ThreadBoat – Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

November 22, 2021

Program uses Thread

Usage

int main()
{
	System sys;
	Interceptor incp;
	Exception exp;

	sys.returnVersionState();
	if (sys.returnPrivilegeEscalationState())
	{
		std::cout << "Token Privileges Adjustedn";
	}

	if (DWORD m_procId = incp.FindWin32ProcessId((PCHAR)m_win32ProcessName))
	{
		incp.ExecuteWin32Shellcode(m_procId);
	}

	system("PAUSE");
	return 0;
}

For Further Information On Thread Execution Hijacking

Click On The Link Below

https://capec.mitre.org/data/definitions/30.html

Environment

  • Windows Vista+
  • Visual C++

Libs

  • Winapi

    • user32.dll
    • kernel32.dll

  • ntdll.dll

Ethical Notice

This code was simply written to demonstrate an overlooked method to inject shellcode or a DLL into a Win32 program. This code is not to be used for malicous purposes. The author, Josh Schiavone, is not liable for misuse of this software. May God bless you all.

Download ThreadBoat

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: unsubscribe-anyone-from-all-emails-abfe

November 25, 2024
hackerone

HackerOne Bug Bounty Disclosure: information-exposure-due-to-enabled-debug-mode-thpless

November 25, 2024
hackerone

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024
hackerone

HackerOne Bug Bounty Disclosure: reflected-html-injection-via-contact-faq-search-parameter-on-the-white-evil

November 25, 2024
CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

November 25, 2024