-w64.org/

=> Shellcode generator: `msfvenom -p LHOST= LPORT= --platform windows --arch -f c`

# Warning:
> I am not responsible for any illegal use or damage caused by this tool. It primarily serves as a proof of concept, is intended to raise awareness about cybersecurity and can be improved in many ways.