Pinjector is a security tool that allows users to execute applications in the context of other users. This tool is used most times in penetration tests to inject code into the logged admin or domain admin process and spawn a shell with their credentials.
This tool was originally released at the NoConName Security congress (Spanish paper)



This tool will list all the process and the asocciated owner and spawn a shell on the selected target.




pinjector calls the api CreateRemoteThread to execute a new threaded proccess that will execute an static bindshell code. The new proccess will inherit the user token so, after connection to the bindshell port ( port 8080 by default ), the new shell will have the new privileges.



The High quality video that shows how to use pinjector is available here for download

Honestly i can´t imagine a penetration test without using this tool, as every time a new computer is accesed, there is a high change that the logged user is able to grant you access to more hosts.
We are currently working on a new version that is able to inject into remote threads by suspending the thread and changing their context. This is needed because some times there are threads running as another user but you cant inject code into the running process. You can also browse online the source code.

Usage Information:
Privilege Switcher for Win32(Private version)
(c) 2006 Andres Tarasco - [email protected]

Usage:
inject.exe -l (Enumerate Credentials)
inject.exe -p <pid> <cmd> <port> (Inject into PID)



Download (Windows executable + Source code)