search

jm33-m0 / emp3r0r

Linux/Windows post-exploitation framework made by linux user
https://infosec.exchange/@jm33
MIT License
1.26k stars 232 forks source link

Need information about Injector module #322

Open ameygat opened 1 month ago

ameygat commented 1 month ago

What did you do? (required)

I tried to inject code into Windows 10 process as well as Linux process on Red Hat Enterprise Linux 8.

https://jm33.me/emp3r0r-process-injection-and-persistence.html#inject-shellcode mentions that emp3r0r automatically injects the guardian shellcode into common processes

What did you expect to happen?

I think it should have been successful on both Windows and Linux OS . Not sure about Windows as documentation does not specify if injector works on Windows victim or not. But I think on Linux if payload is running as root injector should work ?

Kindly let me know if I am using injector incorrectly.

What happened instead?

On both victim OS Injects were failed.

0] !inject native 3823: Output:
Error: native is not supported
0] !inject shared_library 3823 Output:
Error: failed to get __libc_dlopen_mode address for 3823: libc not found: scanned map file, libc not found

Your environment

emp3r0r.json

I suggest that you format your JSON with an online JSON formatter, for example https://codebeautify.org/jsonviewer

emp3r0r.json:
{
  "cc_port": "43133",
  "autoproxy_port": "61363",
  "autoproxy_timeout": 0,
  "http_listner_port": "16868",
  "password": "cpC",
  "shadowsocks_port": "22022",
  "kcp_port": "57623",
  "use_shadowsocks": false,
  "use_kcp": false,
  "disable_ncsi": true,
  "ssh_host_key": "LSS0tLQo=",
  "ssh_proxy_port": "61364",
  "sshd_shell_port": "20368",
  "broadcast_port": "11994",
  "broadcast_interval_min": 30,
  "broadcast_interval_max": 0,
  "cc_host": "192.168.73.111",
  "pid_file": "/tmp/ssh-ycFUaLdoQfzA/MQd",
  "cc_indicator": "",
  "indicator_wait_min": 30,
  "indicator_wait_max": 130,
  "indicator_text": "emperor1",
  "ca": "-----BEGIN CERTIFICATE-----\nMIIBPQ+A==\n-----END CERTIFICATE-----\n",
  "ca_fingerprint": "8ae",
  "c2transport_proxy": "",
  "cdn_proxy": "",
  "doh_server": "",
  "socket": "/tmp/ssh-ycFUaLdoQfzA/stMRnYFBxCVZLzB",
  "agent_root": "/tmp/ssh-ycFUaLdoQfzA",
  "utils_path": "/tmp/ssh-ycFUaLdoQfzA/ZQZ",
  "agent_uuid": "47f50c3e-02e8-49d1-bc2d-f579eaf0166e",
  "agent_tag": "",
  "timeout": 14649
}

CC

Linux distro name and version, use cat /etc/*release* to view, paste the result below

# cat /etc/*release*
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
VERSION_ID="2023.4"
VERSION="2023.4"
VERSION_CODENAME=kali-rolling
ID=kali
ID_LIKE=debian
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"
ANSI_COLOR="1;31"

C2 Transport

Agent

OS

CPU architecture

jm33-m0 commented 1 month ago

I tried to inject code into Windows 10 process

This module won't work on Windows

But I think on Linux if payload is running as root injector should work ?

Yes it should work, but there might be bugs or limitations that need to be addressed. So if you can't get it to work it might be my issue.

Error: failed to get __libc_dlopen_mode address for 3823: libc not found: scanned map file, libc not found

Check if the target process is linked against glibc, not all processes have glibc loaded.