metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

MetasploitModule#make_kernel_user_payload

ring3 = user mode encoded payload
proc_name = process to inject APC into
ep_thl_b = EPROCESS.ThreadListHead.Blink offset
et_alertable = ETHREAD.Alertable offset
teb_acp = TEB.ActivationContextPointer offset
et_tle = ETHREAD.ThreadListEntry offset

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open modules/exploits/windows/smb/doublepulsar_rce.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-MetasploitModule-make_kernel_user_payload-for-pr

# Commit to git

git add modules/exploits/windows/smb/doublepulsar_rce.rbgit commit -m "better docs for MetasploitModule#make_kernel_user_payload"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-MetasploitModule-make_kernel_user_payload-for-pr

hub pull-request

# Celebrate!