PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system.
PCILeech supports multiple hardware. Currently only the USB3380 hardware is publically available. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel module (KMD) is first inserted into the target system kernel.
PCILeech is capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”. It is also possible to remove the logon password requirement, loading unsigned drivers, executing code and spawn system shells. PCIleech runs on Windows/Linux/Android. Supported target systems are currently the x64 versions of: Linux, FreeBSD, macOS and Windows.
pcileech
Capabilities:
+ Retrieve memory from the target system at >150MB/s.
+ Write data to the target system memory.
+ 4GB memory can be accessed in native DMA mode.
+ ALL memory can be accessed if kernel module (KMD) is loaded.
+ Mount live RAM as file [Linux, Windows, macOS].
+ Mount file system as drive [Linux, Windows, macOS].
+ Execute kernel code on the target system.
+ Spawn system shell [Windows].
+ Spawn any executable [Windows].
+ Load unsigned drivers [Windows].
+ Pull files [Linux, FreeBSD, Windows, macOS].
+ Push files [Linux, Windows, macOS].
+ Patch / Unlock (remove password requirement) [Windows, macOS].
+ Easy to create own kernel shellcode and/or custom signatures.
+ Even more features not listed here …
Usage & Install :
git clone https://github.com/ufrisk/pcileech && cd pcileech sudo apt-get install libusb-1.0-0-dev pkg-config cd pcileech make ./pcileech -h upgrade: git pull origin master
Source: https://github.com/ufrisk