Home

Awesome

Project Ares

Project Ares Injector

Project Ares Injector is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique. The loader injects a PE into a remote process and features:

The loader is currently only 64-bit and only supports 64-bit payloads.

Project Ares Cryptor

Cryptor is a basic console application meant to encrypt the payload before adding it as a PE resource to the Injector. It takes a single <filepath> argument to the payload on disk, which is then encrypted and written to disk as payload.bin.

Usage

  1. Change the encryption key in Injector/main.cpp at line 329 to a 16-byte value
  2. Change the encryption key in Cryptor/main.cpp at line 34 to match the encryption key in Injector

Optionally, the initialization vectors can be modified, they should be 16-bytes as well:

const uint8_t iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };
  1. Use Cryptor.exe to encrypt your x64 payload of choice
  2. Add payload.bin as a resource to Injector, make sure to name it payload_bin or modify Injector/main.cpp line 324 to match the given name:
HRSRC rc = FindResource(NULL, MAKEINTRESOURCE(IDR_PAYLOAD_BIN1), L"PAYLOAD_BIN");
  1. Profit

Note:

The default spawned process is svchost.exe The default spoofed parent process is explorer.exe