Closed timwhitez closed 2 years ago
I think you should be able to use this via spawn-dll
or sideload
, the sRDI version can also be used via execute-shellcode
ok,thx
and what's the different between spawn-dll and sideload?
spawn-dll
is specific to Windows DLLs and loads the DLL into the same process as the implant using reflective DLL injection. sideload
is able to load any shared library (i.e., .so
, .dylib
, and .dll
) and loads the shared library using platform specific techniques into a new process.
Both commands have help
for more details.
ok,thanks
Actually spawn-dll
also loads a DLL into a new process (notepad.exe
by default), the difference is that it's mainly geared towards reflective DLLs (those using the RelfectiveLoader
project).
For dumpert, I'd recommend using: sideload --entry-point Dump path/to/dumpert.dll
ok thanks i will try to read the source code
use same way as https://github.com/outflanknl/Dumpert to dump lsass for evasion.