Code injection in windows 10 is another way of launching an attack. This happens after a malware has been downloaded and became dormant waiting for the right time to carry out its attack. Code Injection is a technique wherein a malware usually inject a code to a windows process while it is running. A very sophisticated code injector usually employs a combination of techniques like obfuscation to avoid virus detection, then it scans for its targeted application to inject the code which is usually a game where an unsuspecting user uses quite often and for an extended time. The goal of the attack is usually to launch an msfvenom payload. Once the payload is up and running, the attacker can listen to audio, open the webcam, upload another virus file or download sensitive information.
In today's post, I created simple code in python that injects a simple tkinter screen that gets displayed while notepad is being used. It can be any software, but my code does not include a process scanner so I only target notepad for demo purposes only. Most attackers usually use tkinter because it is lightweight and attackers can easily force download it if the module in not yet installed on the victim's computer.
The code injection code is all made possible the python library pymem. In some code injection viruses, they include importlib to modify the malware's own code to mutate itself to avoid anti virus detection and to target other software after a software has been infected. Code injection is also used as means to make the virus infect other files.
Disclaimer: This is just for educational and demo purposes only. Spreading viruses and hacking is illegal.
Here is the code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | import pymem mem = pymem.Pymem("notepad.exe") mem.inject_python_interpreter() code = """ from tkinter import * infect = Tk() infect.geometry("400x200") infect.title('You are owned!') # the label for user_name user_name = Label(infect, text = "You are owned!", font=("Arial", 25)).place(x = 20, y = 55) infect.mainloop() """ mem.inject_python_shellcode(code) |
No comments:
Post a Comment