Skip to content

Commit

Permalink
README improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
srozb committed Jul 15, 2024
1 parent 24245cf commit 78dd119
Showing 1 changed file with 42 additions and 39 deletions.
81 changes: 42 additions & 39 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,72 +1,75 @@
# Parasite - dll injection/hijack made fun
# Parasite - Injecting Some Fun into DLL Manipulation

Why does dll injection/hijack have to be boring? This project aims to create a fun DLL library that brings some neat features to pwned processes.
It combines the power of Jester, WinIM as well as Bulma CSS and HTMX to keep your experience on desired level.
All compiled into a single binary under 1MB size.

I’ve created it to learn Nim and get familiar with Windows internals, especially wanting to play around with some WinAPI functions under
different security contexts.
It’s also suitable for pwning Microsoft Office by planting malicious Add-ons (XLL etc.).

## Showcase
Tired of boring dll injection tools? 🦠 Meet **Parasite**, a Nim-based library designed to make process manipulation exciting! 🚀 Combining the power of Winim & Jester with a user-friendly interface built on HTMX and Bulma CSS, Parasite injects fun into even the most mundane hacking tasks.

![Frontpage](imgs/front.PNG)

![Processes](imgs/processes.PNG)

## Features
## Parasite Highlights

* **Inject Delight**: Run code on DLL load (`DllMain`), optionally creating a separate thread and simulating necessary exports to satisfy the loader. Temprarily disable **Loader Lock for thread creation**.
* **Remote Control**: Spin up an HTTP server within the injected process, enabling remote control and communication (perfect for targets like `lsass.exe`).
* **Process Playtime**: Dynamically load/unload dlls in running processes for on-the-fly modifications.
* **Memory Snapshot:** Capture a full snapshot of the target's memory using `dbghelp.dll`'s `MiniDumpWriteDump`.
* **Process Migration**: Hop between processes with classic DLL injection techniques (using `WriteProcessMemory`, `CreateRemoteThread`, and `LoadLibrary`).
* **Command Execution**: Execute shell commands within the context of your injected process for stealthy control.
* **Modularity & Speed:** Parasite's design encourages easy extensibility - build standalone executables (injectors, dumpers) with ease! And it's lightning-fast!⚡

- Run on DLL load (`DllMain`) with optional fake exports, if loader expects them
- Http server listening on loopback interface, running within injected context (e.g. `lsass.exe`)
- Load/unload dlls in running process
- Dump remote process memory to disk (using `dbghelp.dll` `MiniDumpWriteDump`)
- Migrate to other process by a classic dll injection (`WriteProcessMemory` & `CreateRemoteThread` to `LoadLibrary`)
- Execute shell command in the context of injected process
- Modular, easy to extend design - modules can be compiled to standalone execs (injector, dumper)
- It's fast!
## Getting Started

## Requirements
**Tested under**:

Tested under Windows 10 64-bit with the following dependencies:
* Windows 10 x64 19042
* Nim Compiler v.2.0.0

(Nim 1.6.0)
**Dependencies:**

- Winim=3.6.1
- Jester=0.5.0
- Nimja=0.4.0
- psutil=0.6.1 (https://github.com/enthus1ast/psutil-nim)
(Manage via nimble install)

## Building
* [Winim = 3.9.3](https://github.com/khchen/winim)
* [Jester = 0.6.0](https://github.com/dom96/jester)
* [Nimja = 0.8.7](https://github.com/enthus1ast/nimja)
* [psutil = 0.6.1](https://github.com/enthus1ast/psutil-nim)

64bit binaries are precompiled and ready to be downloaded.
**Building Parasite:**

You can compile library and executables with `nimble build` or alternatively:
Precompiled x64 binaries are available for download in the releases section of this repo - no setup required, just start pwning!

**Manual Build:**

```batch
nimble build
```

or

```batch
nim c --app=lib --nomain -d:dumper -d:release --passL:-s -o:parasite-x64.dll src\parasite.nim
nim c --app=lib --nomain -d:dumper -d:fakeexports -d:release --passL:-s -o:dbghelp.dll parasite.nim
```

- `-d:fakeexports` will include fakeexports.nim and predefined `dbghelp.dll`
export. Feel free to adjust it to your needs.
For a DLL with fake exports use `-d:fakeexports` after you adjust `src\fakeexports.nim` with the required exports.

### x86 support
**X86 Support:**

You can use 32bit version of Nim to compile parasite to x86 arch.
You can use 32-bit version of Nim to compile parasite to x86 arch.
Alternatively, you can cross-compile on x64:

1. Ensure mingw-32 is in your path variable.
2. Compile with the following flags:

```
```batch
nim --cpu:i386 -d:release c src\parasite.nim
```

## Known Issues
## Known Limitations

* The WMI module is still under development

- Loader lock present
- WMI module is not ready yet
---

## Acknoledgments
**This project draws inspiration from:**

Heavily inspired by wonderful [byt3bl33d3r/OffensiveNim](https://github.com/byt3bl33d3r/OffensiveNim) repo.
* The amazing [OffensiveNim](https://github.com/byt3bl33d3r/OffensiveNim) repository.
* Loader Lock unlocking technique haveily inspired on work of [@ElliotKillick](https://github.com/ElliotKillick) especially his [LdrLockLiberator](https://github.com/ElliotKillick/LdrLockLiberator) repository.

0 comments on commit 78dd119

Please sign in to comment.