This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.
This project is comprised of the following elements:
- Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
- Functions.dll: The "real" library which exposes valid functionality to the harness
- Theif.dll: The "evil" library which is attempting to gain execution
- NetClone.exe: A C# application which will clone exports from one DLL to another
- PyClone.py: A python 3 script which mimics NetClone functionality
The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.
- Stc-Forward: Forwards export names during the build process using linker comments
- Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
- Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
- Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying
The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.
Prepare a hijack scenario with an obviously incorrect DLL
> copy C:\windows\system32\whoami.exe .\whoami.exe
1 file(s) copied.
> copy C:\windows\system32\kernel32.dll .\wkscli.dll
1 file(s) copied.
Executing in the current configuration should result in an error
> whoami.exe
"Entry Point Not Found"
Convert kernel32 to proxy functionality for wkscli
> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.
> whoami.exe
COMPUTER\User
Related posts
- Pentest Tools Review
- Growth Hacker Tools
- Pentest Tools For Mac
- Pentest Tools Find Subdomains
- Hacking Tools 2019
- Hack Tool Apk
- Hack Website Online Tool
- Hack Tool Apk No Root
- Hack App
- How To Hack
- Hacking Tools For Kali Linux
- Hacking Tools Pc
- Nsa Hacker Tools
- Hacking Tools Usb
- Pentest Tools For Windows
- Hacker Tools Mac
- Best Pentesting Tools 2018
- Github Hacking Tools
- Hacking Tools Name
- Hacker Tools Apk Download
- Nsa Hack Tools
- Hak5 Tools
- Pentest Tools Open Source
- Pentest Tools Framework
- Kik Hack Tools
- Hacking Tools
- Hacker Tools For Pc
- Hacker Tools 2019
- Pentest Box Tools Download
- How To Install Pentest Tools In Ubuntu
- How To Hack
- Pentest Tools Subdomain
- Pentest Tools Github
- New Hacker Tools
- Hacker Tools For Pc
- Pentest Tools Bluekeep
- Hack Tool Apk No Root
- Pentest Tools Website Vulnerability
- Hacker Tools Apk Download
- Kik Hack Tools
- Best Hacking Tools 2020
- Hacker Tools Hardware
- Hack Tools Pc
- Hack App
- Hack Tools
- Underground Hacker Sites
- Computer Hacker
- Hacking Tools Mac
- Hacker Search Tools
- Pentest Tools Download
- Hacker Tools Software
- Hacking Tools Pc
- Hack Website Online Tool
- Hak5 Tools
- Free Pentest Tools For Windows
- World No 1 Hacker Software
- Hacking Tools For Games
- Pentest Tools Nmap
- Install Pentest Tools Ubuntu
- Hacker Hardware Tools
- Pentest Recon Tools
- Hacking Tools Name
- Hack Tools For Windows
- Pentest Tools Review
- Hack Tools
- Hacker Tools 2020
- Hack Tools
- Hacking Tools For Windows 7
- Hacking Tools 2020
- Hacking Tools 2020
- Pentest Tools Android
- Pentest Tools Windows
- Hacker Tools For Windows
- Hacking Tools For Beginners
- Pentest Tools For Android
- Pentest Tools List
- Hack Tools For Games
- Easy Hack Tools
- Hack App
- Android Hack Tools Github
- Top Pentest Tools
- Physical Pentest Tools
- Hacking Tools Pc
- Hacker Tools Apk
- Hacking Tools Hardware
- Pentest Tools Tcp Port Scanner
- Hacker Tools Windows
- Hacking Tools For Mac
- Hacker Tools For Pc
- Pentest Tools Open Source
- Hack Tools For Ubuntu
- Hacker Tools Hardware
- Hacker
- Pentest Automation Tools
- Tools 4 Hack
- Hacker Tools For Ios
- Ethical Hacker Tools
- Ethical Hacker Tools
- Hack Tool Apk
- Hack Tools For Games
- Hacking Tools Free Download
- Pentest Tools Framework
- Bluetooth Hacking Tools Kali
- Pentest Tools Online
- Hack Tools For Windows
- Hacking Tools
- Pentest Tools Linux
- Hacker Tools 2020
- Hacker Search Tools
- Hack Rom Tools
- Hacker Tools Github
- Hacking App
- Wifi Hacker Tools For Windows
- Pentest Tools Online
- Pentest Tools Find Subdomains
- Hack App
- What Is Hacking Tools
- Tools 4 Hack
- Best Pentesting Tools 2018
- Hacking Tools
- Hacker Tools Linux
- Hacking Tools Pc
- Hacking Tools Hardware
- Hacking Tools Free Download
- Github Hacking Tools
- Hacker Tools Mac
- Free Pentest Tools For Windows
- Wifi Hacker Tools For Windows
- Computer Hacker
- Pentest Tools Kali Linux
No comments:
Post a Comment