ThreadBoat – Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

November 22, 2021

Program uses Thread

Usage

int main()
{
	System sys;
	Interceptor incp;
	Exception exp;

	sys.returnVersionState();
	if (sys.returnPrivilegeEscalationState())
	{
		std::cout << "Token Privileges Adjustedn";
	}

	if (DWORD m_procId = incp.FindWin32ProcessId((PCHAR)m_win32ProcessName))
	{
		incp.ExecuteWin32Shellcode(m_procId);
	}

	system("PAUSE");
	return 0;
}

For Further Information On Thread Execution Hijacking

Click On The Link Below

https://capec.mitre.org/data/definitions/30.html

Environment

  • Windows Vista+
  • Visual C++

Libs

  • Winapi

    • user32.dll
    • kernel32.dll

  • ntdll.dll

Ethical Notice

This code was simply written to demonstrate an overlooked method to inject shellcode or a DLL into a Win32 program. This code is not to be used for malicous purposes. The author, Josh Schiavone, is not liable for misuse of this software. May God bless you all.

Download ThreadBoat

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

image

[HUNTERS] – Ransomware Victim: Kumla Kommun

November 14, 2024
image

[SARCOMA] – Ransomware Victim: ADT Freight Services Australia Pty Lt

November 14, 2024
image

[AKIRA] – Ransomware Victim: Berexco LLC

November 14, 2024
image

[AKIRA] – Ransomware Victim: Dumont Printing

November 14, 2024
image

[AKIRA] – Ransomware Victim: Intercomp

November 14, 2024