Thursday, May 25, 2023

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

More articles


  1. Ethical Hacker Tools
  2. Hacking Tools Hardware
  3. Hacking Tools Download
  4. Hacking Tools For Windows Free Download
  5. Beginner Hacker Tools
  6. Hacking Tools Usb
  7. Easy Hack Tools
  8. Pentest Reporting Tools
  9. Pentest Tools Github
  10. Hacker Tools 2020
  11. Pentest Tools For Android
  12. Tools 4 Hack
  13. Hacker Tools
  14. Pentest Tools Website Vulnerability
  15. Growth Hacker Tools
  16. Hacker Tools
  17. Blackhat Hacker Tools
  18. Hacker Tools Free
  19. Hacker Tools Online
  20. Hacking Tools 2020
  21. Hacker Tools List
  22. Growth Hacker Tools
  23. Pentest Tools For Windows
  24. Best Hacking Tools 2020
  25. How To Hack
  26. Nsa Hack Tools Download
  27. Best Hacking Tools 2020
  28. Best Hacking Tools 2019
  29. Hacker Tool Kit
  30. Hacker Tools
  31. Hacking Tools Software
  32. Github Hacking Tools
  33. Hack Tools 2019
  34. Kik Hack Tools
  35. Underground Hacker Sites
  36. Hacking Tools Software
  37. Nsa Hack Tools
  38. Hacking Tools Online
  39. Hack Tools For Mac
  40. Bluetooth Hacking Tools Kali
  41. Hacking Tools Mac
  42. Underground Hacker Sites
  43. Pentest Tools Website
  44. Hacking Tools For Windows 7
  45. Hacking Tools For Kali Linux
  46. Tools 4 Hack
  47. Hacker Tools List
  48. Hacking Tools For Kali Linux
  49. Hack Tools For Mac
  50. Hacker Tools Github
  51. Pentest Tools Subdomain
  52. Pentest Tools
  53. Bluetooth Hacking Tools Kali
  54. Best Hacking Tools 2020
  55. Bluetooth Hacking Tools Kali
  56. How To Hack
  57. Hacker Tools Hardware
  58. Pentest Tools Apk
  59. Hacks And Tools
  60. Pentest Tools Linux
  61. Hacking Tools Download
  62. Termux Hacking Tools 2019
  63. Hacking Tools Name
  64. Pentest Tools For Android
  65. Hack Tools For Ubuntu
  66. Hacking Tools For Windows
  67. World No 1 Hacker Software
  68. Hacker Tools List
  69. Hack Tool Apk No Root
  70. Hack Tools For Ubuntu
  71. Usb Pentest Tools
  72. Hack Tools For Pc
  73. Pentest Tools Find Subdomains
  74. How To Hack
  75. Pentest Tools Url Fuzzer
  76. Pentest Tools Alternative
  77. Hacker Tools Github
  78. Hacker
  79. Pentest Tools Open Source
  80. What Is Hacking Tools
  81. How To Install Pentest Tools In Ubuntu
  82. Pentest Tools Open Source
  83. Hack Tools Pc
  84. Hacking Tools Mac
  85. Pentest Tools Url Fuzzer
  86. Computer Hacker
  87. Computer Hacker
  88. Pentest Tools Bluekeep
  89. Hacker Tools Online
  90. Hacker Tools 2020
  91. Hackrf Tools
  92. Pentest Tools For Windows
  93. Pentest Tools For Ubuntu
  94. Hacking Tools For Windows Free Download
  95. Hack Tool Apk
  96. Pentest Tools Tcp Port Scanner
  97. Hacking App
  98. Pentest Tools Website
  99. Hacks And Tools
  100. Pentest Tools For Mac
  101. Hacking Tools For Mac
  102. Hacker Tools 2019
  103. Pentest Tools Online
  104. Pentest Tools Apk
  105. Pentest Tools For Mac
  106. Pentest Tools Website Vulnerability
  107. Pentest Tools Open Source
  108. Ethical Hacker Tools
  109. Pentest Tools Tcp Port Scanner
  110. Hack And Tools
  111. Pentest Recon Tools
  112. Hack Tools Online
  113. Pentest Box Tools Download
  114. Hacker Tools Apk
  115. Hacking Tools Download
  116. Tools Used For Hacking
  117. Hacking Tools Usb
  118. Hacking Tools Windows 10
  119. Install Pentest Tools Ubuntu
  120. Hackrf Tools
  121. Pentest Tools For Windows
  122. Tools Used For Hacking
  123. Pentest Tools Free
  124. Pentest Tools Nmap
  125. Hacker Techniques Tools And Incident Handling
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)