Core Impact Advanced Techniques | Agent Process Injection

This video demonstrates how to inject a Core Impact agent in a process on the host box. Steps include:

  1. Understanding what process are running
  2. Determining what process to inject an agent into
  3. Injecting the agent
  4. Verifying agent was successfully injected

 

 

 

For this example, we’ll use Agent1 on the domain controller example box. First, we need to know what processes are running on the host box. Over in modules, search for process injector.

Select Get Process List, and drag it down onto agent1

Select Get Process List, and drag it down onto agent1. A box will pop up, select OK.

A box will pop up, select okay.

Under module output, we’ll see the process list. Now we’ll search for a process that we want to inject an agent into. Take note of the process number. For this example, we’ll use 1284.

Get process list

Next, grab process injector from the modules tab, and drag it onto Agent1. A pop-up box will appear. Type in the process number and select OK.

Insert process number

A new agent will appear, Agent2. If you look at the module log tab, it should note that the exploit was successful.

exploit successful

Now that our agent has been injected, we can get deeper and deeper into the system and figure out what our next steps should be.