يتذكر فهداً رآه على شاشة التلفزيون،
فهدا قويا يحاصر ظبيا رضيعا
وحين دنا منه شم الحليب
فلم يفترسه
كأن الحليب يروض وحش الفلاة
م.د
"حنى الوحوش ترفض أن تفعل مثلكم وتؤذي الطفولة أيها المجرمون"

04‏/06‏/2023

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Related posts
  1. Best Pentesting Tools 2018
  2. Hacker Tools List
  3. Hack Tool Apk
  4. Hacker Tools Apk Download
  5. Hacking Tools Kit
  6. Pentest Tools Online
  7. Tools For Hacker
  8. Android Hack Tools Github
  9. Pentest Tools Find Subdomains
  10. Free Pentest Tools For Windows
  11. Hacker Security Tools
  12. Ethical Hacker Tools
  13. Hack Tools 2019
  14. Hacking Tools Kit
  15. Pentest Tools Free
  16. Physical Pentest Tools
  17. Hacking Tools Windows 10
  18. Pentest Tools Android
  19. Pentest Tools Website
  20. Pentest Tools Kali Linux
  21. Pentest Tools Download
  22. Hacking Tools 2020
  23. Hacker Tool Kit
  24. Pentest Box Tools Download
  25. Hacking Tools Software
  26. Easy Hack Tools
  27. World No 1 Hacker Software
  28. Pentest Tools Find Subdomains
  29. Hack Tools
  30. Hacking Tools Usb
  31. What Are Hacking Tools
  32. Hacker Tools For Pc
  33. Pentest Tools Subdomain
  34. Termux Hacking Tools 2019
  35. Hacker Tools List
  36. Pentest Tools Website Vulnerability
  37. Hack Tools Github
  38. Hacker Tool Kit
  39. Hacker Tools Free Download
  40. Hacker Tools List
  41. Pentest Tools Find Subdomains
  42. Ethical Hacker Tools
  43. Hacking Tools Github
  44. Hacking Tools Windows
  45. Hacker Tools Free Download
  46. Pentest Tools For Android
  47. Hack And Tools
  48. Pentest Tools Subdomain
  49. What Are Hacking Tools
  50. Hacking Tools For Pc
  51. Hacker Tools Mac
  52. Hacker Search Tools
  53. Nsa Hack Tools
  54. Hack Tools For Ubuntu
  55. Hacking Tools Hardware
  56. Hacker Tools Hardware
  57. Hacker Tools Free Download
  58. Pentest Tools Port Scanner
  59. Easy Hack Tools
  60. Hack Tools For Pc
  61. Ethical Hacker Tools
  62. Pentest Tools Website Vulnerability
  63. Hack Tools For Mac
  64. Hacking App
  65. Pentest Tools Nmap
  66. Hacker Tools For Windows
  67. Best Hacking Tools 2019
  68. Hack Tools For Games
  69. Hacking Tools Name
  70. Pentest Tools For Android
  71. Pentest Tools For Android
  72. Hacker Tools For Pc
  73. Pentest Tools List
  74. Top Pentest Tools
  75. Wifi Hacker Tools For Windows
  76. Tools 4 Hack
  77. Pentest Tools Kali Linux
  78. Hacking Tools Hardware
  79. Free Pentest Tools For Windows
  80. Hacking Tools Name
  81. Hacker
  82. Hack Tool Apk
  83. Hack Tools For Ubuntu
  84. Hacking Tools Pc
  85. Pentest Tools Bluekeep
  86. Hacker Tools List
  87. Pentest Tools Linux
  88. Hacking Tools Pc
  89. Hacking Tools For Beginners
  90. Hacking Tools Free Download
  91. Hacking Tools Mac
  92. Hacker Tools Windows
  93. Pentest Tools Website Vulnerability
  94. Hacking Tools
  95. Hacking Tools And Software
  96. Hack Tools Pc
  97. Hack Tools Github
  98. Hacker Tools For Mac
  99. Hack Tools Online
  100. Hak5 Tools
  101. Hack Tools Github
  102. Hacker Tools
  103. Hack Tools Mac
  104. Hacker Tools Software
  105. Computer Hacker
  106. Hacking Tools For Pc
  107. World No 1 Hacker Software
  108. Hack Tools For Pc
  109. Hacker Security Tools
بقلم: في

ليست هناك تعليقات:

إرسال تعليق

الاشتراك في: تعليقات الرسالة (Atom)