TL;DR

The source code of this idea is available on GitHub

And the weaponized version is available in emp3r0r

1. Use echo 'print __libc_dlopen_mode("/path/to/library.so", 2)' | gdb -p <PID> for process injection
2. Write a shared library to inject into sshd process
3. In the library, fork a child …

View comments.

See also

• Weaponized shared library injection
• Shellcode injection 101
• Emp3r0r

Dynamic Linker/Loader - Make an ELF load specific libraries

Intro

Strictly speaking, this is not the process injection you are expecting. Abusing ld.so can help you get your shared object (library) loaded in future processes the ELF file might …

View comments.