This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.
This project is comprised of the following elements:
- Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
- Functions.dll: The "real" library which exposes valid functionality to the harness
- Theif.dll: The "evil" library which is attempting to gain execution
- NetClone.exe: A C# application which will clone exports from one DLL to another
- PyClone.py: A python 3 script which mimics NetClone functionality
The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.
- Stc-Forward: Forwards export names during the build process using linker comments
- Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
- Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
- Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying
The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.
Prepare a hijack scenario with an obviously incorrect DLL
> copy C:\windows\system32\whoami.exe .\whoami.exe
1 file(s) copied.
> copy C:\windows\system32\kernel32.dll .\wkscli.dll
1 file(s) copied.
Executing in the current configuration should result in an error
> whoami.exe
"Entry Point Not Found"
Convert kernel32 to proxy functionality for wkscli
> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.
> whoami.exe
COMPUTER\User
More articles
- Ethical Hacker Tools
- Hacking Tools Hardware
- Hacking Tools Download
- Hacking Tools For Windows Free Download
- Beginner Hacker Tools
- Hacking Tools Usb
- Easy Hack Tools
- Pentest Reporting Tools
- Pentest Tools Github
- Hacker Tools 2020
- Pentest Tools For Android
- Tools 4 Hack
- Hacker Tools
- Pentest Tools Website Vulnerability
- Growth Hacker Tools
- Hacker Tools
- Blackhat Hacker Tools
- Hacker Tools Free
- Hacker Tools Online
- Hacking Tools 2020
- Hacker Tools List
- Growth Hacker Tools
- Pentest Tools For Windows
- Best Hacking Tools 2020
- How To Hack
- Nsa Hack Tools Download
- Best Hacking Tools 2020
- Best Hacking Tools 2019
- Hacker Tool Kit
- Hacker Tools
- Hacking Tools Software
- Github Hacking Tools
- Hack Tools 2019
- Kik Hack Tools
- Underground Hacker Sites
- Hacking Tools Software
- Nsa Hack Tools
- Hacking Tools Online
- Hack Tools For Mac
- Bluetooth Hacking Tools Kali
- Hacking Tools Mac
- Underground Hacker Sites
- Pentest Tools Website
- Hacking Tools For Windows 7
- Hacking Tools For Kali Linux
- Tools 4 Hack
- Hacker Tools List
- Hacking Tools For Kali Linux
- Hack Tools For Mac
- Hacker Tools Github
- Pentest Tools Subdomain
- Pentest Tools
- Bluetooth Hacking Tools Kali
- Best Hacking Tools 2020
- Bluetooth Hacking Tools Kali
- How To Hack
- Hacker Tools Hardware
- Pentest Tools Apk
- Hacks And Tools
- Pentest Tools Linux
- Hacking Tools Download
- Termux Hacking Tools 2019
- Hacking Tools Name
- Pentest Tools For Android
- Hack Tools For Ubuntu
- Hacking Tools For Windows
- World No 1 Hacker Software
- Hacker Tools List
- Hack Tool Apk No Root
- Hack Tools For Ubuntu
- Usb Pentest Tools
- Hack Tools For Pc
- Pentest Tools Find Subdomains
- How To Hack
- Pentest Tools Url Fuzzer
- Pentest Tools Alternative
- Hacker Tools Github
- Hacker
- Pentest Tools Open Source
- What Is Hacking Tools
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Open Source
- Hack Tools Pc
- Hacking Tools Mac
- Pentest Tools Url Fuzzer
- Computer Hacker
- Computer Hacker
- Pentest Tools Bluekeep
- Hacker Tools Online
- Hacker Tools 2020
- Hackrf Tools
- Pentest Tools For Windows
- Pentest Tools For Ubuntu
- Hacking Tools For Windows Free Download
- Hack Tool Apk
- Pentest Tools Tcp Port Scanner
- Hacking App
- Pentest Tools Website
- Hacks And Tools
- Pentest Tools For Mac
- Hacking Tools For Mac
- Hacker Tools 2019
- Pentest Tools Online
- Pentest Tools Apk
- Pentest Tools For Mac
- Pentest Tools Website Vulnerability
- Pentest Tools Open Source
- Ethical Hacker Tools
- Pentest Tools Tcp Port Scanner
- Hack And Tools
- Pentest Recon Tools
- Hack Tools Online
- Pentest Box Tools Download
- Hacker Tools Apk
- Hacking Tools Download
- Tools Used For Hacking
- Hacking Tools Usb
- Hacking Tools Windows 10
- Install Pentest Tools Ubuntu
- Hackrf Tools
- Pentest Tools For Windows
- Tools Used For Hacking
- Pentest Tools Free
- Pentest Tools Nmap
- Hacker Techniques Tools And Incident Handling
No comments:
Post a Comment