Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
        1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
        1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User

Related posts
  1. Black Hat Hacker Tools
  2. Hack Tools For Ubuntu
  3. Hack Website Online Tool
  4. Hacker Tools 2019
  5. Pentest Tools Subdomain
  6. Hacking Tools For Beginners
  7. How To Hack
  8. Hack Tools Download
  9. Hacker Tools Free
  10. Nsa Hack Tools
  11. Best Pentesting Tools 2018
  12. Nsa Hack Tools Download
  13. Hacking Tools Hardware
  14. Hacking Tools Hardware
  15. Pentest Tools For Android
  16. Kik Hack Tools
  17. Best Hacking Tools 2019
  18. Kik Hack Tools
  19. Hacks And Tools
  20. Free Pentest Tools For Windows
  21. Best Hacking Tools 2020
  22. Hacker Tools 2020
  23. Pentest Tools For Windows
  24. Hack Tools Online
  25. Hack Tools Online
  26. Install Pentest Tools Ubuntu
  27. Computer Hacker
  28. Free Pentest Tools For Windows
  29. Hacker
  30. Hacker Tools 2020
  31. Pentest Tools Framework
  32. Pentest Tools Android
  33. Blackhat Hacker Tools
  34. Physical Pentest Tools
  35. How To Hack
  36. Pentest Tools Website
  37. Hack Tools
  38. Tools Used For Hacking
  39. Hacker Security Tools
  40. Hak5 Tools
  41. Hacker Tools
  42. Growth Hacker Tools
  43. Pentest Tools Framework
  44. Hack Tools For Windows
  45. New Hack Tools
  46. Beginner Hacker Tools
  47. Pentest Tools Free
  48. Pentest Tools Url Fuzzer
  49. Best Hacking Tools 2020
  50. Pentest Box Tools Download
  51. Hacking Tools Software
  52. Pentest Tools Online
  53. Free Pentest Tools For Windows
  54. Pentest Box Tools Download
  55. Wifi Hacker Tools For Windows
  56. Hacking App
  57. Hack Tools Pc
  58. Computer Hacker
  59. Hack Tools
  60. Hack Tools
  61. Hack Tools Download
  62. Hack Website Online Tool
  63. New Hacker Tools
  64. World No 1 Hacker Software
  65. Pentest Tools Tcp Port Scanner
  66. Hack Tools
  67. Nsa Hack Tools
  68. Hacking Tools For Beginners
  69. Hack Tools Github
  70. Hack Tools Mac
  71. Hacker Tools For Windows
  72. Hacking Tools Hardware
  73. Hacker Tools Online
  74. How To Install Pentest Tools In Ubuntu
  75. Hacker Hardware Tools
  76. Hack Tools For Pc
  77. Hacker Tools Online
  78. Hacker Tools Linux
  79. Underground Hacker Sites
  80. Hacking Tools Name
  81. Hacker Tools Apk
  82. Hacking Tools Name
  83. Hacker Tools Mac
  84. Hacking Tools For Beginners
  85. Tools 4 Hack
  86. Hacker Tools For Pc
  87. Hacker Tools
  88. Hacks And Tools
  89. Hacker Tools List
  90. Wifi Hacker Tools For Windows
  91. Pentest Tools Online
  92. Hacking Tools For Windows Free Download
  93. Hacking Tools For Windows Free Download
  94. Hack Tools 2019
  95. How To Install Pentest Tools In Ubuntu
  96. Hacker Tools Hardware
  97. Hacker Tools Github
  98. Hack Tools Online
  99. Hacker Search Tools
  100. Pentest Tools Apk
  101. Beginner Hacker Tools
  102. Hacking Tools Usb
  103. Hacking Tools 2020
  104. Hacking Tools Pc
  105. Best Pentesting Tools 2018
  106. Hack Website Online Tool
  107. Pentest Tools For Android
  108. Hacking Tools Pc
  109. Hacking App
  110. Hacker Tools For Windows
  111. Pentest Tools Find Subdomains
  112. Hacking Tools And Software
  113. Hacker Tools
  114. Hack Tools For Ubuntu
  115. Hack And Tools

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)