View Issue Details

IDProjectCategoryView StatusLast Update
0003254Kali LinuxNew Tool Requestspublic2020-02-11 16:03
Reporterbmerinofe Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionwon't fix 
Summary0003254: Pazuzu - reflective DLL to run binaries from memory
Description

Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory.

To run the payload, you just have to choose the stager you like (reverse TCP, HTTP, HTTPS, etc.) and set the DLL generated by Pazuzu. Pazuzu will execute the binary within the address space of the vulnerable process as long as it has the .reloc section.

Additional Information

More info:
http://www.shelliscoming.com/2016/04/pazuzu-reflective-dll-to-run-binaries.html

Some practical examples:
https://www.youtube.com/watch?v=2OcEbMgQiVo

Git Repository:
https://github.com/BorjaMerino/Pazuzu

Activities

g0tmi1k

g0tmi1k

2018-01-29 15:08

administrator   ~0008448

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-02-11 16:03

administrator   ~0012236

Looks like python2 - which is EOL

Issue History

Date Modified Username Field Change
2016-04-25 12:19 bmerinofe New Issue
2018-01-29 15:08 g0tmi1k Note Added: 0008448
2018-05-08 08:41 g0tmi1k Summary Pazuzu: reflective DLL to run binaries from memory => Pazuzu - reflective DLL to run binaries from memory
2018-05-08 08:41 g0tmi1k Steps to Reproduce Updated
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-02-11 16:03 g0tmi1k Note Added: 0012236
2020-02-11 16:03 g0tmi1k Status new => closed
2020-02-11 16:03 g0tmi1k Resolution open => won't fix