module
Windows Inject Reflective PE Files, Windows x64 Bind TCP Stager
| Disclosed | Created |
|---|---|
| N/A | Sep 2, 2020 |
Disclosed
N/A
Created
Sep 2, 2020
Description
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE
loader will execute the pre-mapped PE image starting from the address of entry after performing image base
relocation and API address resolution. This module requires a PE file that contains relocation data and a
valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks
are not currently supported. Also PE files which use resource loading might crash.
Listen for a connection (Windows x64)
loader will execute the pre-mapped PE image starting from the address of entry after performing image base
relocation and API address resolution. This module requires a PE file that contains relocation data and a
valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks
are not currently supported. Also PE files which use resource loading might crash.
Listen for a connection (Windows x64)
Authors
ege egebalci@pm.me
sf stephen_fewer@harmonysecurity.com
sf stephen_fewer@harmonysecurity.com
Platform
Windows
Architectures
x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.