This is a simple program that will attack a program "already running"( process ) in memory through the PTRACE linux system call.
Capable of modifying the victim program registers' data
Simple reminder: a program in execution is a PROCESS.
-
It will attach itself to a given process through the PID( Process Identifier ) you provide at the command line.
-
It will save the victim program's previous state( registers ) before overwriting it with whatever shellcode you provide it with ( I attached a simple x86_64 assembly code with its shellcode to prove it works but it can work for any shellcode as long as the victim program supports its size ).
-
After that it'll overwrite the registers( RIP in particular ) with your shellcode.
-
The victim program will be continued by the debugger thus running your shellcode( You have pwned the program!! ).
-
Once the shellcode is through with it's destruction, the debugger will replace the victim program's previous state for the current state( neat, right! all footprints were left in memory ) hence bringing back the victim program to it's own life!
Please make sure to have "gcc" and "make" installed( Installed by default on most GNU/Linux systems ).
make
WOW! it's very SIMPLE!
root@hacker:~# ./process_attacker <PID>
-
Make sure you are ROOT!
-
Assembly( x86_64 or 64-bit ) was written in Intel syntax with the goal of using it with the nasm assembler.
-
There many sites on the internet that can teach you on how to extract shellcode from your target programs( they're many ways trust me ). To do this manually, try reading from this gorgeous site . But if you hate that stress, try my own tool or Neetx's tool
-
Only works on GNU/Linux systems. I haven't yet tried to port it to MAC OSX( But you can try it out :) ).