sábado, 3 de junho de 2023

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding


This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code.

This project is comprised of the following elements:

  • Harness.exe: The "victim" application which is vulnerable to hijacking (static/dynamic)
  • Functions.dll: The "real" library which exposes valid functionality to the harness
  • Theif.dll: The "evil" library which is attempting to gain execution
  • NetClone.exe: A C# application which will clone exports from one DLL to another
  • PyClone.py: A python 3 script which mimics NetClone functionality

The VS solution itself supports 4 build configurations which map to 4 different methods of proxying functionality. This should provide a nice scalable way of demonstrating more techniques in the future.

  • Stc-Forward: Forwards export names during the build process using linker comments
  • Dyn-NetClone: Clones the export table from functions.dll onto theif.dll post-build using NetClone
  • Dyn-PyClone: Clones the export table from functions.dll onto theif.dll post-build using PyClone
  • Dyn-Rebuild: Rebuilds the export table and patches linked import tables post-load to dynamically prepare for function proxying

The goal of each technique is to successfully capture code execution while proxying functionality to the legitimate DLL. Each technique is tested to ensure static and dynamic sink situations are handled. This is by far not every primitive or technique variation. The post above goes into more detail.


Example

Prepare a hijack scenario with an obviously incorrect DLL

> copy C:\windows\system32\whoami.exe .\whoami.exe
1 file(s) copied.

> copy C:\windows\system32\kernel32.dll .\wkscli.dll
1 file(s) copied.

Executing in the current configuration should result in an error

> whoami.exe 

"Entry Point Not Found"

Convert kernel32 to proxy functionality for wkscli

> NetClone.exe --target C:\windows\system32\kernel32.dll --reference C:\windows\system32\wkscli.dll --output wkscli.dll
[+] Done.

> whoami.exe
COMPUTER\User



Related posts


  1. Hacker Tools Online
  2. Easy Hack Tools
  3. Easy Hack Tools
  4. Hacking Tools Kit
  5. Hack Tools Pc
  6. Hack Tool Apk
  7. Hacker Tools 2020
  8. Black Hat Hacker Tools
  9. Hacking Tools For Windows Free Download
  10. How To Install Pentest Tools In Ubuntu
  11. Easy Hack Tools
  12. Underground Hacker Sites
  13. Hacking Tools 2019
  14. Hacker Tools For Pc
  15. Hak5 Tools
  16. Hacker Tools Online
  17. Install Pentest Tools Ubuntu
  18. Hacker Tools Free Download
  19. Best Hacking Tools 2020
  20. Hacking Tools For Games
  21. Hacking Tools For Beginners
  22. Pentest Tools For Android
  23. Pentest Box Tools Download
  24. Black Hat Hacker Tools
  25. Free Pentest Tools For Windows
  26. Hacker Tools Hardware
  27. Best Hacking Tools 2019
  28. New Hack Tools
  29. Hack Tools For Pc
  30. World No 1 Hacker Software
  31. Hacking Tools Windows 10
  32. Hack Tools Pc
  33. Pentest Tools Open Source
  34. Black Hat Hacker Tools
  35. Pentest Tools Url Fuzzer
  36. Tools Used For Hacking
  37. Hack Rom Tools
  38. How To Make Hacking Tools
  39. Hacker Tools Linux
  40. Hacking Tools For Windows Free Download
  41. Hacking Tools Download
  42. Hacking App
  43. Hacker
  44. Hacker Hardware Tools
  45. Pentest Tools Url Fuzzer
  46. Hacker Tools Free
  47. Github Hacking Tools
  48. Nsa Hack Tools Download
  49. Hack Tools Online
  50. Pentest Tools Url Fuzzer
  51. Pentest Tools Website
  52. Pentest Tools For Ubuntu
  53. Pentest Tools Nmap
  54. Pentest Tools Alternative
  55. Hack App
  56. Pentest Tools Online
  57. New Hacker Tools
  58. Nsa Hacker Tools
  59. Hak5 Tools
  60. Hacking Tools Kit
  61. Bluetooth Hacking Tools Kali
  62. Install Pentest Tools Ubuntu
  63. Pentest Tools Open Source
  64. Hack Tools Online
  65. Hacker Hardware Tools
  66. Blackhat Hacker Tools
  67. Hack Tools 2019
  68. New Hacker Tools
  69. Hacking Tools For Windows Free Download
  70. Hacker Tools 2019
  71. Pentest Tools Free
  72. Hacker Tools For Mac
  73. Pentest Tools Bluekeep
  74. Pentest Tools Kali Linux
  75. Hacking Tools Name
  76. Hacking Tools Windows

0 comentários:

Postar um comentário