View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002353Kali LinuxNew Tool Requestspublic2015-06-22 09:092020-02-11 12:07
ReporterBorjaMerino Assigned Tog0tmi1k  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionwon't fix 
Summary0002353: TLS Injector. Injecting shellcodes through TLS callbacks
Description

TlsInjector.py is a script in python that lets you inject a shellcode in a binary to be executed through TLS callbacks.

As far as I know there isn't any tool that let's you backdoor a binary using this method in an automated way. The fact of using a TLS callback instead of the usual injection techniques has some added advantages; for example, you don’t need to modify the entry point to jump/call to the code cave and then redirect the execution flow to the original program. Another key advantage is that a TLS callback runs the code before the entry point is reached.

The script will accept the shellcode you want to inject and the target binary. The script also includes a payload that let's you inject (though LoadLibrary) an evil DLL. You only need to use the -l option and feed it with the DLL path as a parameter.

More payloads will be included as needed.

The tools is available in Github:
https://github.com/BorjaMerino/tlsInjector

More info:
http://www.shelliscoming.com/2015/06/tls-injector-running-shellcodes-through.html

Steps To Reproduce

$ python tlsInjector.py -h

Info:
Inject a shellcode into a binary and run it through a TLS callback

Usage:
-s <file> - Shellcode to be executed by the TLS callback
-f <file> - Target binary
-o <file> - Output file (default: tls_injected.exe)
-t - Create a new section (no code caves search)
-r - Set basereloc directory to 0x0
-l <path dll> - Loadlibrary payload: the shellcode will load the DLL supplied
-h - Help

Examples:
python tlsInjector.py -s reverse_tcp.bin -f putty.exe -r
python tlsInjector.py -f putty.exe -l evil.dll -t

Activities

stormtide

stormtide

2015-07-06 16:22

reporter   ~0003475

We need to do the following:

apt-get install python-pefile

Before you use this python script for the first time.
g0tmi1k

g0tmi1k

2018-01-29 15:16

administrator   ~0008490

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-02-11 12:06

administrator   ~0012219

Python2 - which is EOL

Issue History

Date Modified Username Field Change
2015-06-22 09:09 BorjaMerino New Issue
2015-07-06 16:22 stormtide Note Added: 0003475
2018-01-29 15:16 g0tmi1k Note Added: 0008490
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-02-11 12:06 g0tmi1k Note Added: 0012219
2020-02-11 12:07 g0tmi1k Assigned To => g0tmi1k
2020-02-11 12:07 g0tmi1k Status new => closed
2020-02-11 12:07 g0tmi1k Resolution open => won't fix