Migrate
Process Migration | Inject payload into specified PID
The Migrate
command is a crucial feature in Amnesiac, designed for process migration after successful exploitation. It may serve different purposes:
Avoiding SessionID 0: By migrating to another process, Amnesiac can avoid running within a SessionID 0 process, which is often restricted and lacks certain privileges.
Executing Local Actions: Migrating to a suitable process, such as "explorer," allows Amnesiac to execute Local Actions commands effectively. These commands may require execution from specific process IDs that have the necessary rights and access to users' activity.
Impersonating Other Users' Sessions: The migration process also enables Amnesiac to impersonate other users' sessions on the system, allowing for lateral movement.
The Migrate
command injects an Amnesiac payload into a specified target process ID. The payload initiates a new child process, which inherits all properties and rights of the parent process.
Once the migration process is complete, a new session is obtained within Amnesiac. Users can interact with this session, allowing them to perform various actions within the target environment.
It's worth noting that the payload is encrypted before injection into the target process.
The process injection action itself is performed using the PInject module, and Amnesiac automates this action to facilitate process migration.
Last updated