gnusec/linux-process-injection

Process injection on Linux.

linux-process-injection

About

There are two ways to start debugging a process:

1. The first and more immediate one, is to make our debugger start the process: fork and exec. This is what happens when you pass a program name as a parameter to gdb or strace.
2. The other option we have is to dynamically attach our debugger to a running process. This enables process injection.

Project organization

.
├── inject.c
├── README.md
└── samples     # sample applications to inject into

Run

# compile shellcode
nasm -f elf64 -o shellcode.o shellcode.asm

# convert shellcode to C string
./bin2sc.py shellcode.o

# run hello
./hello

# inject shellcode into hello's process
./inject <pid of hello>

References

• Linux: Infecting running processes

To read

• Phrack: Building ptrace injecting shellcodes (that don't crash the process)
• Linux process injection into sshd for fun
  • xpn/ssh-inject source code
• sshd injection and password harvesting, alternative method