Skip to content

josh0xA/threadfire

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

threadfire

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. I was 15 years old when I made this - please ignore the substandard code.

About

I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software penetration testing. With Thread hijacking, it allows the hijacker.exe program to susepend a thread within the target.exe program allowing us to write shellcode to that target thread, and later be executed (via; WriteProcessMemory(), SetThreadContext(), ResumeThread(), CreateThread()).

Example GIF

alt text

Usage

int main() {	System sys;	Interceptor incp;	Exception exp;	sys.returnVersionState(); if (sys.returnPrivilegeEscalationState())	{	std::cout << "Token Privileges Adjusted\n";	} if (DWORD m_procId = incp.FindWin32ProcessId((PCHAR)m_win32ProcessName))	{	incp.ExecuteWin32Shellcode(m_procId);	} system("PAUSE"); return 0; }

For Further Information On Thread Execution Hijacking

Click On The Link Below

https://capec.mitre.org/data/definitions/30.html

  • ntdll.dll

About

PoC Thread Execution Hijacking for Win32 Code Injection

Topics

malware hacking cpp11 threading win32api threadhijack

Resources

Readme

License

MIT license
Activity

Stars

178 stars

Watchers

4 watching

Forks

35 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages