Amnesiac
  • Welcome
  • Intended Usage
  • Get-Started
    • Quick Start
  • Main Menu
    • Available Commands
    • Main Menu Structure
    • [0] Scan Network for Admin Access
    • [1] Single-Listener (single target)
    • [2] Global-Listener (multiple targets)
    • [3] Scan Network for Listening Targets
    • Bookmarks
    • Payload Types
    • Payload Delivery
    • Serving Scripts
    • Sessions Display
    • Targets
    • Terminate Sessions
  • Sessions
    • Core Commands
      • Download
      • Exit
      • GListener
      • GLSet
      • Help
      • Kill
      • OneIsNone
      • Scramble
      • Sync
      • Toggle
      • Upload
    • System Commands
      • AV
      • Net
      • Process
      • Services
      • Sessions
      • Software
      • Startup
    • User Activity
      • ClearLogs
      • Clipboard
      • History and ClearHistory
      • Keylog and KeylogRead
      • ScreenShot and Screen4K
    • Scripts Loading
      • Mimi
      • Patch and PatchNet
      • PInject
      • PowerView
      • Rubeus
      • TLS
    • Local Actions
      • Ask4Creds
      • AutoMimi
      • CredMan
      • Dpapi
      • GetSystem
      • HashGrab
      • Hive
      • Kerb
      • Migrate
      • Monitor
    • Domain Actions
      • DCSync
      • CredValidate
      • Impersonation
      • LocalAdminAccess
      • PassSpray
      • Remoting
      • SessionHunter
  • Beware
    • Encryption
    • Non-Domain-Joined systems
    • SessionID 0
    • Timeouts
Powered by GitBook
On this page
  1. Sessions
  2. Local Actions

Migrate

Process Migration | Inject payload into specified PID

Last updated 1 year ago

The Migrate command is a crucial feature in Amnesiac, designed for process migration after successful exploitation. It may serve different purposes:

  1. Avoiding : By migrating to another process, Amnesiac can avoid running within a process, which is often restricted and lacks certain privileges.

  2. Executing Local Actions: Migrating to a suitable process, such as "explorer," allows Amnesiac to execute commands effectively. These commands may require execution from specific process IDs that have the necessary rights and access to users' activity.

  3. Impersonating Other Users' Sessions: The migration process also enables Amnesiac to impersonate other users' sessions on the system, allowing for lateral movement.

The Migrate command injects an Amnesiac payload into a specified target process ID. The payload initiates a new child process, which inherits all properties and rights of the parent process.

Once the migration process is complete, a new session is obtained within Amnesiac. Users can interact with this session, allowing them to perform various actions within the target environment.

It's worth noting that the payload is encrypted before injection into the target process.

The process injection action itself is performed using the module, and Amnesiac automates this action to facilitate process migration.

SessionID 0
SessionID 0
Local Actions
PInject