TikiTorch was named in homage to CACTUSTORCH by Vincent Yiu. The basic concept of CACTUSTORCH is that it spawns a new process, allocates a region of memory, then uses CreateRemoteThread to run the desired shellcode within that target process. Both the process and shellcode are specified by the user.
This is pretty flexible as it allows an operator to run an HTTP agent in a process such as iexplore.exe, rather than something more arbitrary like rundll32 or powershell.
TikiTorch follows the same concept but has multiple types of process injection available, which can be specified by the user at compile time.
Projects
TikiTorch is a Visual Basic solution, split into 8 projects.
- TikiLoader
- TikiSpawn
- TikiSpawnAs
- TikiSpawnElevated
- TikiCpl
- TikiService
- TikiThings
- TikiVader
In the first instance, please see the Wiki for usage instructions.
Example of TikiTorch can be found here.
