module
Windows Inject PE Files, Bind TCP Stager (Windows x86)
| Disclosed | Created |
|---|---|
| N/A | 2020-09-02 |
Disclosed
N/A
Created
2020-09-02
Description
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE
loader will execute the pre-mapped PE image starting from the address of entry after performing image base
relocation and API address resolution. This module requires a PE file that contains relocation data and a
valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks
are not currently supported. Also PE files which use resource loading might crash.
Listen for a connection (Windows x86)
loader will execute the pre-mapped PE image starting from the address of entry after performing image base
relocation and API address resolution. This module requires a PE file that contains relocation data and a
valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks
are not currently supported. Also PE files which use resource loading might crash.
Listen for a connection (Windows x86)
Authors
ege egebalci@pm.me
hdm x@hdm.io
skape mmiller@hick.org
sf stephen_fewer@harmonysecurity.com
hdm x@hdm.io
skape mmiller@hick.org
sf stephen_fewer@harmonysecurity.com
Platform
Windows
Architectures
x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.