Skip to content

ninjabear/software-firewall-bypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

FindSocketHandles.c

FindSocketHandles.c

 
 

FindSocketHandles.h

FindSocketHandles.h

 
 

README.md

README.md

 
 

dmode.c

dmode.c

 
 

main.c

main.c

 
 

pInject.c

pInject.c

 
 

Repository files navigation

SoftwareFirewallBypass

Finds a trusted process (one with an open socket handle) and uses process injection to leverage it's trust setting.

This was designed against tools like ZoneAlarm which users "trust" to open a socket. As the process is altered in memory the hash of the executable on disc doesn't change, therefore it wasn't registered as modified.

This worked on XP. I suspect with UAC it no longer works, but is a good example of iterating over open handles in windows, and injecting C into another process using CreateRemoteThread (and fixing up the reloc table of the current module to do so).

About

Finds a trusted process (one with an open socket handle) and uses process injection to leverage it's trust setting

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages