Process Injection Tasks

[salu90]

Adds three new Tasks that leverage the SharpsSploit.Execution.Injection namespace. Tasks names include "ProcessInjection" because otherwise they just don't work properly (#252).

• ProcessInjectionRemote: Uses the SectionMapAlloc allocation technique to copy the payload into the user-specified PID and executes it using any of the available options in the RemoteThreadCreate execution technique (NtCreateThreadEx, RtlCreateUserThread, CreateRemoteThread).

ProcessInjectionRemote [ExecutionTechnique] [ProcessID] [PICpayload]
ProcessInjectionRemote CreateRemoteThread 1234 grunt.bin

• ProcessInjectionLocal: Uses the SectionMapAlloc allocation technique to copy the payload into the current process and executes it using a delegate (like the Shellcode task but using SectionMapAlloc :P)

ProcessInjectionLocal [PICpayload]
ProcessInjectionLocal meterpreterx64.bin

• ProcessInjectionSpawn: Spawns a new user-specified process and uses the SectionMapAlloc allocation technique to copy the payload. The payload is then executed using any of the available options in the RemoteThreadCreate execution technique (NtCreateThreadEx, RtlCreateUserThread, CreateRemoteThread). Supports Parent Process Spoofing (PPID) and the BlockDLLs attribute.

ProcessInjectionSpawn [ExecutionTechnique] [Binary] [PICpayload] (ParentPID) (BlockDLL)
ProcessInjectionSpawn CreateRemoteThread C:\windows\system32\notepad.exe beaconx64.bin
ProcessInjectionSpawn CreateRemoteThread C:\windows\system32\notepad.exe beaconx64.bin 5523 true

Tasks code has been adapted from the workshop Ryan Cobb did at Black Hat Arsenal USA 2020.
Thanks to @fuzzysec and @TheRealWover for the process injection additions.

These tasks require cobbr/SharpSploit#64 to be merged.

[cobbr]

Thanks for getting the ball rolling on this @salu90 . For now, I've combined a couple of these tasks into one "Inject" task.