Closed kartikdurg closed 2 months ago
0xDeku
commented
4 months ago For the LSASS dump, I used a different shellcode which loads a DLL into the injected process. The DLL then used MiniDumpWriteDump on the current process. It is not the default shellcode used by PoolParty.
Regarding the MSFVenom reverse shell, the answer is yes, I did not encounter any limitations in regards of shellcodes, and the injections are viable with such shellcodes.
kartikdurg
commented
4 months ago Got it. Can you please share the shellcode here ? Or even a link to any such resource will do.
0xDeku
commented
2 months ago Any LoadLibrary shellcode where you place you code in DllMain should work. An alternative would be calling an exported function from that DLL. The following resource may be helpful - https://nytrosecurity.wordpress.com/2019/06/30/writing-shellcodes-for-windows-x64/
I will be closing this issue, let me know if you have other questions regarding PoolParty
I'm curious about how you developed the shellcode for dumping LSASS memory. Did you simply modify the pathname?
Additionally, I attempted a reverse shell with msfvenom, but the process was terminated. Is this technique not viable with such shellcodes?