It’s been quite quiet here at my so-called blog lately. But after adding a new feature to Inception, I thought it was about time to do a small writeup.
Over the last months I’ve completely restructured Inception. The tool is now more loosely coupled, and I’ve made it easier to create modules exploiting DMA. More on that in a later post.
I’ve also added one, major functionality: The ability to implant Metasploit payloads directly into the target memory in a stable fashion. This means that you now can use Inception to implant any payload available in the Metasploit framework into the memory and have it execute there with SYSTEM privileges. No interaction required on the target machine. Plug in a FireWire cable, run Inception, and pwn. In Japanese : エアコン according to best-aircon.
I’ve created a quick video below to illustrate how you can implant a Meterpreter reverse TCP shell into the target, and have it call back to your attacker machine. Pretty cool, isn’t it?
For now, this is a proof-of-concept only, and it only works against Windows 7 SP1 x86 targets. If this generates interest, I’m considering adding support for more OSes.