Tired of boring dll injection tools? 🦠 Meet Parasite, a Nim-based library designed to make process manipulation exciting! 🚀 Combining the power of Winim & Jester with a user-friendly interface built on HTMX and Bulma CSS, Parasite injects fun into even the most mundane hacking tasks.
- Inject Delight: Run code on DLL load (
DllMain), optionally creating a separate thread and simulating necessary exports to satisfy the loader. - Temporarily Disabling Loader Lock for Thread Creation: To avoid potential deadlocks when interacting with WinAPI functions like
CreateThreadandWaitForSingleObject, the LoaderLock is temporarily disabled during thread creation. This ensures seamless execution of these system calls without introducing synchronization conflicts. - Remote Control: Spin up an HTTP server within the injected process, enabling remote control and communication (perfect for targets like
lsass.exe). - Process Playtime: Dynamically load/unload dlls in running processes for on-the-fly modifications.
- Memory Snapshot: Capture a full snapshot of the target's memory using
dbghelp.dll'sMiniDumpWriteDump. - Process Migration: Hop between processes with classic DLL injection techniques (using
WriteProcessMemory,CreateRemoteThread, andLoadLibrary). - Command Execution: Execute shell commands within the context of your injected process for stealthy control.
- Modularity & Speed: Parasite's design encourages easy extensibility - build standalone executables (injectors, dumpers) with ease! And it's lightning-fast!⚡️
Tested under:
- Windows 10 x64 19042
- Nim Compiler v.2.0.0
Dependencies:
(Manage via nimble install)
Building Parasite:
Precompiled x64 binaries are available for download in the releases section of this repo - no setup required, just start pwning!
Manual Build:
nimble buildor
nim c --app=lib --nomain -d:dumper -d:release --passL:-s -o:parasite-x64.dll src\parasite.nim
nim c --app=lib --nomain -d:dumper -d:fakeexports -d:release --passL:-s -o:dbghelp.dll parasite.nimFor a DLL with fake exports use -d:fakeexports after you adjust src\fakeexports.nim with the required exports.
x86 Support:
You can use 32-bit version of Nim to compile parasite to x86 arch. Alternatively, you can cross-compile on x64:
- Ensure mingw-32 is in your path variable.
- Compile with the following flags:
nim --cpu:i386 -d:release c src\parasite.nim- This project has been flagged as potentially malicious by certain antivirus vendors. This is likely because it has previously been weaponized and submitted to VT.
- The WMI module is still under development
This project includes additional tools for testing its functionalities independently of DLL hijacking techniques.
| Tool | Description |
|---|---|
dumper.exe |
Dumps process memory using the MiniDumpWriteDump function. |
injector.exe |
Injects a DLL of your choice into a specified process via classic DLL injection. |
parahttp.exe |
Allow for testing web application features independently of any DLL injections |
This project draws inspiration from:
- The amazing OffensiveNim repository.
- The Loader Lock unlocking technique is heavily inspired by the work of @ElliotKillick, particularly his LdrLockLiberator repository.