This post discusses the history of process injection implementations on Linux and introduces a simpler implementation for learning and portability. The author focuses on a common situation in penetration testing where there is command execution as a non-root user and the goal is to stage native code on the target. The author categorizes the methods into two main approaches: using shell commands to write code to a file and execute it, or using the ptrace syscall to debug a process and inject code into it. The post highlights the downsides and limitations of the different approaches and suggests a more straightforward implementation using /proc/[pid]/mem devices for process injection. The author also provides examples of tools and techniques used for process injection on Linux, including an interesting approach that allows providing an ELF input instead of shellcode for loading into memory. The post concludes by presenting a simple implementation using a dumb approach that only requires the use of “dd” and shell script commands to inject code into a process’s memory. Overall, the content provides valuable insights into process injection on Linux and offers alternative methods for achieving the desired results.
https://joev.dev/posts/unprivileged-process-injection-techniques-in-linux