Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 12
Guests Online: 12
Members Online: 0

Registered Members: 82800
Newest Member: santana1744
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

Injection exe into an existing process


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-03-09 22:06
Hey again. I have an executable which opens via the MS-DOS shell and just needs to be run. However, to make this program hidden, I need to start a new shell and change to the .exe's directory and open it then adding a /h to the command line. I would like to inject this executable into a process, explorer.exe specifically and have it start up when windows starts and to have it trust the program and not ask to unblock. Yet that is most likely a AV security measure and would depend on the AV to make that happen.
So what I want to learn...::
Editing this executable to automatically use the /h feature (source not included) and then have it inject itself into the explorer.exe process.
By then I would expect to have it hidden in say a bitmap image and work properly.
This executable is just a simple netcat. Just not identified as netcat.
Well please respond.
How can I reverse engineer to get the source code or identify which source it is first? Could Olly help?
Author

RE: Injection exe into an existing process

p4plus2
Member

Your avatar

Posts: 167
Location:
Joined: 31.03.08
Rank:
Newbie
Posted on 18-03-09 22:14
chronicburst wrote:

By then I would expect to have it hidden in say a bitmap image and work properly.



Well, to all of my knowledge I do not believe you can store a exe in a image, video, or sound file and still have it execute. From most common ways of crypto/segano it changes specific image bits to be slightly offset based on a password. There for the exe is stored but the data is not recognized by the computer. Though you can execute php from a jpg image but thats a little different method that doesn't work with exe files.
p4plus2@hotmail.com
Author

RE: Injection exe into an existing process

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 18-03-09 22:46
dammit got logged out when postedSad
Anyway what you are trying to do is as far as I know only achievable through dll injection through windows api. That way you load the additional dynamic library to the running process subsequently executing it.
You might want to check http://www.bluenotch.com/files/Shewmaker-DLL-Injection.pdf


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Injection exe into an existing process

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 19-03-09 08:07
I'd say that you're overthinking this. Why not just make another exe which contains your first exe file, and which extracts it and adds it to autostart with the right arguments passed when you run it?


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Injection exe into an existing process

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 19-03-09 08:54
Uber0n wrote:
I'd say that you're overthinking this. Why not just make another exe which contains your first exe file, and which extracts it and adds it to autostart with the right arguments passed when you run it?


Well true this would be easier, but it also results into additional process being called during startup, making it easier to spot. What you are talking about is simple trojan (bind shell to a port and throw it to startup folder), what chronicburst wants to do is conceal the process within another one, in order to hide it, which would also mean he doesn't have to worry about the startup, as the code would be ran with explorer.exe. It's actually quite sweet idea, gonna look more into it, so chronicburst if you make any progress, hit me up on msn, or send me a pmWink


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Injection exe into an existing process


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-09 14:37
Indeed. I want it to be concealed within another process, explorer.exe because it is always running. So I would want to hook it into the explorer. I would want this to be able to be setup through another file though so I can have remote users open.. say.. EXTREME CALCULATOR MAX++, and the netcat would be in there and hook into the explorer process. I would much rather have an image but it is understandable that they can execute commands. Well PHP, as I am told.
Would be neat if could have a PHP execute a netcat into temporary internet files and then copy over to say /system32/ and hook into explorer. Too complicated I can see.
Author

RE: Injection exe into an existing process


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-09 16:27
As far as I know it isn't possible to inject an exe into a process.
But you can inject dlls.
So why don't you simply write a dll which opens
The exe. I think that should work.

So write an application that has the dll and the executable in it.
So it has only to extract the files and inject the dll in the process you like.


Author

RE: Injection exe into an existing process

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 19-03-09 18:34
NoPax wrote:
As far as I know it isn't possible to inject an exe into a process.
But you can inject dlls.
So why don't you simply write a dll which opens
The exe. I think that should work.



Dll injected into explorer process-->calls the netcat.exe-->netcat.exe executed however by default in different process...
There may be way to fork it just to a different thread within the process but I haven't heard about anything like that.
The only way to do exactly what OP proposes is to have a source code of that exe, compile it to dll and inject it into the explorer process, without source you are pretty much screwed


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Injection exe into an existing process


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-09 18:42
All right
I thought it might work because you can make a dll to execute an file.
Yeah with the sourcecode of the other app it would be very easy xD
Author

RE: Injection exe into an existing process


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-03-09 01:56
All righty, so make my own netcat in which i can telnet into on a specific port, hide it on a remote system in a pretty hidden area, make a dll that loads the netcat and will be run hiddenly via the dll through the process the dll is attached to.
im sorry im a confuser, terribly head ache, hard to focus. migraines.
Author

RE: Injection exe into an existing process

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 20-03-09 02:34
MoshBat wrote:
chronicburst wrote:
im sorry im a confuser, terribly head ache, hard to focus. migraines.

Get off the computer. You're sat in front of a rapidly flashing image. Now, flashing images aren't that good for the brain over prolonged periods of time.
Really, off the computer until your head has cleared. You'll be able to think things through better.


Only CRT monitors function in that way...