Vulcan can preform several different process injection techniques on Windows machines. Including DLL Injection, Shellcode Injection, and Process Hollowing. It is a useful tool for the red teamer allowing custom shell code to be executed. For the blue teamer it is a great way to test your defenses.
- Visual Studio
You will need to compile your own binary. For more information on how to do this refer to vulcan home page 🖖.
With a compiled binary I attempted to run it and got the following.
PS C:\Users\vagrant\vulcan\bin> ./vulcan_x64.exe -m 1500 -i 2 notepad.exe Using calc x64 shellcode... [-] Error: Could not find PID (0).
After some trial and error I finally understood this error. What it's saying is that it cant find the process, notepad.exe, I had specified. Running
notepad.exe fixed this issue.
C:\lab\vulcan\bin>vulcan_x64.exe -m 1500 -i 2 notepad.exe Using calc x64 shellcode... Executing... [*] Creating process in suspended state [+] Create process successful! [*] Allocating memory in process [+] Memory allocated at: 0xaff40000 [*] Writing shellcode to process [+] Shellcode is written to memory [*] Queue APC [+] QueueAPC is done [*] Resuming thread....
After that I started playing around with it and found it to work rather well. I highly recommend giving it a try.