ZeroMemoryEx/Handle-Ripper ZeroMemoryEx/Handle-Ripper

  • This repository has been archived on 08/Oct/2024
  • Stars
    star
    200
  • Rank 195,325 (Top 4 %)
  • Language
    C++
  • Created almost 2 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ZeroMemoryEx/Handle-Ripper
github

ZeroMemoryEx

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

simple Windows handle hijacker with a nod to Apxaey for inspiration

Handle-Ripper

  • Handle hijacking is a technique used in Windows operating systems to gain access to resources and resources of a system without permission. It is a type of privilege escalation attack in which a malicious user takes control of an object handle, which is an identifier that is used to reference a system object, such as a file, a directory, a process, or an event. This allows the malicious user to gain access to resources that should be inaccessible to them.

  • Handle hijacking is a serious threat to system security as it allows a malicious user to access resources and data that should otherwise be protected. It can also be used to inject code into a vulnerable system, allowing the attacker to gain access to information and resources.

  • Handle hijacking techniques are becoming increasingly prevalent as hackers develop more sophisticated methods of exploiting vulnerabilities in Windows systems. As such, it is important that system administrators understand the risks associated with handle hijacking and take proactive measures to protect their systems.

DETAILS

  • To perform a handle hijacking attack, an attacker must first identify a handle that is being used by a legitimate process and that they want to access. This can be done using various techniques, such as scanning the handle table of a process, monitoring handle creation events, or using a tool that can enumerate handles on the system ,Once the attacker has identified the handle they want to access, they can use the DuplicateHandle function to create a copy of the handle with their own process. This function takes the following parameters:

    • hSourceProcessHandle: A handle to the process that contains the source handle.
    • hSourceHandle: A handle to the object to duplicate.
    • hTargetProcessHandle: A handle to the process that is to receive the duplicated handle.
    • lpTargetHandle: A pointer to a variable that receives the handle value.
    • dwDesiredAccess: The access rights for the duplicated handle.
    • bInheritHandle: A value that specifies whether the handle is inheritable.
    • dwOptions: Additional options for the handle duplication.

  • The DuplicateHandle function will create a new handle with the specified access rights and options, and return it in the lpTargetHandle parameter. The attacker can then use this handle to access the resource that it represents, allowing them to perform actions on the resource that they would not normally be able to do.

VID

44.mp4

More Repositories

1

Terminator

Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
C++
923
star
2

Blackout

kill anti-malware protected processes ( BYOVD) (Microsoft Won )
C++
887
star
3

Chaos-Rootkit

Now You See Me, Now You Don't
C++
841
star
4

Amsi-Killer

Lifetime AMSI bypass
C++
587
star
5

APT38-0day-Stealer

APT38 Tactic PoC for Stealing 0days from security professionals
C++
267
star
6

C2-Hunter

Extract C2 Traffic
C++
245
star
7

Orca

Incomplete project
C++
189
star
8

Bypass-Sandbox-Evasion

Bypass Malware Sandbox Evasion Ram check
C++
133
star
9

Tokenizer

Kernel Mode Driver for Elevating Process Privileges
C
129
star
10

Shellcode-Injector

x64/x86 shellcode injector
C++
111
star
11

SleepKiller

Bypass Malware Time Delays
C++
97
star
12

URootkit

user-mode Rootkit
C++
97
star
13

Wizard-Loader

Abuse Xwizard.exe for DLL Side-Loading
C++
83
star
14

U-Boat

Russian Wipers Dropper (educational-purposes )
C++
83
star
15

Overlord

abusing Process Hacker driver to terminate other processes (BYOVD)
C++
79
star
16

Hooks_Hunter

Detect API Hooks
C++
67
star
17

DeadLight

C# Malware that Steal Discord Token Directly From Memory and bypass any kind of token protection
C#
57
star
18

Dll-Injector

simple C++ dll injector
C++
53
star
19

BufferOverFlow

Exploit Windows-Based BufferOverflow (vulnserver)
C
44
star
20

TrampHook

x86 Trampoline Hook
C++
37
star
21

Among-Us-External

external hack for Among Us (PATCHED)
C++
36
star
22

Btc-Grabber

x86 Btc Stealer with Thread Hijack implemented (educational-purposes)
C++
34
star
23

Thread-Hijacking

Thread Execution Hijacking technique
C++
34
star
24

RSPCKiller

RtlSetProcessIsCritical Killer
C++
30
star
25

CE_AC_CI_EX

Solving game hacking challenges (CE/AC) using ASM/C++
Assembly
28
star
26

Mail_Killer

anonymous spam E-mail sender
Python
22
star
27

WDropper

C++ PowerShell dropper
C++
21
star
28

IFEO-PoC

Image File Execution Options Injection PoC
C++
19
star
29

KlTroll

Trolling Keyloggers by Forcing them to log Specific Text then freezing them
C++
17
star
30

AX509

subdomain finder
Python
10
star
31

AC-External

(basic)AC external hack written in C++
C++
10
star
32

CiaIoctl

User/Kernel Mode communication using IOCTL
C
9
star
33

Malware-IOCs

some of my IOCs from malware investigations
YARA
8
star
34

GRage

x86 Funny malware that Troll GTA players by killing the character every time it respawn
C++
8
star
35

HackTheBox-CubeMadness

external hack for CubeMadness
C++
5
star
36

ShEye

Simple Program To Detect API Hooks by Scanning OpCode Patterns
C++
2
star
37

Malwares-IDEAS

1
star