Pull requests are welcomed.
- Try to run the given injection techniques code.
- Understand how each technique works
- Understand the attack vector and the different parts (stages) of the chain
(i.e the bridgehead shellcode, injection to process memory,LPE, when to create a new process etc.) - Describe the need for a custom statically PIC compiled elf (Shared object library) loader shellcode.
- Injection vs patching at runtime?
- Implement / imporve it by yourself.
- Linkers & Loaders by John R. Levine (1999)
- Using procfs to execute ELF without touching the disk
- The Nexus between Static and Position Independent Code
- Enabling SHELF Loading in Chrome for fun and profit
- General Linux Process injection techniques
- ARM: SamyGOso Next-Gen
- Based on 2014 ARM: HideAndroidEmulator ADBI Hook System Call
- Reflective Injection for Linux
TODO: how likely is it that the process you wish to inject to has already ptraced (attached) itself?, what would you do in such scenario?
- Linux ptrace introduction AKA injecting into sshd for fun - XPN InfoSec Blog
- Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation - exploit database | Vulners.com
- Code search results on GitHub (ProcDump for Linux - ptrace)
- HookProcessEvent: PtraceInject.h at main · Jingle-BF/HookProcessEvent
- Code search results on GitHub (PTRACE_SETREGSET, NT_PRSTATUS, PTRACE_SETREGS, CPSR_T_MASK)
- W3ndige/linux-process-injection: Proof of concept for injecting simple shellcode via ptrace
- Ptrace pokedata Input/output error in memory injection - Stack Overflow
- Ptrace(PTRACE_PEEKDATA, ...) error: data dump - Stack Overflow Watch for ptrace alignment issues?
-
ElfMaster - ELF Internals projects (Injection, Patching etc.)
-
DEF CON 31 - Revolutionizing ELF binary patching w Shiva - ElfMaster
- Riru (C++)
- Riru Project
- Inject into zygote process (see also Zygisk project)