Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

Advertisement


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Related links
  1. Hacker Tools For Pc
  2. Nsa Hack Tools
  3. Hacker Tools Software
  4. Install Pentest Tools Ubuntu
  5. Ethical Hacker Tools
  6. Pentest Tools List
  7. Hack App
  8. Hacker Tools Mac
  9. Hacking Tools Usb
  10. Game Hacking
  11. Hacker Tools For Pc
  12. Hacking Tools For Windows
  13. Pentest Tools Online
  14. Hacker Tools Online
  15. Hack Tools For Windows
  16. Blackhat Hacker Tools
  17. Hacking Tools Windows 10
  18. Hacker Tools
  19. Pentest Box Tools Download
  20. Nsa Hacker Tools
  21. Hacker Tools Apk Download
  22. Hack Tools For Ubuntu
  23. Hacking Tools Windows 10
  24. Pentest Tools For Windows
  25. Hacking Apps
  26. Beginner Hacker Tools
  27. Hacking Tools Hardware
  28. Best Hacking Tools 2019
  29. Hack Tools
  30. New Hacker Tools
  31. Hacker Tools Free Download
  32. Pentest Tools Online
  33. Hack Tools Download
  34. Hacking App
  35. Hacker Tools List
  36. Hacker Tools Apk
  37. Hacker Search Tools
  38. Pentest Tools Download
  39. Hacker Search Tools
  40. Hack App
  41. Github Hacking Tools
  42. Pentest Tools Linux
  43. Hacker Tools Linux
  44. World No 1 Hacker Software
  45. Hacker Tools For Pc
  46. Hacking Tools Online
  47. Hack Tools
  48. Hacking Tools For Pc
  49. Best Hacking Tools 2019
  50. Hack Website Online Tool
  51. Hackers Toolbox
  52. Bluetooth Hacking Tools Kali
  53. Pentest Tools For Android
  54. Hackrf Tools
  55. Hacking Tools Download
  56. Hacking Apps
  57. Underground Hacker Sites
  58. Hacker Tools Hardware
  59. Wifi Hacker Tools For Windows
  60. Pentest Tools Alternative
  61. Hack Tools Mac
  62. New Hacker Tools
  63. Pentest Tools
  64. Pentest Tools For Mac
  65. Hacker Tools Hardware
  66. Hack App
  67. Pentest Tools Apk
  68. Nsa Hacker Tools
  69. Pentest Automation Tools
  70. Hacker Tools For Ios
  71. Hack Tools Pc
  72. Hacking App
  73. Nsa Hack Tools Download
  74. Hacker Tools For Ios
  75. World No 1 Hacker Software
  76. Tools Used For Hacking
  77. Physical Pentest Tools
  78. Pentest Tools Nmap
  79. Usb Pentest Tools
  80. Hack Tools Online
  81. Hack Tools
  82. Pentest Tools Kali Linux
  83. World No 1 Hacker Software
  84. Hacking Tools Software
  85. Hackrf Tools
  86. Top Pentest Tools
  87. What Are Hacking Tools
  88. Hacking Tools For Kali Linux
  89. Android Hack Tools Github
  90. Hacking Tools 2019
  91. Hacker Tools Linux
  92. Hacking Tools Github
  93. Hacking Tools Windows
  94. Nsa Hacker Tools
  95. Pentest Tools Nmap
  96. Hack Website Online Tool
  97. Hacker
  98. Hackers Toolbox
  99. Hacking Tools For Pc
  100. Hacking Tools For Windows Free Download
  101. Hack Tools For Games
  102. Hacking Tools Usb
  103. Best Pentesting Tools 2018
  104. Bluetooth Hacking Tools Kali
  105. How To Make Hacking Tools
  106. Pentest Tools Website
  107. Hacking Tools Name
  108. Hacking Tools For Windows 7
  109. Physical Pentest Tools
  110. Pentest Tools Website Vulnerability
  111. Black Hat Hacker Tools
  112. Hacker Tools 2019
  113. Hacker Security Tools
  114. Hacking Tools Hardware
  115. Hack Tools
  116. Pentest Tools Review
  117. Best Hacking Tools 2020
  118. Hacking App
  119. Hack Tools
  120. New Hack Tools
  121. Pentest Tools Free
  122. Hacking Tools 2020
  123. Pentest Tools Port Scanner

Arsip Blog

Copyright © 2009 - - Kiamat | Coin Free Faucet Claim | Firebug Theme by Blog Oh! Blog | Converted to Blogger Template by ThemeLib.com | Jasa Promosi Online - Tukar Link Gratis