A beacon object file implementation of ThreadlessInject by @_EthicalChaos_, making use of API hashing and calling NTAPI functions directly rather than going through the Windows API.
ThreadlessInject is a novel process injection technique involving hooking an export function from a remote process in order to gain shellcode execution. The original project was released after their talk at BSides Cymru 2023.
Note: I made this project in order to learn how to write BOF's, so this hasn't been thoroughly tested.
Usage
threadless-inject <pid> <dll> <export function> <shellcode path>
Examples
For sake of example, all process id's have been assumed to be 1234
.
Inject into chrome.exe, execute shellcode when process closes
threadless-inject 1234 ntdll.dll NtTerminateProcess shellcode.bin
Inject into notepad.exe, execute upon file open
threadless-inject 1234 ntdll.dll NtOpenFile shellcode.bin
Credits
- @_EthicalChaos_ - Creator of ThreadlessInject
- @shubakki - Helped port some helper functions, such as
findMemoryHole