metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

Rex::Payloads::Win32::Kernel::Stager._run_only_in_win32proc_stub

This stub is used by stagers to check to see if the code is
running in the context of a user-mode system process.  By default,
this process is lsass.exe.  If it isn't, it runs the code
specified by append.  Otherwise, it jumps past that code and
into what should be the expected r3 payload to execute.  This
stub also makes sure that the payload does not run more than
once.

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open lib/rex/payloads/win32/kernel/stager.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-Rex--Payloads--Win32--Kernel--Stager-_run_only_in_win32proc_stub-for-pr

# Commit to git

git add lib/rex/payloads/win32/kernel/stager.rbgit commit -m "better docs for Rex::Payloads::Win32::Kernel::Stager._run_only_in_win32proc_stub"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-Rex--Payloads--Win32--Kernel--Stager-_run_only_in_win32proc_stub-for-pr

hub pull-request

# Celebrate!