Nytro Posted September 6, 2010 Report Share Posted September 6, 2010 Injector is a little tool that will inject your code into a target process.Injector is a POST EXPLOITATION tool. it use generic shellcodes (may be generated from metasploit) and inject the shellcode into the target process and then run the code with the context of target process. By doing this it can evade anti viruses and provide a very powerful base for post exploitation.Key Features & Benefits:*ask for a file (means provide flexibility. you can choose your own codes).*Can provide On demand shells.(inject code into the processes and get shell).*Evade Anti viruses(because we are not generating exe, we are injecting direct shellcode.) This is one of the most powerful technique employed with this tool set.*Alphanumeric shellcodes are bullet proof solution for Anti viruses..*can backdoor a process (bind shell).*can provide ability to switch from one exploitation tool to other..(for eg.. inject meterpreter shellcode -Metasploit, inject bind shell --Core Impact(we can connect core impact )This is a small but very powerful utility that will inject direct shellcode into a process..and provide a powerful protection against anti viruses.Explanation: suppose we have a bind/reverse shell. now we want upload some tools. for eg. netcat or simply we may want to upgrade it to a meterpreter shell but victim is using latest Anti Virus then up gradation will fail or uploaded tools will be deleted.. Now the Game Begin how antivirus detect our tools.. because of some signatures, yes right. ok now we will try to pack or encrypt our exes then reupload on victim machine but antivirus detect and delete them.. now we face a very interesting question.. HOW antivirus know that our encrypted/packed file was the same malicious file?? basically antivirus load the file and detect the packer then decrypt the file and match the signature. now it provide a very important point what if we don't upload exe but we upload encrypted shellcode with injector. note that these shellcodes are not detectable because they are just raw instructions antivirus can't load the file and can't decrypt the instruction.. So in this way we can Bypass AV.. Hope your are getting what i am saying..Injector will give you all the powers that will need in your post exploitation phase.Vid tut:http://vimeo.com/14139105Download:https://sites.google.com/site/mamit30/home/injector/injector.rar?attredirects=0&d=1Sursa: h4cky0u.org :: Login Quote Link to comment Share on other sites More sharing options...
