Core Impact Advanced Techniques | Agent Process Injection
This video demonstrates how to inject a Core Impact agent in a process on the host box. Steps include:
- Understanding what process are running
- Determining what process to inject an agent into
- Injecting the agent
- Verifying agent was successfully injected
For this example, we’ll use Agent1 on the domain controller example box. First, we need to know what processes are running on the host box. Over in modules, search for process injector.
Select Get Process List, and drag it down onto agent1. A box will pop up, select OK.
Under module output, we’ll see the process list. Now we’ll search for a process that we want to inject an agent into. Take note of the process number. For this example, we’ll use 1284.
Next, grab process injector from the modules tab, and drag it onto Agent1. A pop-up box will appear. Type in the process number and select OK.
A new agent will appear, Agent2. If you look at the module log tab, it should note that the exploit was successful.
Now that our agent has been injected, we can get deeper and deeper into the system and figure out what our next steps should be.