[Feature Request] Integration of TikiTorch #87
Comments
|
AFAIK Covenant can't generate Grunt shellcode (yet?), it's why there are no process injection Tasks at all. Not sure what the timescales for that are, but once that's tackled I'd love to port the functionality over. EDIT: I should also point out that this is possible to do manually: https://rastamouse.me/2019/08/covenant-donut-tikitorch/ |
|
@rasta-mouse I read your blog post <3 it's pretty amazing, that's why I created this post. I wonder if it would be possible to automate this with PowerShell once you have the GruntStager.exe assuming you have Donut and Tikitorch on the system. |
|
Perhaps, but it wouldn't exactly be elegant. Best just to roadmap the development properly IMO. |
|
@cobbr how hard would this be? |
|
No clue, I'm not super familiar with TikiTorch to be honest. Once we have process injection/migration integrated, I'll definitely take a look! |
|
@cobbr TikiTorch is just a library of a few process injection / hollowing techniques. There's nothing really special about it - if the correct Windows APIs were in SharpSploit (for example), a Covenant Task could just recreate the same steps as a TikiTorch payload would. |
Feature Request or Bug
Feature Request
Describe the feature request or bug
Creating a task that would allow a launcher to do Inject into new process using TikiTorch
given that you know the PID of target process would be awesome :)
Expected behavior
The launcher is now under a different process such as svchost or explorer
The text was updated successfully, but these errors were encountered: